should-i-trust

Summary

A tool to evaluate OSINT signals for a domain.

Requirements

• API keys from Censys.io, VirusTotal, and GrayHatWarfare (free with limited results)

Use Case

For reviewing new vendors' compliance and security requirements. Evaluate trustworthiness without documentation or questionnaires.

Description

should-i-trust goes beyond standard responses to look for signals that an organization should not be trusted. It's useful for red team engagements, identifying targets to probe.

Setup

• Install the Chrome extension through Chrome
• Download and manually install in Chrome using developer mode

Running

• Open the extension
• Enter API keys (required once)
• Enter a domain to query

Output

• Bug bounty program indicators
• Domains from VirusTotal, Censys.io, and Google Cert Transparency Report
• IPs and open ports from Censys.io
• Repositories on GitHub, GitLab, and Bitbucket
• Misc data from Virustotal.com
• AWS bucket files exposed through GrayHatWarfare

Road Map

TBD

> Visit should i trust Website <