Happy new year!

All the best for 2022 :-) The last month of 2021 was a bit busy. Helping out with log4j trouble ate up quite some time.

There have been some few bug fixes and more are underway. The focus for the start of 2022 will be on improving overall quality and hunting bugs.

New software vulnerabilities report

We got a request about the software report. Most of you use it to hunt down CVEs on software that needs to be patched. It is setup as a complete overview of all your internet exposed software. CVE’s are listed too so you have an overview of what software is most vulnerable.

Not every system is equally important in practice, and many of you are clicking through to find the vulnerable systems and determine which ones need most attention. For those of you with many assets, this was a cumbersome process. And that was what the request was about. Could we show only the software list for assets with vulnerabilities?

The new Software vulnerabilities report does exactly that. Hopefully this will help you prioritise and spend your precious time on the most important vulnerable systems. The old report showing all the software we found on your internet exposed assets is still available and now renamed to Software overview report.

API is updated to version 3

Almost all of the new endpoints are downwards compatible with the old version. There are some breaking changes in the certificates endpoint. Some values return a string with a comma separated list before and now return a proper JSON array.

The goal is to have parity with the GUI and so new endpoints are added like subnets, domains, exposed email addresses and blacklisted assets. There is also a new endpoint you can use to check on how far your initial scan is. A code example on how to use it can be found in on_demand_scan.py.

Lastly, some endpoints have an extra option (full=True) that returns raw scan data. This can be useful for those of you who want to do data science on the results of the ShadowTrackr scans.

Want to know more? See the API documentation