External Web Applications Discovery with Shodan and ImmuniWeb®
How many external websites, applications and (sub)domains does your company have? Compare free application discovery service by Shodan and ImmuniWeb® Discovery.
Vulnerable applications represent a huge risk for companies and organizations. One single abandoned subdomain, running an outdated WordPress installation, may open a door to successful APT attack against your company and compromise your digital crown jewels.
Shadow IT is one of the biggest sources of data breaches according to Gartner. In many companies, in-house and external developers unwittingly expose internal or applications in development (e.g. test environment) to the Internet, often with sensitive data and easily exploitable vulnerabilities. Many companies don’t even know how many of their applications are currently exposed to the Internet, let alone how (in)secure they are.
Cybercriminals on their turn run continuous monitoring for new apps and vulnerabilities. Once a public vulnerability appears for your CMS or CRM accessible from the outside, bad guys will start probing to exploit the flaw and takeover your web server. Worse, many cyber gangs will even patch the vulnerability to prevent their “competitors” from getting in.
Impending GDPR enforcement requires a comprehensive inventory and protection of Personally Identifiable Information (PII) that your company stores or process via a great wealth of intertwined applications, APIs and Web Services. This task becomes virtually impossible if you don’t have a comprehensive and up2date list of your web and mobile apps.
To help companies better identify and inventory their applications, we decided to compare [web] application discovery service offered by Shodan and ImmuniWeb® Discovery. Both services are available for free and provide commercial subscription for some extra options.
Being a reputable service, Shodan is a freemium OSINT search engine to look through all your publicly exposed devices, from network servers to specific IoT devices. ImmuniWeb® Discovery is a part of ImmuniWeb Application Security Testing Platform. It leverages intelligent algorithms and OSINT big data to detect external web and mobile apps attributable to your company or organization. Additionally, ImmuniWeb Discovery uses non-intrusive techniques to fingerprint CMS on the discovered applications. For every application, ImmuniWeb Discovery also assesses TLS encryption and web server security in a non-intrusive manner.
The comparison is based on publicly available data from Shodan and ImmuniWeb Discovery. For Shodan, we had to adjust the output format and remove some superfluous results (e.g. non-applications) for the purpose of the comparison. ImmuniWeb Discovery was tested directly via the customer portal.
We took five random organizations from completely different sectors, differentiating by size, complexity and scope of their external web systems. Below are the results obtained by non-intrusive OSINT discovery run by Shodan and ImmuniWeb Discovery:
openbsd.org
Shodan Total: 5 Total active servers: 2 Total web servers: 1 Total email servers: 1 Total dns servers: 1 | ImmuniWeb Discovery Total: 112 Total active servers: 27 Total web servers: 25 Total email servers: 6 Total dns servers: 2 |
facebook.com
Shodan Total: 1882 Total active servers: 1419 Total web servers: 1416 Total email servers: 2 Total dns servers: 1 | ImmuniWeb Discovery Total: 2309 Total active servers: 1859 Total web servers: 1854 Total email servers: 4 Total dns servers: 1 |
europa.eu
Shodan Total: 613 Total active servers: 542 Total web servers: 467 Total email servers: 74 Total dns servers: 18 | ImmuniWeb Discovery Total: 3728 Total active servers: 3345 Total web servers: 3227 Total email servers: 137 Total dns servers: 42 |
forbes.com
Shodan Total: 1 Total active servers: 1 Total web servers: 0 Total email servers: 1 Total dns servers: 0 | ImmuniWeb Discovery Total: 110 Total active servers: 62 Total web servers: 61 Total email servers: 2 Total dns servers: 1 |
wwf.ch
Shodan Total: 10 Total active servers: 7 Total web servers: 5 Total email servers: 3 Total dns servers: 0 | ImmuniWeb Discovery Total: 28 Total active servers: 23 Total web servers: 23 Total email servers: 1 Total dns servers: 0 |
For the purpose of this simple exercise, ImmuniWeb Discovery has significantly outperformed Shodan both by quality and quantity of the results. Nonetheless, we are continuously working on its algorithms to make them even more efficient and intelligent to eliminate the shadow in your IT.
To try ImmuniWeb Discovery for your organization, just sign-up on the Portal and explore your web and mobile apps (yes, we do detect mobiles apps too).