ShadowTrackr

Log in >
RSS feed

Find all current certificates that still use TLS 1.0 and TLS 1.1

08 March 2020
All major browsers are ending support for TLS 1.0 and 1.1 in 2020. Any websites still supporting these protocols will have their grades capped to an ugly B.

A client chasing certificates noticed that ShadowTrackr did not have the option to show or export current certificates that still use TLS 1.0 and TLS 1.1. There’s an option to list all certificates under reports, and there’s an option to list all certificates using TLS 1.0 and TLS 1.1. However you couldn’t combine both and that sucks.

So, this weeks update added more options to search. I added the last_seen field to certificates, websites, hosts, whois and dns records. You can use it to find your current certificates that still use TLS 1.0 and TLS 1.1. It works like this (type in search bar): 

    (certificate.protocols: "TLS 1.0" 
     OR certificate.protocols: "TLS 1.1") 
    AND certificate.last_seen>2020-03-01

Handy right? As with any search, an export button will appear on the top right of the page allowing you to easily download or email the search results.

Please keep sending your comments, suggestions and frustrations. It really helps to focus development effort on the things that are most useful.

Create your own network graph

16 February 2020
This popular feature request is finally live. If you click on graphs in the menu on the left, the Graphs will expand and an action menu (three dots) will appear next to Graphs. Clicking the three dots will take you to a page where you can create your own network graph.

After coming up with a good name for your graph, you can enter one or more tags. Any url that has the tag, along with the host it runs on, will be part of your graphs. If you have not tagged any urls yet your new graph will be empty. Go to the pages of the urls you want to add and click “edit tags” in the action menu (three dots, right top). Now add the tag and save it.

This first version of user generated network graphs is still very basic, but it opens the door for more options. We’re thinking of adding assets to a graph with asearch query. The query website.title: *netscaler* would instantly show you a map of netscalers you have exposed on the internet. This would be very handy when the next Citrix exploit appears.

Another option would be to exclude assets with a specific tags from your graph, which would be really handy to clean up your attack surface map if you have may assets. If you have any specific request, please mail us. We’d be happy to hear it.

TLS 1.0 and TLS 1.1 certificate notifications

02 February 2020
As some of you might have noticed, most TLS certificate scoring methods have started to downgrade certificates that still have TLS 1.0 and TLS 1.1. enabled. The one we use (SSLLabs) does this starting february.

For clients with large numbers of websites that have notifications enabled this resulted in so many notifications that we have temporarily blocked them. ShadowTrackr is supposed to be useful, not spammy. When the storm is over we’ll enable them again.

Please do upgrade your TLS certificates if you haven’t done so already. The major browsers are phasing out TLS 1.0 and TLS 1.1 support in this order:

Microsoft IE and Edge First half 2020
Mozilla Firefox March 2020
Safari/Webkit March 2020
Google Chrome January 2020
Older posts >

Overview
Use cases
Plans and pricing
FAQ
Resources
API
Blog
Documentation
Integrations
Shodan
OpenCTI
Company
About
Contact us
Legal & Policy