Use open source tools and network intelligence to help organizations with attack surface discovery and identification of security vulnerabilities.
Attack Surface Discovery
Identification of an organization's vulnerabilities is an impossible task without tactical intelligence on the network footprint. By combining open source intelligence with the world's best open source security scanning tools, we enable your attack surface discovery.
With the ability for Internet assets to be deployed in seconds, the attack surface is more dynamic and ever-growing. This very fact makes mapping your external network footprint a hard problem. We aim to provide solutions to solve this problem. Start with our tools for domain and IP address data, then pivot to mapping the exposure with hosted open source vulnerability scanners.
You need more than one vulnerability scanning tool. No vulnerability scanner will detect all the vulnerabilities across all your network assets. By combining a number of different types of vulnerability scanners, you can get a more accurate picture of your vulnerability exposure.
Our hosted vulnerability scanners are trusted open source tools used around the world by thousands of security professionals.
Experience and Trust
In Security, there is no silver bullet. You cannot buy a service or product and say "Well that's it. Job done!". Security takes work and an understanding of the tools and resources at your disposal. By intelligently applying tools and knowledge, you can develop an accurate assessment of your vulnerability exposure.
With 20 years experience in information security, I have seen my share of vendor presentations that promise to solve all the problems. Simply buy the box and plug it in. Look at the flashing lights and cool dashboard! Well actually....
Working in Red (Penetration Testing) and Blue Team (Security Analyst) roles, for both corporate and Federal Government I developed several security solutions based around open source tools. In 2007, taking my understanding of the value in open source security tools, I hosted an Online Nmap Scan. That was the beginning.
Since then, HackerTarget.com has grown with a remote team operating from three continents and servers in London, New York, and Canberra. We provide enterprises, both large and small, with tactical security reporting. Actionable information that lets an organization find security holes.
Frequently Asked Questions
What are the Advantages of Hosted Vulnerability Scanners?
There are a number of advantages, here are the top three straight from our customers feedback.
1. The hosted scanners can scan your Internet systems from the attackers perspective. This allows you to get an accurate picture of your exposure and to eliminate false positives / and false negatives.
2. No software needs to be maintained or installed, saving your operations staff time. There are not many operations teams who could not do with some more time.
3. Wide range of tools to cover a range of threats. An adversary will utilise a variety of attack paths when focusing in on your organisation. By offering a range of tools, we enable the client to enhance security awareness and posture across the attack surface.
What's with the name?
The name Hacker Target comes from the fact that everyone is a target. It does not matter if you are a small profile organisation, or do not store credit cards on your systems. Attacks can be targeted at your organisation or you may be merely a target of opportunity.
Either way, if you have systems on the Internet you will be attacked.
How much does it cost?
Different plans are available. Higher end plans are able to use all features and scan a large number of Internet facing assets. Check out the membership plans for more details. For those who need to send more packets, look at Enterprise Plans.
What IP address ranges do your scanners use?
If you wish to look for incoming scans in your log files, or perhaps white list our scanners in your intrusion detection / prevention device / firewall, use the following IP address lists.
I detected an unauthorized scan of my host. Who do I call?
Use the contact form to provide details. We will work with you to block any offending users, investigate the transaction, and conduct an investigation for any illegal activities or misuse. In fact, most instances of suspicious scanning we have investigated ended up being a test by a system administrator or developer who did not let the security team know!!
We do not spam. In fact, we even dislike vendor spam, so by using our services you can be assured that we will not sell your address or spam you with daily offers.
Scan results are archived locally in the office, in an encrypted container for analysis in the event of an abuse report. They are kept for at least 6 months.