[yatralalala]

I sadly did not see the comment above, but I'd like to just add, that this bruteforce and sniffing methods are target only against our paying customers.

We built global reverse-DNS dataset solely from cert transparency logs. Our active scanning/bruteforcing runs only for assets owned by our customers.

[6stringmerc]

…as long as your tools are only in your hands to be used, correct? Once a tool is created and used on a machine with access to the greater internet, doesn’t your logic hold that its security is compromised inherently? Not saying you have been infiltrated, or a rogue employee has cleverly exported a copy or the methodology to duplicate it off-site, but I’m not saying that hasn’t happened either.

[lkt]

You can find a dozen projects on Github that do this, it's not sensitive information that needs protecting

[cryptonector]

It's not that hard to write this code. It's not a nuclear weapon.