{"id":16564596,"url":"https://github.com/techspence/observer","last_synced_at":"2025-08-28T05:27:53.834Z","repository":{"id":134885901,"uuid":"292410811","full_name":"techspence/observer","owner":"techspence","description":"A blue team tool for watching over domains using bug hunting methodology!","archived":false,"fork":false,"pushed_at":"2020-10-07T12:17:29.000Z","size":17,"stargazers_count":6,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-13T00:05:07.721Z","etag":null,"topics":["blueteam","bughunting-methodology","enumeration","infosec","osint","recon"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/techspence.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-09-02T22:47:58.000Z","updated_at":"2023-11-22T11:50:07.000Z","dependencies_parsed_at":"2023-04-18T14:00:27.142Z","dependency_job_id":null,"html_url":"https://github.com/techspence/observer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techspence%2Fobserver","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techspence%2Fobserver/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techspence%2Fobserver/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/techspence%2Fobserver/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/techspence","download_url":"https://codeload.github.com/techspence/observer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248647302,"owners_count":21139086,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blueteam","bughunting-methodology","enumeration","infosec","osint","recon"],"created_at":"2024-10-11T20:44:34.055Z","updated_at":"2025-04-13T00:05:14.800Z","avatar_url":"https://github.com/techspence.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# observer\nA blue team tool for watching over domains using bug hunting methodology!\n\n**Passive recon --\u003e active recon --\u003e fingerprinting/tracking/monitoring**\n\n- The idea of this tool is to try to:\n\t- a) find things that vulnerability scanners miss or don't check for\n\t- b) find things that require more manual checking but can be scripted or automated to some extent\n\t- c) track, monitor and alert on changes, deviations and other potentially interesting things\n\n**_Note: This tool has some functionality but is still a work in progress :O)_**\n\n## Requirements\n- Amass\n- Massdns\n- OpenSSL\n- Slack\n\n## Current \u0026 ToDo Features\n**Passive Recon**\n- [x] Potential new subdomains\n- [ ] Potential new IPs\n- [ ] Google dorking\n- [ ] Pastebin\n- [ ] Github searching\n- [ ] theHarvester email scraping\n- [ ] Interesting content\n- [ ] Technology used\n\n**Active Recon**\n- [x] Verify subdomains\n- [x] Certificate expiration check\n- [ ] New certificates issued\n- [ ] Open ports\n- [ ] Services and versions\n- [ ] Technology used\n- [ ] Login form https only\n- [ ] Nikto\n\n**Changes to track/monitor/alert on**\n- [x] New/Removed/Modified subdomains\n- [x] Certificate expired/expiring soon\n- [ ] New certificates issued\n- [ ] New ports available\n- [ ] New services or versions\n- [ ] New findings on google, pastebin, etc.\n\n## High Level Workflow\n- Subdomain Enumeration \u003e New Subdomain Alerting \u003e Subdomain DNS Validation \u003e Certificate Monitoring\n- Each script calls the next\n\n**Step 1.** Enumerate possible domains with Amass\n\n`/opt/Amass/amass enum -silent -d spenceralessi.com -o amass_domains.txt`\n\n**Step 2.** Feed the output of Step 1. to Step 2. to validate subdomains with massdns\n\n`/opt/massdns/bin/massdns -r /opt/massdns/lists/resolvers.txt -t A -o S -w massdns_domains.txt amass_domains.txt \u003e /dev/null 2\u003e\u00261`\n\nThen Export just subdomains\n\n`cat massdns_domains.txt | awk '{print $1}' | sed 's/.$//' | sort -u \u003e valid_domains.txt`\n\n**Step 3.** Feed Step 2a. to certificate monitoring\n\n\n## Inspiration\n- https://0xpatrik.com/subdomain-enumeration-2019/\n- Jason Haddix Bughunter Methodology \n  - https://www.youtube.com/watch?v=gIz_yn0Uvb8\n  - https://docs.google.com/presentation/d/1MWWXXRvvesWL8V-GiwGssvg4iDM58_RMeI_SZ65VXwQ/edit\n- https://medium.com/@noobhax/my-recon-process-dns-enumeration-d0e288f81a8a\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechspence%2Fobserver","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftechspence%2Fobserver","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftechspence%2Fobserver/lists"}