HackerTarget.com began in 2007 as a project that would enable people to test firewalls externally with an online port scanner. Since those early days the site has developed into a complete vulnerability scanning solution; offering an easy and convenient way to access a range of powerful open source security tools.
By utilizing hosted security testing tools, organisations are able to test their Internet perimeter and servers from an external perspective. Many organisations have firewalls or intrusion prevention devices that make testing of the perimeter from an internal system ineffective and prone to errors. More accurate results are possible by probing from the perspective of actual attackers (ie. from the Internet).
Not everyone who runs a website or Internet connected hosts can afford a dedicated network security team. HackerTarget.com scanners assist in the assessment of perimeter firewalls, websites and Internet servers. In addition they can be used to validate results from commercial vulnerability testing products.
Everyone is a Target
The name HackerTarget comes from the fact that everyone really is a target. It does not matter that you are a small profile organisation, or you do not store credit cards on your systems. Attacks may be targeted at your organisation or you may be merely a target of opportunity.
Here are some examples of what your system could be used for if it was compromised:
Spam – acting as relays for millions of unsolicited emails, spammers are not just pests they can be costly, chewing through your bandwidth, damaging your reputation and disrupting your email communications when you end up getting blacklisted.
Storage – illegal software, music, video and images will result in a disruption of your services, costly bandwidth and potential for damaging legal issues when the source gets traced back to a computer you own or manage.
Distribution of malware – After compromising your host it is common for it to be used to host exploits on your web server, this means the server you own or manage is being used to compromise other hosts. This can result in blacklisting of your website by Google and other serious consequences for your business.
As a jump point – direct attacks against other systems on the Internet. Tracing the origin of an attack will reveal that the attack came from an IP address under your control.
Data Harvesting – direct attacks against your host to collect customer records, credit card numbers or membership details. Sql injection is a popular method for this as the vulnerability provides direct access to the database.
Frequently Asked Questions
How much does it cost?
In the past we offered all Automated Scans for Free, however due to on-going abuse by a very small number of users, access to some of the more intrusive scans has been restricted to full members of the site. Basic Membership is available for a small fee ($19 lifetime membership). The scans are not particularly disruptive to a server, however some of them are noisy and can set off alarms on Intrusion Detection Systems and raise alerts in security log aware organisations.
What IP address ranges do your scanners use?
If you wish to look for incoming scans in your log files or perhaps white list our scanners in your intrusion detection / prevention devices use the following networks.
A note on the hacker / cracker definition
We are fully aware of the debate around the definition of the word hacker, in reality it is an easily recognized word that has come to mean breaking into computers. Clearly the services we provide are to aid in protection against “Blackhat” attackers, crackers and criminals.
I detected an unauthorized scan of my host / site!!
Please use the contact form to provide details. We will work with you to block any offending users, investigate the transaction and conduct an investigation for any illegal activities or misuse. In fact most instances of suspicious scanning we have investigated ended up being a test by a system administrator or developer who did not let the security team know!!
We do not spam. In fact we even dislike vendor spam, so by using our services you can be assured that we will not sell your address or spam you with daily offers.
Scan results are stored locally in the office, in an encrypted container for analysis in the event of an abuse report. They are kept for at least 6 months.