February holds a lot of new features we implemented in the last week. And here I’d like to give a warm welcome to the news.

Discovery

  • Advanced subdomain search
  • IP address evaluation
  • Cryptominer detection
  • RESTful(er) urls
  • Performance Improvements

Nimbusec Website Monitoring

  • False Positive Action
  • Webhook Notifications
  • Performance Improvements

Discovery

Advanced Subdomain Search

Nimbusec Discovery aims to find all related websites worldwide, based on the input of a single domain of your company. Therefore we also query search engines to detect subdomains of domains, which are not visible through traditional registries.

As imaginable, this is a very resource hungry task. But we managed to boost performance here to check any discovered domain also through search engines for probably existing subdomains.

First tests showed us an increase of qualitative valid results of 33% to 50%.

IP Address Evaluation

This feature was implemented from the beginning. But starting with using proxies, the results were misleading, wrong or via https simply not reachable. We now implemented a method to

  1. get the real IP addresses
  2. without generating additional requests to the web server
  3. and therefore without getting blocked by firewalls, proxies, …
[![](/content/images/2018/02/Bildschirmfoto-2018-02-16-um-08.04.47.png?resize=848%2C580&ssl=1)](/content/images/2018/02/Bildschirmfoto-2018-02-16-um-08.04.47.png?ssl=1)
See IP address when clicking on a domain in report overview.
[![](/content/images/2018/02/ip-address-analysis.png?resize=848%2C621&ssl=1)](/content/images/2018/02/ip-address-analysis.png?ssl=1)
Analyse IP address via domain analysis page.
### Detecting Cryptominer

Cryptocurrencies are the main spoken thing 2017, and will be even more in the news 2018 (my honest personal opinion). There are many ways to get to the digital gold – and one of them is to place mining scripts across many vulnerable websites. We put effort into it and are now able to detect crypto mining scripts on websites via Discovery and Nimbusec Website Monitoring.

Altough it will be a yellow warning. The reason is, that there are also legal uses of crypto mining scripts on websites. e.g. a newspaper or blogger can ask the readers spend some cpu power for mining while reading the posts. But it is not very nice to mine without the knowledge of the user and further without knowledge of the website owner.

RESTful URLs and Performance Improvements

We redesigned the URL mapping to fit more the standard of REST (http://www.restapitutorial.com/lessons/restfulresourcenaming.html). It is not that big deal for the common user, but we care about architecture and are always open to make our software more simple, understandable and maintainable.

About performance: When starting a new discovery for domains, there is a lot to do for our service bots. And that led to the fact, that in the beginning of a report the user encountered a frozen state of the page. Our loading bar now got to know more loading states and as a result there will be more moving parts. So you always know that the service is still alive and results will be flowing fast.

Nimbusec Website Monitoring

So before we heard a lot about Discovery, but what about our continuous monitoring? We have been busy too for our very first step into website security. What happened so far:

False Positive Action

Upon a few user requests we finally decided to remove this feature because it is more confusing as helping. A useful workaround is to use the ignore action now.

What it does: If we encounter e.g. an outdated Apache web server on your systems, but you don’t care, because it is not an issue for you, you can hide the result and further findings by just ignoring it FOR THAT SPECIFIC DOMAIN. The false positive action did hide the issue for ALL DOMAINS ACCOUNTWIDE.

So if it comes to hide an issue for an account, it will be more work to do, but you can be sure to catch the right issues.

Webhook Notifications

That’s a feature I am really very excited about. It was already possible to get notified by mail or text message before. And Discovery had already the option to send notifications to a so called webhook (e.g. Slack). Now Nimbusec Website Monitoring can do this as well.

[![](/content/images/2018/02/wsm-webhooks.png?resize=848%2C580&ssl=1)](/content/images/2018/02/wsm-webhooks.png?ssl=1)
Add a webhook like you do with normal notifications under settings.
As easy as it is to setup you’ll probably need a little more information about this. So we have also updated our **Knowledge Base** ([https://kb.nimbusec.com/Integrations/Nimbusec-Webhooks](https://kb.nimbusec.com/Integrations/Nimbusec-Webhooks)).

And as I said Discovery already understood how to send to webhook we have an updated article for that as well: KB: Discovery Webhooks.

Performance Improvements

That were the main big things to speak of. Under the hood we optimized some algorithms and made analysis faster. Which means even more domains can be scanned and analysed at a time. We have now fully migrated to Docker for our main services which is really great from a developers and ops perspective.

Also we had some issues with the Docker Swarm networking – and according to our research I can’t believe we were the only ones. But that’s another tech chat.

That’s it for the feature release february. Of course we release more often, but from time to time I care and collect all the cool stuff which happened and present it here.

Have a nice one 🦄☕😀