Match your hosts against a list of bad IPs

One of the popular use cases for ShadowTrackr is to quickly match a list of IPs against your hosts. Lists of Cobalt Strike servers, list of vulnerable Fortinet servers, lists of exploitable Exchange servers …

ShadowTrackr keeps track of your current hosts and can easily export them. But next you had to compare the lists yourself. By hand. When you have to do the same thing regularly it is time to automate it. So, that’s what we did!

Under "Tools" in the left hand menu, there’s a new option: match-ips. You can paste your list of IPs here and ShadowTrackr will show you the matches found. Since often you get the IPs from sites like pastebin we’ve also included the option to drop in a url instead of the list with IPs. We’ll scrape and filter the ips from the url for you.

If you have more use cases like this where we can automate things for you, please let us know. Happy hunting!

Reliable weekly pdf and hello Sydney!

Besides basic maintenance and bug fixes, not much happened during the summer. But now holidays are over and development has fully started again.

Today’s weekly report will be send with Sendgrid instead of directly from the ShadowTrackr server. It is becoming harder and harder to run a mailing without having your server occasionally blocked. It possible, but it just takes a lot of time that is better invested elsewhere. After a second client complained about not receiving the weekly, the decision was made. If this first run is a success, we’ll be moving mail notifications to Sendgrid as well. Please send a message if your weekly pdf is not in your mailbox on Monday morning.

Certificate scans are running great with the new engine and we hope to start scanning TLS certificates on more ports soon. But capacity has been an issue. The number of clients has been growing, and some have lots of certificates to scan. Even after optimisations the scanning nodes could not keep up. That means time to throw more hardware at it and a chance to add a new scan location: Sydney. The new location might result in existing clients detecting more cloud endpoints if you have services with a global profile on Azure of Amazon (which is good off course).

New TLS certificate scanner

ShadowTrackr has been using the SSLLabs engine to scan certificates for a few years now. This has been performing consistently well until a few weeks ago.

First, performance started to drop. Then errors started appearing. Then, the errors (mostly false positives on trust issues) went away, but performance was still bad. Next, some errors reappeared again.

We strive to provide you a good service and could no longer do this with the SSLLabs engine. This weekend, the engine got swapped with a new one that is running entirely on our own servers. The SSLLabs grading scheme is still the best out there that we know of, so we do stick to that. And most of the other options are the same as well, including the reports.

Since we run the scans from our own servers now, more options are opening up. These will require some time to implement, but expect scans of certificates running on mailservers and other ports and some extra security checks somewhere in the next few months.

For now, all certificates have to be rescanned and we’ll likely have some fine-tuning to do. You might see less certificates in today’s weekly pdf due to this.