API is updated to version 3

Almost all of the new endpoints are downwards compatible with the old version. There are some breaking changes in the certificates endpoint. Some values return a string with a comma separated list before and now return a proper JSON array.

The goal is to have parity with the GUI and so new endpoints are added like subnets, domains, exposed email addresses and blacklisted assets. There is also a new endpoint you can use to check on how far your initial scan is. A code example on how to use it can be found in on_demand_scan.py.

Lastly, some endpoints have an extra option (full=True) that returns raw scan data. This can be useful for those of you who want to do data science on the results of the ShadowTrackr scans.

Want to know more? See the API documentation

Certificate Scan Errors

The TLS scan engine has been having some trouble in the last two weeks. For some certificates, scans could not be completed. This often resulted in an Error instead of a grade in the certificate report. I some cases, the scan results were missing entirely.

The errors have been fixed now, and the newly update scan engine has been running since October 10. It can still take a few days to catch up on all certificates, but by the end of this week all certificate errors should be gone. If you do still see them, please report it.

Tagging keywords

Keyword monitoring can be very useful to track dataleaks, or just the general news on specific subjects. You don’t want to miss news about your company or maybe specific software or vulnerabilities.

For those general news cases, a simple keyword often is enough. But if you are monitoring a set of keywords related to a specific dataleak it’s hard to keep track over time. This is why we got a feature request to add tags to keywords. It’s implemented and keyword tagging is now available for all.