Search Go hack yourself with Detectify

An EASM blog from Detectify

Major improvement to web crawling, more customization, and new tests

Victor Arellano / January 30, 2023

More flexibility when viewing all of your assets 

Many security teams have thousands – if not hundreds of thousands! – of known assets and unknown assets that they continuously monitor for vulnerabilities and risks. Viewing large volumes of assets can be cumbersome, particularly when observing a specific characteristic of an asset, such as the technologies it’s hosting or its DNS record type. That’s why we’re adding additional customization to the All Asset view. 

It is now possible to customize the following:

  • Pin columns. You can now pin or “freeze” columns (this is for the Excel fans out there).
  • Adjust and hide columns. You can now change the column width to suit your style, shift columns left and right, and even hide columns.
  • Change the row density. Adjust the style of the rows to your individual preference by making them more or less compact.
  • Change the number of rows per page. You can now view All Assets by 10 to 100 rows.

Haven’t yet heard about the new navigation in our tool? Don’t worry, we’ve covered how you can use our new navigation in a previous product update.

Improved web application crawler now available

Detectify leverages crawling and fuzzing to find vulnerabilities in assets that normally can’t be reached through stateless testing. Our web app scanner, Application Scanning, has undergone some major improvements to increase scan efficiency – as a result, users get results faster and with more concise vulnerability data on which to take action.

If you’re curious to learn more about Application Scanning, you can check out our knowledge base which goes into more detail about its capabilities.

Additional product updates:

  • New Attack Surface State: Non-monitored assets. It’s now possible to see which of your assets are not being monitored. This will make it possible for users to spot potentially unknown domains that require coverage or further investigation.
  • More search parameters for Technologies on the Attack Surface. Users can now search by technology name, version, and category through the Technologies page on the Attack Surface.
  • Most recent filters and settings will be saved to the All Assets. During investigation, you’re likely going to be clicking through various links, so we’re going to keep your most recent filter settings on the All Assets view for when you return.

Recently added crowdsourced vulnerabilities

Here is a list of all new modules recently added from our community of ethical hackers. You can find a complete list of new vulnerabilities added to Surface Monitoring and Application Scanning by viewing the “What’s New?” section in-tool.

  • CVE-2022-24716: Path Traversal in icingaweb2
  • CVE-2022-46389: ServiceNow XSS
  • Dolibarr Installer Exposure
  • Drupal JSON API User Enumeration
  • Froxlor XSS
  • Joomla! – J!Dump Information Disclosure
  • Netlify Headers Configuration File Disclosure