💻 Hackers and threat actors regularly monitor paste sites and public repositories for exposed credentials, internal network details, and sensitive company information. Tools like PasteHunter, LeakLooker, and custom scrapers are used to automatically track keywords like “password,” “vpn,” or specific domain names. These pastes often originate from malware logs, misconfigured servers, or careless insiders. Once obtained, attackers use the data for credential stuffing, phishing, and lateral movement. Ps: a lot of this sites are in the Dark Web

Pastebin يوفر API يسمح للمستخدمين بالبحث عن ملفات نصية عامة عن طريق استخدام كلمة مفتاحية أو عنوان بريد إلكتروني أو اسم نطاق. يمكنك استخدام هذا الAPI للعثور على ملفات حساسة تنتمي إلى منظمة معينة. يمكن أيضًا استخدام أدوات مثل PasteHunter أو pastebin-scraper لتوتير العملية.

1) PasteHunter 2) Pastebin-Scraper 3) Dumpmon 4) Skraper 5) Snusbase

Estoy probando #pastehunter para buscar pastes. Lo he dejado un ratito ejecutándose y mirando los resultados ya encuentro con cosas curiosas como esta. 👇 solo ha sido un ratito 😅

#OSINT 👁 1) the Google Hacking Database 2)KeyHacks 3)Gitrob 4)TruffleHog 5)pasteHunter 6)Wayback Machine 7)Waybackurls #CyberSecurity #ghdb #informationsecurity #infosec #اوسینت

New PasteHunter release! 1.4.0. Notable changes: - Support for ix.io - Some tweaks to Pastebin scraping behavior - General code cleanup/refactoring pypi.org/project/pastehunter…

For secrets you could probably use our ruleset for PasteHunter and run yara against it. I also just did a talk on defensive/offensive secrets, particularly within the scope of git for CirleCityCon, if you'd like I can send you a link when the video is up.

Pastehunter has a pretty big set of Yara rules for a bunch of different stuff. Everything from base64'd magic bytes for gzip to Django secret key files. Yara is such a versatile tool.

Yes absolutely. With PasteHunter we process thousands of pastes an hour. I can pick up credentials, dumps, and threat intel within a minutes of them being posted, and they're often deleted a few minutes later. Google dorking can't even begin to approach that.

PasteHunter v1.3.2 releases: Scanning pastebin with yara rules securityonline.info/pastehun… #opensource #infosec #security #pentest

Pastehunter dev stream: pscp.tv/Plazmaz/1rmGPAdMRRQJ…

PasteHunter 1.3.0/1.3.1 is now out! Fixed a LOT of the github logic, file ignores, etc. Additionally, we were slamming Slexy hard enough the owner made a PR to us, so we're a little bit nicer now. Also added HTTP Post output (webhooks anyone?) pypi.org/project/pastehunter…

Internal Pastehunter elk stack is looking good

Been playing around with an easier way to look at scraped paste data from PasteHunter. Currently only works for json output, but that's normally what I use. This does a lot to reduce the signal/noise!

Just rolled out the new release for PasteHunter w/ @KevTheHermit . Highlights: - Now published as a pip package! pypi.org/project/pastehunter… - More stable multiprocessing/threading - Support for ignoring bot accounts on github - Improved github performance - Better custom rule conf

Np. I've also integrated a lot of these checks into pastehunter and added support for scanning githubs public feed: github.com/kevthehermit/Past…

Estarei hoje às 19h no Palco Alberto Fabiano falando de como monitorar serviços como pastebin e gist utilizando o pastehunter. #roadsec2019 #roadsec

Pastehunter will scrape github github.com/kevthehermit/Past…

If you're using PasteHunter, you should check out the changes we've made! The big ones: - GitHub public feed support - Compressing paste contents in postprocessing These are now available in master.

Really excited about this: github.com/kevthehermit/Past… PasteHunter Yara Github public feed = the most powerful/diverse github feed scanner I've seen so far. There's also an incredibly solid core ruleset, PLUS almost all of the rules from github-dorks.