Ruyynn | OSINT & Pentesting5d ago
Ruyynn | OSINT & Security Tools

Hello infosec community

I'm a developer interested in cybersecurity, OSINT, and reconnaissance tooling. Lately I've been spending time building small open-source tools in Python and learning more about how different recon techniques work in practice.

Most of my projects focus on things like subdomain discovery, endpoint extraction, and attack surface mapping. I'm still learning a lot and experimenting with different approaches.

Looking forward to connecting with other researchers and developers here and learning from the discussions in the community.

#CyberSecurity #OSINT #InfoSec

Mar 14 at 4:24pmWeb
Show threadgary5d ago

@Ruyynn

try running your own yacy instance to gather more info that interests you. i would say getting a site going could help you out? keep posting about things you build or interesting info

https://yacy.lexgopc.com/yacysearch.html?query=python+osint+recon+code&Enter=&verify=ifexist&contentdom=text&nav=location%2Chosts%2Cauthors%2Cnamespace%2Ctopics%2Cfiletype%2Cprotocol%2Clanguage&startRecord=0&indexof=off&meanCount=5&resource=global&prefermaskfilter=&maximumRecords=10&timezoneOffset=0

python osint recon code - YaCy 'agent-mogomut-ufe-25': Search Page

Software HTTP Freeware Home Page

Show threadRuyynn | OSINT & Security Tools5d ago

@gary_alderson

Thanks for the suggestion! I haven’t tried running my own YaCy instance yet but that sounds really interesting for OSINT data gathering.

I'll definitely look into it and keep sharing some of the recon/OSINT tools I'm building.

Appreciate the advice!

Show threadvicash4d ago
@Ruyynn interesting. How do you do subdomain discovery? Is it just checking against a possible list of subdomain string possibilities? Like checking for “staging” and “dev” and such ?
Show threadRuyynn | OSINT & Security Tools4d ago

@vicash

Good question. Not just wordlist brute forcing.

Usually it's a mix of passive discovery and some active techniques. Passive sources like certificate transparency logs and public datasets can reveal quite a few subdomains. After that, wordlist-based brute forcing helps catch common patterns like dev, staging, api, etc.

Another useful approach is analyzing JavaScript files and crawling public assets to extract additional endpoints or subdomain references.

Still exploring and refining different recon techniques.