https://heapspray.io/categories/network-pentesting/ Recent content in Network Pentesting on heapspray.io - a plethora of infosec garbage Hugo -- 0.152.2 en-us Sat, 28 Jan 2023 00:00:00 +0000 https://heapspray.io/posts/automating-scanning/ Sat, 28 Jan 2023 00:00:00 +0000 https://heapspray.io/posts/automating-scanning/ A simple way to automate the repetitive parts of your pentest using typical DevOps tools. https://heapspray.io/posts/automating-recon/ Wed, 18 Jan 2023 00:00:00 +0000 https://heapspray.io/posts/automating-recon/ A simple way to automate the repetitive parts of your pentest using typical DevOps tools. https://heapspray.io/posts/certificate-transparency-recon/ Fri, 04 Nov 2016 00:00:00 +0000 https://heapspray.io/posts/certificate-transparency-recon/ <p>I&rsquo;ve been using certificate transparency with increasing frequency during my network pentests. What a great source of information! I&rsquo;ve found it so useful that I wrote a short standalone script to search for domains in a transparency log and resolve them to IP addresses.</p> <h1 id="whats-certificate-transparency">What&rsquo;s certificate transparency?</h1> <p>There&rsquo;s an actual site dedicated to describing Certificate Transparency (<a href="https://www.certificate-transparency.org/)">https://www.certificate-transparency.org/)</a>, which I recommend you check out. In a nutshell, CT is a mechanism that provides real-time monitoring and auditing of certificate information. If you&rsquo;ve ever clicked on that little padlock next to the URL of a site you&rsquo;ve visited in your browser, chances are that you&rsquo;ve used CT.</p>