Search Go hack yourself with Detectify

An EASM blog from Detectify

Server-side Javascript Injections and more!

April 9, 2013

Today’s updates fill the needs of many of you out there! You asked for it, and now it’s in the Detectify engine! Here’s a breakdown on the stuff we’ve put in:

Verify domain ownership with Google Analytics

Having trouble editing your code? Don’t want to upload files? No problem! You can now verify the ownership of your domain using your Google Analytics account. Try it out in the dashboard or in the sign up!

National Vulnerability Database

Our fingerprinting has been extended using the U.S national vulnerability database. Detectify will now try known vulnerabilities based on the versions we fingerprint from your domain. We will then warn you when there’s a security issue in the version you’re using.

Server-Side JavaScript Injections

We have now a feature for pentesting server side JavaScript. That means, we are able to find NoSQL injections in MongoDB, code execution flaws in Node.JS and other flaws in exotic server-side JS-technologies.


Our site at now sends a Content-Security-Policy header. Content-Security-Policy is a header for security that allows website owners to declare from what sources the users may load content from. Read more about Content Security Policy here.

Download report

Yes, we finally added support for downloading your reports as PDF files, conveniently making them accessible offline. The design of the PDF reports is still in progress and if you have any issues/suggestions, feel free to mail us about it at!