Security.txt, UX and performance update

This week's update has quite some impact on three fronts. The first is that there is quite a performance update. The GUI is notably faster and more snappy.

The second is that the User Experience has improved. There are copy icons next to almost all ip addresses, urls, and hashes. Most of these are clickable and lead you to some other page in the GUI, meaning they are hard to copy. Typically you do want to copy them for checks in other systems, and that has become much easier now. Some layouts have improved, and on the website and certificate pages there is an external link icon allowing you to easily open the website in a new tab for visual inspection. There is an external link icon for the security.txt files too.

The third and last is the improved syntax check on security.txt. For every website, there are three new fields available: security_txt_exists, security_txt_valid, and security_txt_errors. To help you find your way around these, there are two new reports available in the report library: the "Security.txt validation report" showing all websites with a problematic security.txt file, and the "Missing security.txt report" showing all websites that do not have a security.txt file.

Updated GUI and phishy urls

Two big items in this update. The first is the updated GUI. The goal was improved clarity and usability. Contrast has improved, icons and badges were added, asset pages have sticky headers, and things generally look smoother.

The second one are the phishy urls. There was a bug in there that kept detecting a phishy url as new if it was a permutation of two of your assets. Only one could be registered. That is fixed now, and the code had a major review. Phishy urls that redirect to the original url or one of your other assets are now clearly labeled. Babydomains are also clearly labeled if detected, as are reserved domains and redirects to marketing sites.

You can directly add a phishy_url to your assets if you bought it (from the action menu in the right top), and it's even possible to add your own phishy_urls that you want ShadowTrackr to monitor for you. Most should be detected by our algorithm, but some language specific urls (singulars/plurals) can be hard to generate.

Improved defacement detection

The first version of defacement detection didn't detect everything it should. The next version was a bit to trigger happy, but the third one that is rolled out now is much better. Alerts will appear on your timeline.

I'll let it run for a while and then put proper alerts in the alert library. I'm also thinking of creating a defacement and changes report that shows all websites with major changes and possible indications of defacement.