Featured reads
Security Research
Security research and analysis with Netlas.io
white paper
Fast one-shot passive recon script with Netlas.io
blog post
How to find online cameras with Netlas.io?
blog post
Threat hunting
Non-intrusive security assessment
OSINT investigations
Reputation scoring
Security analysis
Security of IoT and Industrial devices
Vulnerable devices search
Uncover shadow IT and phishing threats
Attack surface identification
3-4 times per year
Please, sign in to manage newsletter subscription
Please, sign in to manage newsletter subscription
Important updates, sales and promos
1-2 posts per week
Newest CVE, featured search queries
updates and announcements
updates and announcements
Connect
Swagger UI
Handy web tool for testing Netlas API
Tools
Official Python SDK and command line utility
Netlas SDK
Netlas Blog
In-depth features overview & case studies
Netlas Cookbook
An ultimate guide on how to make the most of Netlas.io
Scripts & Code Samples
Useful scripts to create you own automations
Learn
Featured queries
Search queries for IoT, routers, IP cameras & more
Documentation
Netlas usage, API specification, SDK & CLI installation
Netlas For security analysis
Non-intrusive security assessment
with Netlas.io
Explore any infrastructure without any interaction with it.
The main advantage of non-intrusive scanning is complete safety. Netlas scans only opened to the world resources and does not attempt to perform actions beyond what the system is designed for.
Non-intrusive scanning
Netlas is a non-intrusive scanner. This means that during the scanning process, Netlas does not attempt to perform actions beyond what the system is designed for. In other words, there are no attempts at authorizations, password guessing, or any non-standard requests.
The main consequence of this approach is the ability to scan the entire Internet. Any resource discovered by Netlas is exposed to the world.
The main consequence of this approach is the ability to scan the entire Internet. Any resource discovered by Netlas is exposed to the world.
Security assessment by non-intrusive scanning
Therefore, by using Netlas, you can perform security analysis on any information system. The beauty of it is that you do not even need permission since you are not interacting directly with the object of analysis; you are only utilizing the already-gathered data.
For example, you can conduct additional security checks on potential business partners before sharing confidential company data with them. To do this, you can identify the attack surface of the business partner and perform a security analysis: ensuring the absence of critical vulnerabilities, verifying that the software is updated regularly, and confirming adherence to the principle of minimizing the attack surface—meaning critical services and unnecessary information are not exposed publicly.
Netlas uses a passive vulnerability detection method. This means that Netlas assumes the presence of a vulnerability based on the software version only.
This method has two significant limitations that should be understood:
- Netlas labels vulnerabilities only when the product and its version identified by response content.
- There are a number of false positives (reporting a vulnerability as present when in fact none exists). Sometimes these vulnerabilities have already been resolved by configuration settings, sometimes by back door updates that may have been done.
Get your free Netlas.io account!
Sign up to get up to 50 requests/day for free.
Related articles