Identify and automate custom tests against your attack surface

Keep tabs on what your organization exposes to the internet and implement arbitrary assertions about your applications and infrastructure.

# Only web ports should be exposed

def scan_module(ip, port, domain, info):
    web_ports = [80, 443]

    if port not in web_ports:
        return False

    return True
          
# Only bastion hosts should expose SSH

def scan_module(ip, port, domain, info):
    allowed_hosts = [
        'bastion1.example.com',
        'bastion2.example.com'
    ]

    if port == 22 or 'ssh' in info.lower():
        if domain not in allowed_hosts:
            return False

    return True
          
# /admin should return 401
import requests

def scan_module(ip, port, domain, info):
    status = requests.get(
        'https://' + domain + '/admin', timeout=2
    ).status_code

    if status != 401:
        print(f"Domain {domain} returned status {status}")
        return False

    return True
          
# Validate CSP
import requests

def scan_module(ip, port, domain, info):
    r = requests.get(
        'https://' + domain + '/admin', timeout=2
    )

    csp = r.headers.get('Content-Security-Policy')

    if not csp:
        return False

    desired_script_src = "script-src strict-dynamic 'unsafe-inline' http: https: 'self' 'nonce-"

    return desired_script_src in csp
          
#

Attack Surface Monitoring

Radara is a modern attack surface monitoring service that emphasizes ease of use and flexibility to meet your needs.

  • Automate custom tests against your internet-facing infrastructure
  • Continuous network scanning by IP range or domain
  • Subdomain enumeration
  • Full scans of all ports

Ultimate Flexibility

Unlike out-of-the-box vulnerability scanners that aren't tailored to your unique applications and infrastructure, Radara supports custom scanning and alerting logic expressed in Python.

  • Monitor for deviations from your unique security policies
  • Spot misconfigured infrastructure
  • Catch bug regressions
  • Easily carve out exceptions
code
neurology

Intelligent Alerting

Get all the information you need, and none of the information you don't. Radara minimizes alert fatigue so you can focus on what matters.

  • Email alerts
  • Weekly status summaries
  • Mute alerts for specific domains
  • Ignore superfluous changes

Questions?

We'd love to hear from you! You can reach us at hello@radara.io