CVE checks on detected software

Some of you might have seen the CVE mentions on the software reports page. They have silently been in beta for a while, and now it’s time to step up.

ShadowTrackr runs automatic checks to detect software running on your websites and servers, and it always suprised me how often it’s possible to determine the exact version number too. Since we have this information anyway, we should do something useful with it, and that’s were the CVE checks come in.

As of today we maintain a current database of all released CVEs. Everytime we find software and version information on one of your assets, we’ll check it against the known vulnerabilities in the CVE database. If we find a vulnerability, you’ll get a warning. And if it’s a critical vulnerability (meaning a CVSS score above 9), we’ll list it as a problem and urge you to fix it immediately.

Any evil hacker who wants to have a go at you will go through the same process of finding out what software you run and checking if there are any known vulnerabilities. So, this should be a major step in reducing your attack surface. Check out the results on the software report page and get started!

Find all current certificates that still use TLS 1.0 and TLS 1.1

All major browsers are ending support for TLS 1.0 and 1.1 in 2020. Any websites still supporting these protocols will have their grades capped to an ugly B.

A client chasing certificates noticed that ShadowTrackr did not have the option to show or export current certificates that still use TLS 1.0 and TLS 1.1. There’s an option to list all certificates under reports, and there’s an option to list all certificates using TLS 1.0 and TLS 1.1. However you couldn’t combine both and that sucks.

So, this weeks update added more options to search. I added the last_seen field to certificates, websites, hosts, whois and dns records. You can use it to find your current certificates that still use TLS 1.0 and TLS 1.1. It works like this (type in search bar):

    (certificate.protocols: "TLS 1.0" 
     OR certificate.protocols: "TLS 1.1") 
    AND certificate.last_seen>2020-03-01

Handy right? As with any search, an export button will appear on the top right of the page allowing you to easily download or email the search results.

Please keep sending your comments, suggestions and frustrations. It really helps to focus development effort on the things that are most useful.

Create your own network graph

This popular feature request is finally live. If you click on graphs in the menu on the left, the Graphs will expand and an action menu (three dots) will appear next to Graphs. Clicking the three dots will take you to a page where you can create your own network graph.

After coming up with a good name for your graph, you can enter one or more tags. Any url that has the tag, along with the host it runs on, will be part of your graphs. If you have not tagged any urls yet your new graph will be empty. Go to the pages of the urls you want to add and click “edit tags” in the action menu (three dots, right top). Now add the tag and save it.

This first version of user generated network graphs is still very basic, but it opens the door for more options. We’re thinking of adding assets to a graph with asearch query. The query website.title: *netscaler* would instantly show you a map of netscalers you have exposed on the internet. This would be very handy when the next Citrix exploit appears.

Another option would be to exclude assets with a specific tags from your graph, which would be really handy to clean up your attack surface map if you have may assets. If you have any specific request, please mail us. We’d be happy to hear it.