Graphs available through API

You can now get the graphs from the ShadowTrackr GUI through the API.

The first option is to load it fullscreen as a rendered HTML page. This is useful if you want to embed it in another website or if you want to grab your own screenshots. Since it's a force-directed graph that is generated live you should wait a few second before taking the screenshot to get the best results.

The other option is grabbing just the data as a JSON formatted list of nodes and edges, and generate your own graph.

More details available in the API documentation.

More automated tags

Better detection of VPNs, IPs, Hosters, and Hotels has just gone live. If you find that your hosts are not properly categorized or are missing tags that you'd like to see, please let us know.

New options to detect login forms, especially insecure ones, are now in beta. You can read the fields "http_login_form" and "http_login_insecure" through the API. Or you can try this query to make them visible:

index=websites http_login_form=1

Proper visibility in the GUI and reports will follow when it's out of beta.

Admin Panel and RDP detection

I really wanted to have automated tagging for hosts running Admin panels (also known as web hosting control panels). But since detection of these wasn't good enough yet, that had to be improved first.

As you might have noticed, the popular Admin panels Plesk, DirectAdmin and cPanel are quite well found now. If a host is running one of these, an Admin panel tag will be automatically added to the host.

There have been some other detection improvements of which the most notable one is RDP. If a host with the the Remote Desktop Protocol port (3389) open is found, the scanner node will try to connect to confirm it and try to determine the RDP software, the software version and the hostname.

You can find out if you have RDP open to the internet with this query:

index=hosts ports=3389