Our scans are easy, continuous and holistic. Our customers do not have to select, execute and interpret highly technical security tools and their outputs. We distill the essence of relevant information regarding your security and provide it in a well-readable form.
Still, we are often asked what we actually do and use "under the hood". Besides some custom scanning software, we use various open-source tools and heavily rely on publicly available resources and information.
Detection of your infrastructure
For detecting your subdomains and externally reachable infrastructure we use the following techniques:
- DNS information
- Certificate Transparency Logs
- Passive DNS
- DNS Zone Transfer
- Brute Force
How we detect risks in your systems
- We conduct port scans and service detection using masscan and nmap and report risky services.
- We try to get access to your systems via common or default passwords for various services, such as SSH, Telnet, FTP, SQL, etc using custom password lists.
- Therefore we run multiple honeypots to collect passwords attackers use in the wild.
- Further vulnerabilities in your network infrastructure are detected by network vulnerability scanners and modules.
- Your web server security is checked by our web server scanning modules.
- We search for critical or unwanted files on your web server.
- A custom fingerprinting tool detects outdated content management systems (CMS) on your web servers such as Wordpress, Typo3, Drupal or Joomla.
- We check DNS security setting for your domains.
- We assess the security of your SSL configuration.
- We monitor and acquire public data leaks to detect the leakage of your credentials.
- We check whether your DNS provider protects you from unwanted DNS zone transfers.
- We check if your IP addresses or domains show up on major blocklists.
Our scanning software is under heavy development and continuously extended.