ShadowTrackr

Log in >
RSS feed

Improved WordPress checks

15 May 2023
The detection of WordPress version has improved, resulting in much less WordPress mentions without a version.

WordPress itself also publishes a list of versions that are insecure, and this data is now used in the Software overview and Software vulnerabilities reports along with any CVEs found. Vulnerable versions will have a tag "insecure" (color coded red) and outdated versions will have the tag "outdated" (color coded orange).

Automatically trust Microsoft O365 certificates

23 April 2023
Some clients reported that Microsoft required them to have certain DNS records available for their Office 365 cloud account. Two (fictive) examples are lyncdiscover.shadowtrackr.com and sip.shadowtrackr.com. You are not required to actually have a website running on those URLs. Microsoft will forward them to their proper cloud servers, serve a standard Microsoft O365 TLS certificate, and that's it.

Or is it?

Some services will start complaining about not trusting the TLS certificate since you now have a domain mismatch. Microsoft itself explains here that you should just trust these certificates and get on with it.

That works, but ShadowTrackr willlist your TLS certificate as a problem since the domain mismatch is still there. If you do not want that, you now have te option to force ShadowTrackr to always trust Microsoft TLS certificates. It's available under Settings->general

If you enable this, it will only work for valid Microsoft TLS certificates on ip addresses that are in the Microsoft cloud range. If any of these conditions is not true you will still see an error appearing in your reports (as you should).

Data quality improvements

16 April 2023
The new logging infrastructure provided new options for bug hunting, and that is where time was spent these last few weeks. You might be able the notice this in data quality. More ports, certificates and whois records are found.

The internet standards scan on hosts running many websites (like proxy servers) regularly had trouble determining if websites where reachable over ipv6, and then incorrectly stated they were not. This is fixed now too. It can still be hard to keep all websites up to date if you have hundreds running on the same ip (work in progress), but the internet standards check will correctly show if they are reachable over ipv6.
Older posts >

Resources
API
Blog
Documentation
Integrations
Shodan
OpenCTI