Identify and automate custom tests against your attack surface
Keep tabs on what your organization exposes to the internet and implement arbitrary assertions about your applications and infrastructure.
# Only web ports should be exposed
def scan_module(ip, port, domain, info):
web_ports = [80, 443]
if port not in web_ports:
return False
return True
# Only bastion hosts should expose SSH
def scan_module(ip, port, domain, info):
allowed_hosts = [
'bastion1.example.com',
'bastion2.example.com'
]
if port == 22 or 'ssh' in info.lower():
if domain not in allowed_hosts:
return False
return True
# /admin should return 401
import requests
def scan_module(ip, port, domain, info):
status = requests.get(
'https://' + domain + '/admin', timeout=2
).status_code
if status != 401:
print(f"Domain {domain} returned status {status}")
return False
return True
# Validate CSP
import requests
def scan_module(ip, port, domain, info):
r = requests.get(
'https://' + domain + '/admin', timeout=2
)
csp = r.headers.get('Content-Security-Policy')
if not csp:
return False
desired_script_src = "script-src strict-dynamic 'unsafe-inline' http: https: 'self' 'nonce-"
return desired_script_src in csp
Attack Surface Monitoring
Radara is a modern attack surface monitoring service that emphasizes ease of use and flexibility to meet your needs.
- Automate custom tests against your internet-facing infrastructure
- Continuous network scanning by IP range or domain
- Subdomain enumeration
- Full scans of all ports
Ultimate Flexibility
Unlike out-of-the-box vulnerability scanners that aren't tailored to your unique applications and infrastructure, Radara supports custom scanning and alerting logic expressed in Python.
- Monitor for deviations from your unique security policies
- Spot misconfigured infrastructure
- Catch bug regressions
- Easily carve out exceptions
Intelligent Alerting
Get all the information you need, and none of the information you don't. Radara minimizes alert fatigue so you can focus on what matters.
- Email alerts
- Weekly status summaries
- Mute alerts for specific domains
- Ignore superfluous changes
Questions?
We'd love to hear from you! You can reach us at hello@radara.io