The web is growing quickly and with that comes more commodities and clients, pushing the conversion of businesses and institutions to web-based platforms. And with all of this comes other ways to hack, so when up against previous tactics, hackers have an easier time.
Cybercrime can be done with simple means whereas previously it needed certain assets; Groups comprised fewer members can use newly cyber tactics to get greater value at less cost. A few skilled hackers equipped with a few tools can really disrupt a system.
And with all of this comes results. Cybersecurity is not static and is growing quickly right alongside cybercrime.
So without further ado, let us present to you Spyse, an up to date cyberspace search engine that was developed to guide the web into a danger-free zone.
The aim is to minimize the global cybercrime level and to assist companies in building safer infrastructures. Another aim is to assist everyday web surfers in their comprehension of the web, web structure, and possible risks. All in all, such members are opening the gates to top-line defense systems.
Employing their respective productions united with the methods of OSINT, a new service has been created in order to assist minimally informed web surfers and specialists alike to fortify their protection on the net.
What Is It Exactly That They Do?
They thoroughly scan through and through the web to collect the most important and interesting data which is later stored in their databases. Also critical to point out is that their databases are always growing because they scan the web at a particular rate of occurrence. Such a method permits the users to gain access to the required info quicker than in the past and removes the mandatory scanning process
What Kind Of Data Is Provided?
All Spyse clients are equipped to carry out an in-depth hunt for the listed parts of a network:
- Domains and subdomains (Title&Meta description; SSL/TLS certificates; DNS records). Also, they hold together the largest subdomains database out there.
- IPv4 hosts (Geo Data; PTR record; ISP; AS; domains on IP)
- Open Ports (Banners: services; protocols)
- SSL/TLS certs (a type of certificate; issuer info; subject info; and for which domains it was issued)
- DNS records (A; AAAA; MX; NS; SOA; TXT; PTR)
- WHOIS records
- AS (Number; organization; type; domains on AS; related ASNs; IPv4/IPv6 ranges) And much more interesting data.
How May This Data Be Useful
This service was created in order to make the work of pentesters, cybersecurity specialists, system administrators and others who have connections to the net and its security features less stressful. Though possible use is not only made by the overhead members. Anyways, let’s look at some examples:
Pentesters And Sec Engineers
Spyse permits security engineers and pentesters to find vulnerable places in the infrastructure and identify its weaknesses. With such service as Spyse, pentesters have the ability to inspect loose ends for defects, such as subdomains in the production space, technical domains opened to the public and more.
With the use of the AS lookup feature they can gain a panorama of AS and their networks within them
Site Holders
Many variations exist on how Spyse can be useful for website holders. A few basics which are beneficial when probing for subdomains and info about their digital certificates. As an example, if one has a website and there is a subdomain blog.hisorherwebsite.com this can be an entry point for hackers if one doesn’t take proper protection. Not to forget, if someone does not refresh his or her digital certificate on time, it may hurt you in the future.
Digital Certificate Suppliers
If you are a SSL / TLS cert supplier, you can survey the sites where the digital certificate will become invalid soon and come to the website owner with an offer.
Business Analysts
Business analysts are able to evaluate competitors, predict movements and changes in their business, as well as having an insider look at competitors’ future features before they even launched.
This list is ongoing because Spyse is an instrument that can be applied by many people for many options.
What Comes After This?
The supply of genuine data is only the icing on the cake and the best is farther down the line. Subsequent to completing DaaS solution they will need to create something of considerable interest. I had the privilege to speak to them and unbolt the door for future improvements.
Spyse SaaS Solution
This will assist in the perpetual supervision of the system’s consistency and what it is at its present condition, built on gathered web data. SaaS Solution shall incorporate:
- Spyse Security Scoring – Evaluation of structure/network security based on big data analysis and evaluation.
- Penetration Testing – a highly applicable penetration test can be carried out based on demand.
Conclusion
So far, Spyse is a small development team that has already managed to develop a cool product, even though they are still running in beta. A full release is expected in January. I liked that they are open to feedback, so if you have any ideas or suggestions that could help them build a better product, feel free to slide in their DM’s on twitter.