DocuFinder is an external attack surface monitoring (EASM) tool that automates traditional OSINT techniques to find externally accessible documents within a target domain. Protect your organization, improve your penetration tests, increase your bug bounty revenue, & more.
DocuFinder is intended for authorized use only.
-
If you are an investigator or open-source intelligence professional, ensure you have proper jurisdiction prior to accessing results.
-
For external penetration tests & bug bounty work, only access scan results after verifying authorization from the target domain.
- i.e: Is the URL I found in-scope of my penetration test or investigation?
-
By running a scan, this is passive reconnaissance. However, opening links contained in scan results is an active engagement.
-
These could be files containing sensitive info & downloaded directly to your machine on-access.
-
I am not responsible for any legal or criminal proceedings filed against you for using this tool.
To get started with the DocuFinderJS bookmarklet, perform the following:
-
Open the source code in any text editor.
-
Highlight the source code & copy. No need to make any changes.
-
Open your browser of choice.
- I have found Firefox works best for working with bookmarklets.
-
Create a bookmark in your browser's bookmark bar.
- You'll want to set the bar to always appear.
-
Paste the bookmarklet in the URL section.
- To validate, press the "HOME" key after pasting & verify the entry begins with "javascript:".
-
Create a name for the bookmarklet.
- I recommend setting this to the name included with the release, such as "DocuFinderJS v1.3" This way, when I release updates, you can easily verify if you are running the latest release.
-
Create a new tab and click on the bookmarklet.
- I recommend running this in a new tab in a dedicated browser for these tools, since you'll have to disable pop-ups. This is only to open windows containing your search results, nothing more.
-
Enter your target domain in the prompt.
- If you are a penetration tester, this could be a client you are performing passive reconnaissance on.
- If you are working on a bug bounty program, the same would apply when this is authorized & in-scope.
- If you are a cybersecurity analyst or information security officer, this might be your employer's domain.
-
Review your results & enjoy.
- Once again, please verify that the domain containing the files is in-scope for the project you are supporting prior to access.
- For more info on using JavaScript bookmarklets, check out this guide.