Nullsec-Public-Beta-Website-Tools [Demo]
The Nullsec Public Beta Website Tools is a collection of web-based tools designed for security researchers, developers, and anyone who needs to gather information about network-connected devices and infrastructure. The tools included in this collection are:
| Tool | Description | API |
|---|---|---|
| IoT Search | Using Shodan to search for internet-connected devices | API HERE ❌ |
| Vulnerability Search | Using Shodan to search for information about CVEs | API HERE ❌ |
| IP Lookup | Provides information about the ISP provider of an IP address | NO API KEY NEEDED ✅ |
| Whois Lookup | Provides information about a domain name | API HERE ❌ |
| Phone Number Lookup | Provides information about a phone number | API HERE ❌ |
Installation
- Clone the repository to your local machine.
- Install Composer by following the instructions on getcomposer.org.
- In the root directory of the cloned repository, run
composer installto install the required dependencies. - Copy the
.env.examplefile to.env. - Set up API keys and other environment variables in the
.envfile. Make sure to replace the example values with your own values. - Upload all files to your web host.
- Example
.envfile:SHODAN_API_KEY=Your_Shodan_API_Key WHOISXML_API_KEY=Your_WhoisXML_API_Key NUMBER_VERIFICATION_API_KEY=Your_Number_Verification_API_KeyUsage
After completing the installation steps, the tools should be ready to use on your web host.
- The IoT search tool uses Shodan to search for internet-connected devices, such as Apache or MongoDB databases that are available to the internet.
- The IP Lookup tool provides information about the ISP provider of an IP address.
- The Phone Number Lookup tool provides information about a phone number, but requires you to enter the local format, e.g., “+44” for the UK.
- The Vulnerability Search tool uses Shodan to search for information about CVEs. For example, you can search for information about CVEs related to Apache.
Footnote/s
This project uses environment variables stored in a .env file. It’s important to note that while this is a common way to store sensitive information like API keys and passwords, it’s not a foolproof method of securing them. For more information on how to secure sensitive data in your applications, see GitHub’s Guide to Securing Your Workflows & dotenv.org/docs/security.