How to search URLs exposed by Shortener services

Almost two years after the release of our Buckets Search tool, we are happy to announce the release of http://shorteners.grayhatwarfare.com, the second tool in the GrayhatWarfare arsenal, that allows you to search exposed Shortened Urls.

shorteners.grayhatwarfare.com - Shortened URLs search engine

TinyURL, bit.ly, and other similar services allow long URLs to be converted to smaller ones hosted on their service; the small URL is visited by a consumer and their web browser is redirected to the long URL. Common use-case is Twitter where the number of characters is limited but also emails and DMs.

There is always the risk, that a Shortener service, for whatever reason might stop delivering urls. Teams like 301Work and URLTeam are trying to mitigate the risk. URLTeam is periodically visiting the urls and archiving the results. The design of Shortener services made this process easier, because they use the minimum characters to accommodate the number of links they host, meaning the number of possible urls is really low and can be brute forced.

There are some security risks associated with Shortener services. First, you never know where you are redirected when you click a shortened url — there could be a malicious url on the other end. Second Shortener services can track users and their behavior. Also there are other risks when shortening urls that should remain private. Those include things like:

It’s a common practice for pentesters to search for sensitive urls, or gather information for a domain name, through Shortened urls. Utku Sen did an excellent job creating https://github.com/utkusen/urlhunter, which is the most known tool that tackles the problem of searching through the urls. However there are some limitations:

In order to improve the search experience we:

The functionality we offer is:

Our primary goal for the first release was to clean up as much junk as possible and create a robust filtering mechanism while keeping the tool as minimal as possible. As always we want your input on what functionality you want to see in the tool. shorteners.grayhatwarfare.com is the second tool we released and we have a lot more on the way.

Follow us on twitter to get announcements for new tools and updates first:

Thanks for your support, it makes delivering new tools feasible.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store