Weekly pdf report additions

Last week you saw our brand new weekly report. We got a lot positive reactions, and a few bugs. The bugs are fixed in this week’s version, and we’ve added two new report items to both the pdf and the webinterface.

The first is “Cloud providers detected”. Some of you are interested to know in which clouds your assets live. Since our scanning nodes are already tracking those, it was easy to add an overview. You’ll see a list of cloudservices and the domains that are hosted there behind them.

The second new item is “Datadump & code repository detections”. ShadowTrackr monitors a list of datasump sites (like Pastebin) and code repositories (like GitHub) for the keywords you have given us. Since this week, we also automatically check if we see any of your domains referenced in these source. Both keyword and domain hits will be listed.

Enjoy the new version!

Improved weekly pdf reports

ShadowTrackr has been growing, and the weekly pdf reports hadn’t really been growing along. Some of the information available under reports in the web interface or with queries was missing in the weekly, and some other information that wasn’t really useful for a weekly was still in there. An increasingly larger group of you were pulling the interesting data out with queries. So, time to fix that!

Starting this week everyone will receive version 1 of the new weekly report. It contains a clear overview of the things you should work on like bad certificates, insecure ports open on servers, and blacklisted assets. These where available in the old version, but are more concise and easier to track over time now.

A lot of you are interested in a list of certificates that will expire in the next few weeks. This was available with a search query, but now you’ll find it in the weekly and under reports as well. The same goes for a list of remote login services (like Citrix, Pulse Secure and Check Point) that we have detected on your assets. You’ll want to have that list handy when the next exploit is published.

The list of software detected on your assets and information about vulnerabilities in that software was already available under reports. We strive for a concise report and it would be too much to list it all, but vulnerable internet facing software is listed in the weekly now. Note that only those vulnerabilities that MITRE scores as HIGH or CRITICAL are mentioned in the weekly. For vulnerabilities scored lower you still need to go to the web interface and look those up under reports.

The last addition to the weekly is a list of your publicly exposed email addresses that are found in data breaches. You should make sure the password of these accounts have been reset since the last data breach and password are not re-used anywhere else. The complete list of your publicly exposed email addresses, including those that don’t appear in data breaches, is available under reports in the web interface.

haveibeenpwned integration

Since ShadowTrackr now has a list of your exposed email addresses, we should do something useful with it.

Troy Hunt hunt runs the awesome haveibeenpwned.com. It’s a big collection of data breaches, and you can check if your email appeared in one. There’s also an API, and that’s what ShadowTrackr now uses to check your exposed email addresses daily.

You can see the result in under Reports->Email addresses. Of course, there’s more work to be done here, like sending out alerts when one of your email addresses appears in a new data breaches.