👻 Hey #infosec folks! GhostIntel v2.5 is out 🎉

Web UI for easy browsing
Email breach detection
Batch scanning across 129+ platforms
Still free, no API keys needed.
Check it out, try it, and let’s improve it together 🙏

https://github.com/ruyynn/GhostIntel

#OSINT #OpenSource #CyberSec #InfosecTools

Everyone uses subfinder, amass, and assetfinder.

But I found more subdomains using certificate transparency than all three combined last week.

Try this:
curl -s "https://crt.sh/?q=%.target.com&output=json" | jq -r '.[].name_value' | sort -u

You're welcome.

#OSINT #Recon #Infosec #cyberSecurity

Stop using ffuf with default wordlists for directory busting.

Most companies use predictable patterns:

/api/v1/, /api/v2/

/admin/, /admin-panel/

/backup/, /backups/

Build your own wordlist from observed patterns. Results improve by 10x.

#BugBounty #Recon #ProTip

Watched 3 episodes of Mr. Robot and opened the terminal like Elliot.

Then spent the next 20 minutes googling basic Linux commands.

#Infosec #CyberSecurity #Linux #MrRobot

Hey infosec folks 👋

I built VulnDraft — a free, open-source bug report generator.
MIT licensed — fork it, contribute, do whatever.

What it does:
🐞 H1/Bugcrowd/Intigriti templates
📊 CVSS calculator built-in
📄 Export MD, HTML, JSON
💻 CLI + Web GUI

MIT. Open source. Free.

Try it. Break it. Tell me what sucks.

🔗 https://github.com/ruyynn/VulnDraft

⭐️ A star helps more people find it

#BugBounty #InfoSec #OpenSource #Cybersecurity

Lately I’ve been thinking about what tool I should build next.

Earlier today while scrolling Facebook, I saw someone asking for help because they were confused about how to write a proper bug bounty report. They had already found the vulnerability, but didn’t know how to structure the report or present it clearly.

That got me thinking.

In bug bounty, finding the bug is one challenge — but **writing a clear and well-structured report is another skill entirely**.

So I started considering building a small **Bug Report Generator** to help researchers quickly create structured reports with sections like summary, steps to reproduce, PoC, impact, and clean markdown output for platforms like HackerOne or Bugcrowd.

Before I start building anything, I’m curious how other bug hunters approach reporting.

What does your ideal bug report template look like?
What sections do triagers appreciate the most?
Do you prefer minimal reports or very structured ones?

If you're a bug hunter, I'd love to hear how you write your reports.
Good reports deserve better tooling.

#infosec #bugbounty #security #bugbountytips

Hey infosec folks 👋

I’ve been working on **GhostIntel** — a free, open-source OSINT & threat-intelligence CLI framework written in Python.

MIT licensed — fork it, modify it, integrate it into your workflow.

The idea was simple: during investigations I kept jumping between multiple OSINT sites and tools, so I started building a CLI that could enrich indicators directly from the terminal.

Drop almost anything into GhostIntel and it will try to figure it out automatically:

→ username · email · phone · domain · IP

What it can do right now:

👤 Username → checks 100+ platforms in parallel
📱 Phone → carrier + region intelligence (ID · US · UK · MY · IN)
📧 Email → MX · SPF · DMARC · Gravatar · disposable detection
🌐 Domain → DNS records + HTTP status inspection
🌍 IP → geolocation · reverse DNS · RDAP (ARIN · RIPE · APNIC · LACNIC · AFRINIC) · proxy detection

📊 Reports → export investigation results to JSON · HTML · TXT

Async-powered so lookups can run concurrently.

No API keys required.
No configuration needed.
Everything uses publicly available OSINT sources.

Built from Indonesia 🇮🇩 for the global OSINT / infosec community.

If anyone here works in:

• threat intelligence
• OSINT investigations
• SOC / DFIR
• bug bounty research

I’d genuinely appreciate your feedback.

→ What sources should be added?
→ What would improve your investigation workflow?
→ Anything broken or behaving weirdly?

Suggestions, criticism, and PRs are all welcome.

🔗 https://github.com/ruyynn/GhostIntel

#OSINT #infosec #threatintel #opensource