Create your own network graph

This popular feature request is finally live. If you click on graphs in the menu on the left, the Graphs will expand and an action menu (three dots) will appear next to Graphs. Clicking the three dots will take you to a page where you can create your own network graph.

After coming up with a good name for your graph, you can enter one or more tags. Any url that has the tag, along with the host it runs on, will be part of your graphs. If you have not tagged any urls yet your new graph will be empty. Go to the pages of the urls you want to add and click “edit tags” in the action menu (three dots, right top). Now add the tag and save it.

This first version of user generated network graphs is still very basic, but it opens the door for more options. We’re thinking of adding assets to a graph with asearch query. The query website.title: *netscaler* would instantly show you a map of netscalers you have exposed on the internet. This would be very handy when the next Citrix exploit appears.

Another option would be to exclude assets with a specific tags from your graph, which would be really handy to clean up your attack surface map if you have may assets. If you have any specific request, please mail us. We’d be happy to hear it.

TLS 1.0 and TLS 1.1 certificate notifications

As some of you might have noticed, most TLS certificate scoring methods have started to downgrade certificates that still have TLS 1.0 and TLS 1.1. enabled. The one we use (SSLLabs) does this starting february.

For clients with large numbers of websites that have notifications enabled this resulted in so many notifications that we have temporarily blocked them. ShadowTrackr is supposed to be useful, not spammy. When the storm is over we’ll enable them again.

Please do upgrade your TLS certificates if you haven’t done so already. The major browsers are phasing out TLS 1.0 and TLS 1.1 support in this order:

Microsoft IE and Edge		First half 2020
Mozilla Firefox		March 2020
Safari/Webkit		March 2020
Google Chrome		January 2020

Search websites by keyword in title (Hi there Citrix!)

With all the Citrix and Pulse Secure troubles of lately we all want to be able to quickly find them. It turn out that most of these VPN servers actually explicitly state what they are in the website title. In the past weeks you might have seen several Censys or Shodan search queries to find Citrix or Pulse secure boxes on the internet.

Of course we immediately implemented this handy trick on ShadowTrackr and by now all websites we track have their title indexed. You can easily list all your Citrix servers with this query:

website.title:*netscaler*

After that just click export and either download or directly email the list to seurity operations and have them checked.