New and updates software detections
24 March 2025
Several software detections where expanded and updated, and some new ones added. The biggest improvement is in detection software running on odd ports.
There's also quite a performance update in the scanners, but you'll only notice that if you use the API to do near real-time scans.
Defacement detection
17 February 2025
This week's update is all about a new feature: defacement detection. The ingredients have been present for a long time already, but the feature has never been developed enough to hit production before.
There are three levels of detection. The first are major page changes on a website. This will trigger an event (query: index=events eid=1679) prompting you to check if these are legitimate changes.
The second is major changes combined with suspicious artefacts. This will result in a problem event (query: index=events eid=1680) appearing on your timeline indicating a likely defacement.
The last one is for the case where no major changes detected, but suspicious artefacts are found (query: index=events eid=1681). It will result in a warning (orange) event
If you have any false positives, please contact me. Specific cases will help us to make better detections.
New: monitor specific webpages
03 February 2025
It's been a request for a while and now it's finally ready: monitoring a specific webpage. Up until now urls in ShadowTrackr could only be domains (shadowtrackr.com) and subdomains (test.shadowtrackr.com). If you would monitor every single page on those subdomains, things would escalate quickly in terms of assets and performance.
But, some webpages are so important that you do want to monitor them. With a webpage I mean a url that includes a path, like shadowtrackr.com/blog or test.shadowtrackr.com/docs.
There is a new item called webpages in the GUI under assets. You can add webpages in the same way you add urls or ip addresses.
By default, the url is extracted from the webpage and added to your assets too. This is needed for discovering and tracking things like certificates and dns. If you do not want this, click on "advanced options" when adding assets. There is a checkbox there that you can untick so the url is not added.
