ShadowTrackr

Log in >
RSS feed

Restructuring indexes

09 July 2024
Although it might not look like it yet, there is a lot going on. Alerts on newly found CVEs, a feature requested by several of you, requires quite some restructuring of indexes before it can be build. That restructuring has been done now. The new indexes are getting filled up and work on the final step is underway.

More restructuring is underway in the IP address context data. The new version is way more efficient and will allow more features, but requires some major code refactoring. I'll keep you posted.

New IP info endpoint

10 June 2024
If you collect threat intelligence from communities or OSINT, you will be familiar with false positives. Unroutables IP addresses, common DNS servers, rapidly changing cloud IP addresses listed as evil IoCs for long periods. A lot of the information to properly detect and score IoCs is available, so why not expose this? That is what the new ip info endpoint is about.

This is still quite new and in development, but I'm hoping to do more with it. This means adding more useful information to the ip info endpoint to support more use cases, and maybe at some point even plugins/apps/connectors for common Threat Intelligence Platforms and SIEMs.

Certificate scan results update

03 June 2024
While the grades you see on ShadowTrackr are based on the SSL Labs scoring guide and should be the same, we have discovered a minor difference. When you have an incomplete chain of trust, SSL Labs will show it but still happily hand out an A or even A+. On ShadowTrackr you will receive a T, because and incomplete chain of trust is a Trust issue.

Out of the thousands of certificates we scan, we have only seen this difference on two certificates. On one of them, SSL Labs claimed only Java had an incomplete chain. Our scan showed that Java and Apple had an incomplete chain of trust. All tough the certificate was accepted by Safari on a Macbook, OpenSSL verification on the terminal on that same macbook did show a certificate problem.

If this happens to you, make sure you have the complete certificate bundle including the intermediate certificates installed on your server. The order of the certificates is important too. If this still fails to produce a complete chain of trust, get a certificate signed by a different root CA and try again.

The certificate scan script had been updated, and a bug in the detection of the certificate serial number has been fixed.
Older posts >

Overview
Use cases
Plans and pricing
FAQ
Resources
API
Blog
Documentation
Integrations
Shodan
OpenCTI
Company
About
Contact us
Legal & Policy