Map attack surface externally
offensive-osintskillsetup L3★1,791
elementalsouls/Claude-BugHunter ↗What it does
Conduct attacker-perspective information gathering with minimal access
Best for
When conducting reconnaissance from attacker perspective with only public information.
Inputs
- · target domain(s)
- · public data sources
- · social networks
Outputs
- · domain ownership data
- · employee list
- · infrastructure mapping
- · vulnerability hints
Requires
- · web scraping tools
- · DNS tools (dig/nslookup)
- · WHOIS
- · search engines
Preconditions
Legal authorization; public-data-only collection (no scanning)
Failure modes
- · False positives on delegated infrastructure
- · WHOIS privacy blocks on shared hosting
- · LinkedIn/email finding accuracy varies
Trust signals
- · Attacker-first methodology
- · multiple data sources correlated
- · no active scanning required