Day 64 comes with recon in samsung repositories and harpoon for osint!
Recon helped Samsung protect their production repositories of SamsungTv, eCommerce / eStores
From Sam (CoffeeJunkie). Trying to expand a little bit more the information gathered during recon, I came across this tool that was recommended by 0xPatrick which looked very helpful in the beggining.
Resources and usage
Harpoon gathers information from the following resources.
asn Gather information on an ASN binaryedge Request BinaryEdge API bitly Request bit.ly information through the API cache Requests webpage cache from different sources censys Request information from Censys database (https://censys.io/) certspotter Get certificates from https://sslmate.com/certspotter circl Request the CIRCL passive DNS database config Configure Harpoon crtsh Search in https://crt.sh/ (Certificate Transparency database) cybercure Check if intelligence on an IP exists in cybercure.ai dns Map DNS information for a domain or an IP dnsdb Requests Farsight DNSDB fullcontact Requests Full Contact API (https://www.fullcontact.com/) github Request Github information through the API googl Requests Google url shortener API greynoise Request Grey Noise API help Give help on an Harpoon command hibp Request Have I Been Pwned API (https://haveibeenpwned.com/) hunter Request hunter.io information through the API hybrid Requests Hybrid Analysis platform ip Gather information on an IP address ipinfo Request ipinfo.io information malshare Requests MalShare database misp Get information from a MISP server through the API numverify Query phone number information from NumVerify opencage Forward/Reverse geocoding using OpenCage Geocoder API otx Requests information from AlienVault OTX permacc Request Perma.cc information through the API pgp Search for information in PGP key servers pt Requests Passive Total database quad9 Check if a domain is blocked by Quad9 robtex Search in Robtex API (https://www.robtex.com/api/) safebrowsing Check if the given domain is in Google safe Browsing list save Save a webpage in cache platforms screenshot Takes a screenshot of a webpage securitytrails Requests SecurityTrails database shodan Requests Shodan API spyonweb Search in SpyOnWeb through the API telegram Request information from Telegram through the API threatgrid Request Threat Grid API totalhash Request Total Hash API twitter Requests Twitter API urlscan Search and submit urls to urlscan.io vt Request Virus Total API
It seemed pretty useful at the time to look for more information for URLs, but one of the cons was the time need it in order to fill the API Keys that Harpoon was going to use to gathe the information. Give it a shot!