product updates

SecurityTrails Blog · Nov 18 · by Esteban Borges

Announcing New Features in Attack Surface Reduction

Reading time: 3 minutes
Listen to this article

Today we are happy to introduce the new Explorer Tab for ASR. This new version redefines the concept of asset exploration, providing even more detailed information about any of your digital assets, to help you perform attack surface data analysis in a much better way.

Look for the new ‘Explorer’ tab

Take a look at all the new and exciting capabilities included within this upgraded version of our ASR Explorer.

This release contains several improvements, including:

  • Better visual web app identification with the use of home page screenshots

  • Extended infrastructure detection capabilities such as WAF detection and Backend Technology mapping, and more!

ASR Explorer new features

If this summary is as exciting for you as it is for us, please join us in the following sections where we briefly showcase each of the most interesting new features ready for you to test!

Technology Detection

This new version includes access to Technology detection, particularly important concerning backend technologies running on the remote host, along with their versions.

Backend technology with version

This new analysis feature helps you build a technology profile, showing you what websites are built with, such as CMS, application servers, frameworks, e-commerce platforms, Javascript libraries, and much more, as you can see from the above screenshot.

Screenshots

In a separate tab, to the right of the host list, you’ll find a ‘Screenshots’ option. This new feature allows you to visualize screenshots of all assets in an extensive way, as shown here:

Visualize screenshots

Additionally, it’s also possible to see the different screenshots by looking at the Explorer tab’s main dashboard and hovering over the listed open ports highlighted with a white sheet. Once that’s done, a screenshot snippet will appear next to the position of your pointer, which will provide you with a home page visual preview.

Main dashboard

WAF Detection

WAF Detection helps security researchers during the application discovery and software identification phase and serves well to keep an eye on how many of your assets do or do not have any WAF to protect them.

WAF Detection

Which WAFs can be detected?

ASR can detect almost any kind of WAF—and just to mention some of the more popular ones, they include: Cloudfront, Cloudflare, AWS Elastic Load Balancer, CacheWall, Incapsula, Kona Site Defender, DOSarrest, Zenedge, BIG-IP Local Traffic Manager, NetScaler AppFirewall, Wordfence, and many other commercial and generic WAFs.

Summary

With these new features in ASR Explorer, organizations can gain even more visibility over the status of their digital assets in a quick and centralized manner, covering previous asset data from our original ‘Explorer’ version while adding new and critical information about server technologies and software versions, as well as useful crawling details.

Take advantage of this bold new infosec feature—get a clear picture of all your assets and begin securing your IT infrastructure as quickly as possible, request access to ASR today.

Esteban Borges Blog Author
ESTEBAN BORGES

Esteban is a seasoned security researcher and cybersecurity specialist with over 15 years of experience. Since joining SecurityTrails in 2017 he’s been our go-to for technical server security and source intelligence info.