Stay in touch

Application security insights and invitations to exclusive events in your inbox


Your data will stay confidential Private and Confidential

External Web Applications Discovery with Shodan and ImmuniWeb®

Wednesday, March 28, 2018 By

How many external websites, applications and (sub)domains does your company have? Compare free application discovery service by Shodan and ImmuniWeb® Discovery.


Vulnerable applications represent a huge risk for companies and organizations. One single abandoned subdomain, running an outdated WordPress installation, may open a door to successful APT attack against your company and compromise your digital crown jewels.

External Web Applications Discovery with Shodan and ImmuniWeb®

Shadow IT is one of the biggest sources of data breaches according to Gartner. In many companies, in-house and external developers unwittingly expose internal or applications in development (e.g. test environment) to the Internet, often with sensitive data and easily exploitable vulnerabilities. Many companies don’t even know how many of their applications are currently exposed to the Internet, let alone how (in)secure they are.

Cybercriminals on their turn run continuous monitoring for new apps and vulnerabilities. Once a public vulnerability appears for your CMS or CRM accessible from the outside, bad guys will start probing to exploit the flaw and takeover your web server. Worse, many cyber gangs will even patch the vulnerability to prevent their “competitors” from getting in.

Impending GDPR enforcement requires a comprehensive inventory and protection of Personally Identifiable Information (PII) that your company stores or process via a great wealth of intertwined applications, APIs and Web Services. This task becomes virtually impossible if you don’t have a comprehensive and up2date list of your web and mobile apps.

To help companies better identify and inventory their applications, we decided to compare [web] application discovery service offered by Shodan and ImmuniWeb® Discovery. Both services are available for free and provide commercial subscription for some extra options.

Being a reputable service, Shodan is a freemium OSINT search engine to look through all your publicly exposed devices, from network servers to specific IoT devices. ImmuniWeb® Discovery is a part of ImmuniWeb Application Security Testing Platform. It leverages intelligent algorithms and OSINT big data to detect external web and mobile apps attributable to your company or organization. Additionally, ImmuniWeb Discovery uses non-intrusive techniques to fingerprint CMS on the discovered applications. For every application, ImmuniWeb Discovery also assesses TLS encryption and web server security in a non-intrusive manner.

The comparison is based on publicly available data from Shodan and ImmuniWeb Discovery. For Shodan, we had to adjust the output format and remove some superfluous results (e.g. non-applications) for the purpose of the comparison. ImmuniWeb Discovery was tested directly via the customer portal.

We took five random organizations from completely different sectors, differentiating by size, complexity and scope of their external web systems. Below are the results obtained by non-intrusive OSINT discovery run by Shodan and ImmuniWeb Discovery:

openbsd.org

Shodan Total: 5
Total active servers: 2
Total web servers: 1
Total email servers: 1
Total dns servers: 1
ImmuniWeb Discovery Total: 112
Total active servers: 27
Total web servers: 25
Total email servers: 6
Total dns servers: 2

facebook.com

Shodan Total: 1882
Total active servers: 1419
Total web servers: 1416
Total email servers: 2
Total dns servers: 1
ImmuniWeb Discovery Total: 2309
Total active servers: 1859
Total web servers: 1854
Total email servers: 4
Total dns servers: 1

europa.eu

Shodan Total: 613
Total active servers: 542
Total web servers: 467
Total email servers: 74
Total dns servers: 18
ImmuniWeb Discovery Total: 3728
Total active servers: 3345
Total web servers: 3227
Total email servers: 137
Total dns servers: 42

forbes.com

Shodan Total: 1
Total active servers: 1
Total web servers: 0
Total email servers: 1
Total dns servers: 0
ImmuniWeb Discovery Total: 110
Total active servers: 62
Total web servers: 61
Total email servers: 2
Total dns servers: 1

wwf.ch

Shodan Total: 10
Total active servers: 7
Total web servers: 5
Total email servers: 3
Total dns servers: 0
ImmuniWeb Discovery Total: 28
Total active servers: 23
Total web servers: 23
Total email servers: 1
Total dns servers: 0

For the purpose of this simple exercise, ImmuniWeb Discovery has significantly outperformed Shodan both by quality and quantity of the results. Nonetheless, we are continuously working on its algorithms to make them even more efficient and intelligent to eliminate the shadow in your IT.

To try ImmuniWeb Discovery for your organization, just sign-up on the Portal and explore your web and mobile apps (yes, we do detect mobiles apps too).


High-Tech Bridge Security Research Team regularly writes about web and mobile application security, privacy, Machine Learning and AI.

User Comments
Add Comment

High-Tech Bridge on Facebook High-Tech Bridge on Twitter High-Tech Bridge on LinkedIn High-Tech Bridge RSS Feeds Send by Email
Share
Let's Talk