Scanning and collection
CyberResilience scans all public IPv4 addresses to determine open ports and misconfigured services. Collection activities take place which involve connecting to a publically open port and performing standard protocol handshakes to attempt to identify the running service.
We will never attempt to change device configurations, access private networks, or maliciously trigger a known exploit as part of the scanning and collection process.
We will attempt to only collect security data that should be visible to any entity that attempts to connect to a particular address and port from the public internet.
CyberResilience scans a growing number of TCP and UDP services. TCP studies include HTTP(S), SMTP, SSH, FTP, IMAP, POP3, MySQL, PostgreSQL, RDP, and many more. UDP studies include NetBIOS, DNS, NTP, IKE, Kerberos, SIP, SNMP, MDNS, and quite a few others.
What Data Do We Collect?
The purpose of our project is to evaluate the security posture of internet connected systems. Therefore, the data we collect is limited to:
- TCP responses to our scanning requests including HTTP headers and the content.
- Installed versions of network exposed services, applications (e.g. Wordpress, Apache, PHP, etc.)
- Metadata about exposed services and applications: Which ports are open, what services and applications are running, identification banners, TLS certificates, publicly enabled features, etc.
- Vulnerability information for systems and services that exhibit vulnerable behavior, such as a network service behaving in a way that strongly correlates to the presence of a specific vulnerability (e.g. a Microsoft Exchange Server vulnerable to CVE-2021-26855 will return a specific header in a HTTP request which signals that the vulnerability exists).