Exposed email addresses report

The new exposed email report is part of some interesting plans with email addresses. Step 1 has just gone live, and all your assets are continually scanned for email addresses. Not only email addresses on websites are tracked, but also those in the CAA fields of your certificates.

This results in a list of email addresses you have publicly exposed on the internet. You can find it under Reports->Email addresses, along with the domains they are listed on. These email addresses will very likely be targeted with SPAM, phishing or password spraying attacks. If you click on an email address in the report, you’ll get a list with all exact pages that we found it on. Handy right?

Next step is of course setting up extra monitoring on those email addresses. You can do this internally in your SIEM or email security appliance, but of course we’ll try to facilitate you here. That is what step 2 will be about. Stay tuned :-)

Improved TLS certificate scans

This weeks update fixed some bugs in certificate scanning en added some extra features. Altogether it’s quite a large change and chances are that you’ll have more items on your problems page than before.

The biggest change is in how certificates name mismatches and missing intermediate certificates are handled. The policy was that if a website could not be loaded in a browser, you have a problem anyway and additional certificate checks were not necessary. This prevented some certificates with problems from showing up in certificates reports. Of course, you’ll want certificate overview to be complete. So, that policy has changed.

If a wildcard certificate was running on a number of urls, and one of those urls got its very own (new) certificate while the (old) wildcard certificate was still valid, ShadowTrackr had trouble detecting this. That bug is fixed now.

Some new fields are added to monitoring: The full subject and issuer fields (instead of just the urls and organisation names), CAA issuers, certificate chains and trustpaths. The first three are also added to the advanced search options.

Lastly, instead of lumping together all urls under “common names”, the are now listed with the original field names (subject, common names, alternative names). This is much more useful when you’re fixing things.

API: get your network graph as PNG

You can now get an image (PNG) of any of your network graphs through the API!

We’ve had multiple requests for this feature and it has been on the backlog for a while. Thing is, the graphs are dynamic and generated with D3 in your browser. So unlike other API endpoints that pull data directly from the database, this one needed something that rendered the D3 code first before creating a snapshot and converting it to a PNG image.

The quick and dirty option would have been providing a url that you could get with something like headless chrome. However, this would mean all API users had to install headless Chrome and implement their own solution. Much more efficient and convenient to do this centrally and just deliver the final output. If you still like to go the browser way (maybe you want to build a graph for on your wall), please let us know and we’ll help you out.

More info in the API docs. It’s also implemented in our ShadowTrackr python package.