ShadowTrackr

Log in >
RSS feed

haveibeenpwned integration

20 September 2020
Since ShadowTrackr now has a list of your exposed email addresses, we should do something useful with it.

Troy Hunt hunt runs the awesome haveibeenpwned.com. It’s a big collection of data breaches, and you can check if your email appeared in one. There’s also an API, and that’s what ShadowTrackr now uses to check your exposed email addresses daily.

You can see the result in under Reports->Email addresses. Of course, there’s more work to be done here, like sending out alerts when one of your email addresses appears in a new data breaches.

Exposed email addresses report

06 September 2020
The new exposed email report is part of some interesting plans with email addresses. Step 1 has just gone live, and all your assets are continually scanned for email addresses. Not only email addresses on websites are tracked, but also those in the CAA fields of your certificates.

This results in a list of email addresses you have publicly exposed on the internet. You can find it under Reports->Email addresses, along with the domains they are listed on. These email addresses will very likely be targeted with SPAM, phishing or password spraying attacks. If you click on an email address in the report, you’ll get a list with all exact pages that we found it on. Handy right?

Next step is of course setting up extra monitoring on those email addresses. You can do this internally in your SIEM or email security appliance, but of course we’ll try to facilitate you here. That is what step 2 will be about. Stay tuned :-)

Improved TLS certificate scans

03 August 2020
This weeks update fixed some bugs in certificate scanning en added some extra features. Altogether it’s quite a large change and chances are that you’ll have more items on your problems page than before.

The biggest change is in how certificates name mismatches and missing intermediate certificates are handled. The policy was that if a website could not be loaded in a browser, you have a problem anyway and additional certificate checks were not necessary. This prevented some certificates with problems from showing up in certificates reports. Of course, you’ll want certificate overview to be complete. So, that policy has changed.

If a wildcard certificate was running on a number of urls, and one of those urls got its very own (new) certificate while the (old) wildcard certificate was still valid, ShadowTrackr had trouble detecting this. That bug is fixed now.

Some new fields are added to monitoring: The full subject and issuer fields (instead of just the urls and organisation names), CAA issuers, certificate chains and trustpaths. The first three are also added to the advanced search options.

Lastly, instead of lumping together all urls under “common names”, the are now listed with the original field names (subject, common names, alternative names). This is much more useful when you’re fixing things.
Older posts >

Overview
Use cases
Plans and pricing
FAQ
Resources
API
Blog
Documentation
Integrations
Shodan
OpenCTI
Company
About
Contact us
Legal & Policy