HACKERMATE

Introduction

In HACKERMTE we think that security should be something easy and anyone should be able to obtain a complete report on a security posture of a scope, showing the exposure of the scope to the Internet, indicating its vulnerabilities, and explaining its risks.

The main goal of HACKERMATE is to find for you all the relevant information regarding the security of your scope and show the findings in a nice and ordered manner. In order to achieve this goal, HM uses internal tools and external (non-free) APIs to guarantee the best results possible.

Therefore, using HM you won't need to buy and manage external APIs because HM pays and uses them for you. In addition, you won't need to write scripts for obtaining and merging data from different APIs and tools because HM already performs this task. And finally, you won't need to chain results obtained with different scripts to find more information, as HM already does this tasks for you.

HM is a tool designed to extract for you all the information that can be extracted automatically so the only thing you need to do is:

Blue Teams/IT admins: Fix the vulnerabilities and be aware of the other found risks (blacklisted IPs or domains, leaked passwords, dorks with sensitive information...)
Red Teams/Pentesters: Exploit the found vulnerabilities and sensitive information.
Pentesters/Bug Hunters: Report immediately the vulnerabilities discovered and think about how to increase the impact.

Technical Details

Domains

When a Domain is entered in an HM's scope the following actions will be performed on the Domain:

IPv4 and IPv6 addresses or CNAME of the domain.
Subdomains will be extracted using external APIs and internal tools to be sure that not any subdomain is left behind.
Emails that belong to the domain and leaks of those emails.
Check if the domain is blacklisted.
Mail (SPF and DMARC) vulnerabilities.
Domain related organisation information.
Dorks ().
Domain takeovers.
And some more information about the domain ...

Subdomains

HM treats domains and subdomains in a different manner. HM searches subdomains and emails of a domain but does not search subdomains and emails of a subdomain inside the scope. In addition, Subdomain Takeovers are checked for subdomains but not for domains. Even if you introduce subdomains of a domain inside the scope, HM searches for more subdomains of the domain. All the subdomains from a domain discovered by HM are analized.

Emails

When an email address is entered in an HM's scope, the following actions will be performed on the email address:

Searching for leaks
Checking the email's validity
Extracting personal information related to the email (name, surname, company, job role ...)
Extracting Social network handlers related to the mail (Linkedin, Gravatar, Github, Facebook, Twiiter)

All the emails from a domain discovered by HM will be analyzed.

Most of the APIs used by HM for extracting leaks related to an email are searched via Domain. Therefore, we highly recommend that, if you want to extract leaks of emails of an organisation, do not only enter the emails you know in the "emails" field of the scope, but also configure the domain inside the "Domains" field of the scope.

Usernames

When a username is discovered by HACKERMATE (e.g. the name inside and email address, a domain first level name, or a username inside some web document metadata) it's tested against a list of several hundreds of a social webs and will search in which of those web pages the username is registered.

Google Dorks via CSE

You can introduce a Custom Search Engine ID in the scope for searching, via Google, for dorks which affect your domains. If you don't know what Google Dorks are or don't know what a Custom Search Engine ID is, you can find an explanation in:

URL / Webs

HM checks the security posture of websites. When a website is analyzed, the following checks are performed over it:

IP Ranges & IPs

When an IP address or an IP Range is entered in an HM's scope the following actions are performed on each IP:

A TCP scan (if activated in the scope)
A UDP scan (if activated in the scope).
A Vulenrability Assessment (if activated in the scope).
Extracton of the IP range, ASN, and Organisation to which the IP belongs.
Calling APIs for finding open ports, services and running products, vulnerabilities, checking whether the IP is blacklisted, getting available domains in that IP, and extracting more information about the IP (e.g. whether the IP is related to a vpn or proxies activity, IP location, and more info...).

The goal of HM is extracting all the relevant information about each IP address configured in the scope so that the user can perfectly see what is being exposed to the internet, if there are known vulnerabilities, and if there is any related suspicious activity.

HM supports both IPv4 and IPV6 addresses.

If you don't know the IP addresses of your scope you can set the domains in the scope and allow HM to scan each IP discovered belonging to the domains (Note that IPs belonging to CNAMEs of external domains won't be analyzed).

Services

It's important to highlight that HM won't limit itself to discover open services. It has an engine that supports more than 50 services that extracts as much information as it can from every discovered service.

In addition, while configuring the scope, HM allows you to indicate if you want to bruteforce discovered services. Currently HM supports Brute-Forcing of the following services: CouchDB, ElasticSearch, Finger, FTP, IKE, Imap, Irc, MongoDB, MySQL, Pop, PostgreSQL, Redis, SMB, SMTP, SNMP, SSH, Telnet and TFTP. If you enable it, every time HM discovers one of those service it will try to Brute Force it using the most common credentials for the specific service (HM has a diffferent custom wordlist for each service with the most common credentials for that particular service).

Reputation Monitoring

Reputation Keywords

When a Reputation Keyword is entered in a HM's scope, HM will monitor this keyword in several social network, forums and paste sites. Every-time a match is found, HM will analyze the sentiment of the found text, it will try to match the text with some highly suspicious topics, and if the sentiment and the found topics are negative. It will warn the user about the newly discovered text.

Usernames

When a Username is entered in a HM's scope, HM will monitor this username in hundreds of social networks warning the user every-time the username is registered on a new social network.

Secrets

When a Secret is entered in a HM's scope, HM will monitor this secret in search engines and pastes sites and will warn the user every-time a new page containing the secret is found.

Free Scope Monitoring

You buy a monthly plan or you set a periodicity on your scope, a free monitoring will be performed over your scope. This includes:

Phishing monitoring: HM will search for possible new suspicious domains similar to the ones included in your scope that may be used to launch phishing attacks.
New subdomain monitoring: HM will continue looking for subdomains of your scope and will analyzed them once discovered.

NextNew Scope Tutorial

Last updated 4 years ago

Was this helpful?

You can configure your scope for analyzing each IP discovered by HM. In that case each discovered IP of each domain and subdomain will be .

GCSE (Google Custom Search Engine) - Tutorial

see below for more info

analyzed as indicated below