ShadowTrackr

Log in >
RSS feed

More options with tags

04 March 2024
Since the use of tags is increasing, it was time for a review. They now appear in more places, most notable phishy urls. The documentation on how tags work is updated, and here are the most important rules to keep in mind:

- If you tag a domain, all subdomains will inherit that tag
- Subdomains can have tags that do not appear on the pay level domain.
- If you tag a url corresponding certificates, websites and DNS records get it too
- Certificates and websites can have additional tags that are not on the url
- Phishy_domains inherit tags from the original pay level domain
- If you tag a subnet, all hosts in it will inherit the tag

Some of the new reports make heavy use of magic queries (those starting with a $). All magic queries support two extra options last_seen and tags So, to make a custom Software Vulnerabilities Report only for assets with the tag "my_tag" that are seen in the last two weeks, you use the query:

$software_vulnerabilities_report and last_seen>-14d and tags=my_tag

Adding custom DKIM selectors

26 February 2024
As the recently added mailservers report shows, most of your DKIM settings are automatically found by our scanner nodes. Some domains use very specific selectors, and these can only be found in email messages and not through scans online. This will result in warnings about a lack of DKIM.

If this is the case for your organization you can now add your custom selectors under Settings->General in the GUI. You can find you selector by looking at the email headers of an email send from your domain (Look for a menu option labelled "view headers" or "view message details"). A DKIM header line will look like this:

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; 
d=shadowtrackr.com; i=@shadowtrackr.com; q=dns/txt; 
s=my_selector;

As you might have guessed "my_selector" is the DKIM selector in this example. If you add that to the ShadowTrackr Settings your DKIM selectors will be monitored.

New reports available

19 February 2024
There are two new report templates available in the report library: the Mailservers report and European Cookie Law Report. The Mailservers report shows the settings (MX records, SPF, DMARC and DKIM) on all your mailservers. The report contains suggestions to improve your security settings and if any server is blacklisted the report will also show it. With big email providers like Microsoft and Google blocking senders with wrong or missing SPF and DMARC settings, it's definitely worth it to stay on top of this. Problems mean your email is no longer received by a large part of the internet.

The European Cookie Law Report shows which of your websites set a cookie before any user interaction has taken place. This might indicate a violation.

The magic report queries (those starting with a $) can now also be amended with the fields last_seen and tags. So, to make a report of your mailservers over the last month tagged "acme", you use this query:
$mailservers_report AND last_seen>-1m AND tags=acme
Older posts >

Resources
API
Blog
Documentation
Integrations
Shodan
OpenCTI