Lost Rabbit Labs - Full Spectrum Teaming & CyberSecurity

WisQuas™ - Digital Footprint Discovery & Asset Analysis Crawler

Why limit your Vulnerability Assessments and Penetration Testing efforts to a single or even handful of systems during an engagement when you can analyze the entire domain and all of its assets. Perform an all-in-one Threat Landscape Assessment, Vulnerability & Misconfiguration Scan, Digital Footprint & Inventory, and OSINT Investigation, with WisQuas.

Improve your Time To Remediation (TTR), with WisQuas, and next level Digital Footprint Discovery and Asset Analysis Crawling.

How does it work?

WisQuas will perform the following functions around a provided domain name:

    • Resolve hostnames to IP addresses
    • Perform ASN lookup on IP address to provide ownership info and geo/location info
    • Perform subdomain enumeration and lookups
    • Perform WHOIS lookup on domain name
    • Reverse look-ups are performed on all WHOIS attributes
    • Reputation and classification look-ups are performed on all subdomains and IP addresses
    • Inventory and storage performed on all received headers, cookies, and meta-data (no content/request data is stored)
    • Original URL request is ‘base-lined’ to be compared to all other requests
    • Tactical fuzzing and enumeration across entire domain performed to generate unique errors and reveal layered web services
    • Inspection of robots.txt file if available
    • Enumerate through possible HTTP Verbs
    • Perform Host Header Manipulation to detect additional accessible containers
    • Catalog and store all digital assets in searchable database.
    View WisQuas

    Building a haystack of Digital Inventory for further analysis

    RQL is Lucene based, with some additional custom search parameters and scoring methods (more info below) to increase likelihood of retrieving legitimate findings versus false positive findings. Our goal is to decrease noise-to-signal ratio, and increase the amount of actionable intelligence provided by WisQuas.

    IP Addresses
    Status Codes

    WisQuas Report Findings Table

    Quickly gain insight into a domain's setup and infrastructure with our 'Findings Table' that categorizes findings and displays them appropriately.

    Rabbit Query Language & Data Structures

    Categorized data for quick results

    Categorizing and structuring our data allows for efficient Rabbit Query Language queries that helps reduce complexity.

    Multiple parameters for deeper refining

    By utilizing multiple parameters in a query, targeted-results can be easily determined through an enormous data-set.

    Limitless query combinations

    There are endless query combinations to query the dynamic data that is collected from WisQuas.

    View WisQuas Manual
    Download Cheatsheet

    API Endpoints & Maltego Transforms

    WisQuas currently supports API queries across the database and integrates with Maltego to provide additional data enrichments around your domain and assets.
    Contact Us

    Account Types & Descriptions

    n00b (Free)

    Free users who sign up without validating their email only have access to 20 results per query. No crawling.
    Learn More

    InfoSec Pro ($49/mo)

    Our 'InfoSec Pro' license offers an affordable solution to bug-bounty hunters and security analysts who don't need private tagging or the more advanced features found in Researcher.

    Learn More

    Jr. Analyst (Free with Signup)

    Free users who validate their email will have access to 100 (paginated) results per query. No crawling.
    Learn More

    Researcher ($99/mo)

    Our 'Researcher' license offers bug-bounty hunters and researchers 50 crawls a month and the ability to privately tag their scans and report page access.

    Learn More

    Business ($999/mo)

    Our'Business' license enables security teams to collaboratively view and analyze the same data sets in private environments giving them cooperative testing experience.

    Learn More

    Enterprise (Contact Us)

    The 'Enterprise' license is a fully-private system equipped with Private Workers, Unlimited Crawling Capabilities and a Domain Monitoring & Reporting Portal.

    Contact Us