Skip to content

Advanced Usage

Jump to bottom
litneet64 edited this page Apr 2, 2021 · 10 revisions

Searching for blob files is not the only purpose or functionality of this tool, as the Ethereum network is a vast sea of data with endless possibilities. Below you can find some interesting usage cases found while testing this tool:

  • Search for Custom Token names:

    • etherblob {start_id} {end_id} --contracts --strings -N {testnet_name}
    • Searching for strings inside contract's data on testnets can yield some interesting results, as found on Goerli testnet, you will usually find custom token names (e.g. Test Mysterium token, HPERC721, dethCode), or even some URLs along with the token's name (ZBC Test Net https://zoobc.io/i/BZ).

  • Search for interesting contracts being deployed:

    • etherblob {start_id} {end_id} --transactions --strings -N {testnet_name}
    • Dumping strings inside transaction's can sometimes yield the deploying of a contract (with the source code for it), where strings used inside the code will be shown as newline-separated strings on the dump file. This can sometimes yield interesting things (e.g. a warning message, more information about the inner workings and the purpose of the contract or who it belongs to) just like hermes already registered, Roles: account already has role, WhitelistAdminRole: caller does not have the WhitelistAdmin role.

  • Search for general sensitive data:

    • etherblob {start_id} {end_id} --transactions --contracts --strings -N {testnet_name}
    • This two search locations have proved to contain lots of interesting info, where in one ocassion I found a DockerHub image URL along with a GitHub repo with code for a side-app and data for the contract it deployed (luckily it was just inside the Goerli testnet and not actually in Main).
    • Another interesting thing found on these locations are IPFS IDs to files or other links to a proper data storage solution.
    • Could this be a new horizon for malicious actors scraping for sensitive data just as GitHub repos contain credentials sometimes?

  • Count frequency / Get most common Ethereum mining clients for MainNet:

    • etherblob {start_id} {end_id} --blocks --strings
    • This should only retrieve the names of mining clients/pools used for the validation of blocks (e.g. eu1.ethpool.org, ethpool - US1, pool.ethfans.org, DwarfPool, 七彩神仙鱼, etc).
    • These names will be saved on individual files, so counting their frequencies should be trivial with another programming language.
Clone this wiki locally