A developer has released a free OSINT tool targeting pentesters and bug bounty hunters. The tool, hosted at search.cerast-intelligence.com, monitors certificate transparency logs for newly seen domains and checks them for exposed files like .env, open .git directories, config files, and database dumps. Findings are indexed into a searchable database accessible by domain name.

The tool is read-only and currently free to use. Its creator expressed interest in adding keyword-based notifications for new discoveries. The project is a side project made public just hours ago, according to a post on Hacker News.

Data is collected passively from certificate logs, not through active scanning. The tool surfaces exposures that domain owners may not know exist, which could aid in vulnerability discovery and remediation. The creator acknowledges concerns about potential abuse of the data and is seeking community input on safeguards.

No specific numbers or adoption metrics were provided. The tool is in early stages, with zero comments on the original Hacker News announcement. Future features beyond keyword alerts remain unspecified.

The tool's utility for ethical security research is clear, but its open nature raises questions about misuse by malicious actors. The developer is actively soliciting ideas to reduce abuse, suggesting a commitment to responsible use.

There is no opposing perspective explicitly stated in the source beyond the creator's own concerns about data misuse. The tool's potential for enabling unauthorized reconnaissance or data exposure without domain owner consent is a valid caveat.