⚠️ Disclaimer: Only meant for educational and ethical vulnerability research purposes. Author not responsible for any actions!
Shodan Dorking
#shodan.io
http.title:"CXF - Service list"Results: 300+
FOFA Dorking
#en.fofa.info
title="CXF - Service list"Total Unique IPs: 1K+ (by default honeypots removed)
ZoomEye Dorking 😈
#zoomeye.ai
title="CXF - Service list"Total Results: 3K+
Endpoint Example
Can be helpful to find
- Hidden web services
- Internal paths which now you can mass fuzz on all other IPs/subs
- Assets without WAF protection
- Endpoint naming convention / pattern followed, then make a proper fuzzing wordlist based on this