Home / Technology

Photo of wind turbine, research lab, satellite
Image: Wikipedia
Technology

New OSINT Tool Exposes Exposed Files on Domains

WireByte Staff · July 5, 2026

A free, read-only OSINT tool, Cerast-Intelligence, has been made public. It scans certificate transparency logs for exposed files on domains, including .env files, open .git dirs, and config files. The tool's searchable database allows users to quickly identify potential security risks.

Key points

  • Cerast-Intelligence, a new OSINT tool, has been developed by a pentester and bug bounty hunter to aid in identifying exposed files on domains.
  • The tool scans certificate transparency logs for newly-seen domains and checks for exposed files such as .env files, open .git dirs, and config files.
  • Cerast-Intelligence's searchable database allows users to quickly search for exposed files on a domain or part of a domain.
  • The tool is free, read-only, and intended for use by pentesters and bug bounty hunters to identify potential security risks.
  • The developer is considering adding a feature to notify users of new search results for registered keywords.

A new OSINT tool, Cerast-Intelligence, has been made public by a pentester and bug bounty hunter. The tool is designed to aid in identifying exposed files on domains, which can pose significant security risks. Cerast-Intelligence scans certificate transparency logs for newly-seen domains and checks for exposed files such as .env files, open .git dirs, and config files.

The tool's searchable database allows users to quickly search for exposed files on a domain or part of a domain. This can be particularly useful for pentesters and bug bounty hunters who need to identify potential security risks.

The developer of Cerast-Intelligence has stated that the tool is free, read-only, and intended for use by pentesters and bug bounty hunters. However, the developer is also considering adding a feature to notify users of new search results for registered keywords. This could potentially be used to alert users of newly-exposed files on domains they are interested in.

It is worth noting that the developer is also considering ways to reduce abuse of the data, as this is the part they are least sure about. This is an important consideration, as the tool's searchable database could potentially be used for malicious purposes if not properly secured.

Sources

WireByte Staff — Editorial Team

The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.