ShadowTrackr

Log in >
RSS feed

Search software through the API

09 May 2021
The reports section has an overview of the software our nodes have found on your assets. It contains a categorized list with tally of how often we found something. If the software version we found matches any CVEs you will see that too. It’s a handy overview of where you need to concentrate your patching and update efforts.

Last week a client had the idea of using that overview to create a dashboard, but there was no API endpoint for it yet. We fixed that, see the details here in the API documentation. To make this overview more useful the websites endpoint now also accepts a software parameter. This way you can get a list of al the websites running specific software.

Website redirect grading change

27 April 2021
Last weeks saw lots of small improvements and bug fixes. Some are noticeable, like search results paging in the GUI. Others concern edge cases or events that do not apply to everyone, like better detection for Drupal, F5 BigIP and Fortinet.

The most noticeable is probably the grade change on redirected websites. When you fully redirect a website with a 301 or 302, there is no content served. Technically, you can set security headers to prevent things like an XSRF attack. But as there is no content served, you can’t perform an actual XSRF attack. You might be able to do so on the redirect destination, but that is a different website with its own content and its own grade.

One client had a lot of these redirects and they all showed up with a big red F in the reports. While it would be fixable by setting the security headers anyway, this is not what the color red is supposed to mean in ShadowTrackr. Red is a problem, and means that you need to fix it as soon as possible. Red is dangerous, unlike orange which is a warning and means that you should fix it when you have the time.

So, security headers related to content on fully redirected websites are no longer counted in your website grades.

System tags and NOREPORT

19 April 2021
Tags are a growing thing and are getting some serious development attention. Right now you can add multiple tags to assets, and these can be use to create custom graphs. We intend to expand tags so use can use them to customize how ShadowTrackr behaves. Needs differ. One client is happy to see all websites with a 404 or 503 response in the reports, another does not want them in the reports.

The latest addition are system tags, and this week we start with the first one: “NOREPORT”. If you tag an asset as NOREPORT ShadowTrackr will still monitor the asset and even send alerts if you have configured them, but the asset will not appear in any reports. Not even in the weekly pdf. System tags are blue and all caps. You can still add your own tags of course and these will appear in purple. In the coming weeks you’ll see more system tags appearing and in due time we also intend to support custom reports based on tags.
Older posts >

Overview
Use cases
Plans and pricing
FAQ
Resources
API
Blog
Documentation
Integrations
Shodan
OpenCTI
Company
About
Contact us
Legal & Policy