Improved TLS certificate scans
03 August 2020
This weeks update fixed some bugs in certificate scanning en added some extra features. Altogether it’s quite a large change and chances are that you’ll have more items on your problems page than before.
The biggest change is in how certificates name mismatches and missing intermediate certificates are handled. The policy was that if a website could not be loaded in a browser, you have a problem anyway and additional certificate checks were not necessary. This prevented some certificates with problems from showing up in certificates reports. Of course, you’ll want certificate overview to be complete. So, that policy has changed.
If a wildcard certificate was running on a number of urls, and one of those urls got its very own (new) certificate while the (old) wildcard certificate was still valid, ShadowTrackr had trouble detecting this. That bug is fixed now.
Some new fields are added to monitoring: The full subject and issuer fields (instead of just the urls and organisation names), CAA issuers, certificate chains and trustpaths. The first three are also added to the advanced search options.
Lastly, instead of lumping together all urls under “common names”, the are now listed with the original field names (subject, common names, alternative names). This is much more useful when you’re fixing things.
API: get your network graph as PNG
19 July 2020
You can now get an image (PNG) of any of your network graphs through the API!
We’ve had multiple requests for this feature and it has been on the backlog for a while. Thing is, the graphs are dynamic and generated with D3 in your browser. So unlike other API endpoints that pull data directly from the database, this one needed something that rendered the D3 code first before creating a snapshot and converting it to a PNG image.
The quick and dirty option would have been providing a url that you could get with something like
headless chrome. However, this would mean all API users had to install headless Chrome and implement their own solution. Much more efficient and convenient to do this centrally and just deliver the final output. If you still like to go the browser way (maybe you want to build a graph for on your wall), please
let us know and we’ll help you out.
More info in the
API docs. It’s also implemented in our
ShadowTrackr python package.
Where are my F5 BIG IPs?
06 July 2020
By now everyone should’ve been notified by the vendors and security people about fixing you F5 BIG IP for
CVE 2020-5902.
But since the actual exploit code has been released and some bad people have started abusing it, you’re advised to do an extra check and see if you have got to
all your BIG IPS. ShadowTrackr has some checks to detect them, and you can get a list by typing this command in the search bar:
website.software: "F5"
Note that you’ll see websites on which BIG IPS are detected, and some of these might be grouped behind the same device.