External Network Asset Discovery and Vulnerability Scans
This is a list of OSINT (Open Source Intelligence) tools which will quickly give you an awareness of your cybersecurity risk profile. I put this list together when someone said they were quoted $40,000 for security analysis, and wondered if they had other options, so I compiled this list.
Basic Attack Surface Discovery
This part is what you can do for free and will give you detailed information about existing vulnerabilities and possible breach vectors.
Run queries at the following websites, to gain a sense of what your network looks like from the outside.
Collect all ip addresses, get into a spreadsheet if there are many, take notes.
Free Vulnerability Scan:
This remarkably broad and deep Vulnerability Scan (it uses dozens of open source projects to collect information in a wide variety of ways)
- https://www.spiderfoot.net/ (create a free account, run a 1-hr scan)
"Have I Been Pwned" can provide helpful information in some cases:
- https://haveibeenpwned.com/ (Use "domain search" to see if emails on your domain have been hacked; if found, change passwords on email accounts)
Search Shodan for each domainname/IP:
Deeper Scans (these typically have a cost)
https://hackertarget.com/openvas-scan/ and https://hackertarget.com/scan-membership/ ($240/Year, actually a good deal for all the tools they make available, but OpenVAS is all you need at the quick-scan level.)
https://pentest-tools.com/network-vulnerability-scanning/network-security-scanner-online-openvas (lightweight scans free, otherwise around $110/Month, you can use a single month)
https://www.spiderfoot.net/ ($79-$2399) (create a freelancer or business account, run deeper scans). Note, you can create free account at otx.alienvault.com. Immediately after sign-in, look for "API" menu item and get your API key, which you can enter in to Spiderfoot to increase its search access.
Spiderfoot also provides an excellent list of other tools to look into, there are dozens of such tools available so it can be overwhelming til you find good reviews like this: https://www.spiderfoot.net/top-5-osint-sources-for-threat-intelligence/