Change Monitoring:

Change Monitoring is an important feature provided by VTMScan. We scan every page of the website to detect any changes. Every change and percentage with the respective URLs are monitored throughout the website. Here we first create a snapshot of all the web pages and then scan each & every page for changes and report the irregularities found. This feature helps website owners to check whether there are any changes being done on the website without their concern or if these are just illegitimate changes. In content change monitoring VTMScan provides three features viz, Content change monitoring, Image Change Monitoring, and Visual change monitoring.

Malware Scan Website defacement check:

Website defacement is an attack on a website that changes the visual appearance of the site or a webpage.

• Forceful redirect injection test.
• Scans JavaScript code snippets against generic signatures: Checks for JavaScript's deprecated and vulnerable functions like eval, base64_decode, char etc. Checks for iframes.
• A special algorithm was developed to detect JavaScript Obfuscation: Obfuscation converts vulnerable codes into an unreadable format.
• Malware Monitoring primarily focuses on detecting- JavaScript, iframe & Defaced keywords. JavaScript is scanned for malicious code. The site is also scanned for deface keywords like- 'hacked by', 'compromised', etc.

Phishing:

Protect your customers and safeguard your website and web application with VTMScan.

• Find similar-looking domains.
• URL hijacking - The URL hijacking can be similar to the victim's website address (e.g. esds.co.in): and also it may be of the following types -
  • A common misspelling or foreign language spelling. E.g., site: eads.com
  • Misspelling is like a typographical error. E.g. - site: essd.com
  • Swapping letters within the name Eg- site: essd.com
  • Different domain names. E.g., site: esds.org
  • Corporate intelligence.
  • Homoglyph advances phishing attack detection.
  • Punycode phishing attack detection.

CMS Scan:

Protect your customers and safeguard your website and web application with VTMScan.

• Very few scanners provide this feature.
• Detect WordPress, Joomla, Vbulletin, and Drupal.
• Scan Themes, Plug-ins and unprotected admin area.
• User enumeration.
• Brut forcing for simple password detection.
• FPD - File Path Disclosure scanning.
• Detect CMS in all directories

Domain Reputation Check:

Domain reputation in Google, SURBL, Malware Patrol, Clean-Mx, Phishtank, Sorbs, SpamCop, Abusech, Isc.

VTMScan checks whether your domain is listed in these databases - Google, SURBL, Malware Patrol, Clean MX, PhishTank, Sorbs, SpamCop, Abusech, and Isc.These organizations have databases that store IP addresses and domains extracted for malware, spamming, and phishing activities.

Mail server IP Check in 58 RBL repositories:

RBL (Real-time Blackhole Lists) have IP addresses whose owners refuse to stop the growth of spam. RBL lists various server IP addresses from multiple ISPs (Internet Service Providers) whose users are responsible for spam. RBL also lists those ISPs whose servers are hijacked for spam relay. VTMScan checks the mail server IPs in 58 such RBL repositories.

Robust Link Crawling:

Link crawling is a process of capturing all the web pages (their URLs) present on the website. It helps us understand how many web pages are on our website and what these pages are related to. The website owner can also cross-check whether these pages are legitimate or not.

VTMScan does the following things:

• Crawls links from web pages, robots.txt, iframes, hacker's favourite search engines, directory indexes, and directory traversals.
• Detect WordPress, Joomla, Vbulletin, and Drupal.
• Check admin and directory busters.
• Directory access check.

Banner Grabbing:

Banner grabbing is a collection of Information related to your websites, such as web server information, header information and open ports. Banner grabbing is a technique used to gain Information about a computer system on a network and the services running on its open ports. An intruder can use banner grabbing in order to find network hosts that are running versions of applications and operating systems with known exploits.

VTMScan checks for the following things:

• Port scanning
• OS detection
• WAF detection
• Sub Domain Listing

SSL Scan:

VTMScan checks for SSL Poodle, BEAST, CRIME, Heartbleed, DROWN, SSL grade check, SSL Certificate check etc.

In SSL Check, the following areas are checked:

• NULL Cipher used or less than 128 bits.
• Domain uses an invalid security certificate.
• Domain uses an expired security certificate.
• Domain uses a security certificate which expires today (EOD).

Local File Inclusion (LFI):

Local File Inclusion (LFI) is a process where a file or a script is injected on a server through a web browser which allows local directory traversals and characters to be injected if the page is not sanitized. This attack leads to sensitive information disclosure.

Remote File Inclusion (RFI):

Remote File Inclusion (RFI) is an attack which looks for vulnerabilities in a web application to include a remote file through a script on the web browser. The perpetrator wants to exploit the functions in an application to upload malware from a different domain.

Data Leak:

The new feature of Data Leak has been introduced. Data Leak is the unapproved transmission of data from an organization to an external destination.VTMScan checks whether the data breach has occurred or not and displays it in the form of a proper list under page source. These are informative alerts provided by VTMScan.

DMARC Inspector:

VTMScan DMARC inspector does the following things-

• It validates DMARC and SPF records and checks for email spoofing is possible or not.
• Validates DKIM records.
• Email Spoof Checking: Email spoofing is the creation of email messages with a forged sender address. VTMScan email spoof checker checks whether emails can be spoofed or not.

Security Audit:

VTMScan Page content Scan does the following things-

• Information disclosure: VTMScan checks whether sensitive Information has been disclosed on the URL or not. Sensitive Information can be anything like IP addresses, emails, numbers etc. VTMScan checks for such Information on the complete site and brings it to your attention.
• View State checker: To decrease the chance of someone's interference the data is stored within the ViewState, it is an excellent plan to encrypt the ViewState. The target web application doesn't utilize encryption on ViewState data. VTMScan identifies ViewState and checks whether the encrypted ViewState is strong or weak.
• Subdomain Takeover: VTMScan analyses the domains to see if any of them is linked to external services or not. Host phishing pages, send phishing emails from the legitimate domain, and harvest login credentials.
• Port Monitoring: VTMScan checks for open and closed ports of the website and gives alerts to users in reports.
• Data Leak: The new feature of Data Leak has been introduced. Data Leak is the unapproved transmission of data from an organization to an external destination. VTMScan checks whether the data breach has occurred or not and displays it in the form of a proper list under page source. These are informative alerts provided by VTMScan.
• Command Injection: The purpose of a command injection attack is to execute arbitrary commands on the host operating system using a vulnerable application. Such vulnerable URLs are detected by VTMScan, which prevents command injection attacks.

Back To Home