Platform

WHAT IS HACKNOID?

Hacknoid is a computer security tool used to keep the degree of exposure to cybersecurity threats under control and avoid their potential consequences.
Through a comprehensive approach, which covers internal and external attacks, Hacknoid acts proactively by detecting vulnerabilities in the IT area, in order to avoid information leaks, identity theft, unauthorized access, website manipulation, and enable open doors to intruders.
The detection and classification of vulnerabilities allows alerting on time and providing an efficient guide for the resolution of problems according to their size, thus strengthening business continuity and enabling integration with an information security management system.
This solution provides real-time and continuous network scanning. The scans can be performed according to different depths and regularities.

The dynamic results can be viewed in various reports (such as OWASP Top 10, PCI compliance, etc.) and friendly formats (through an intuitive dashboard), and in languages intended for differentiated technical and managerial profiles.

DASHBOARD

Hacknoid has a responsive dashboard composed of widgets that display alert groups in order to visualize the security landscape of the institution from the point of view that the user chooses.

There are group widgets that allow a flexible distribution of alerts for the user so that he/she can group components according to some useful logic for him/her, as well as the scanning modules (type of granular scans) that he/she wants to apply to that group of components.

The report of these widgets is cataloged according to the criticality of the alerts (High, Medium, Low and Informative), so that the user is able to navigate through them for more information, as in the previous widgets.

widget1
widgets  view(Dashboard 
widget2
PROCESSES VIEW
widget3
SCANNING AND SCHEDULE MANAGEMENT
widget4
TICKETS MANAGEMENT

TECHNICAL FEATURES

Detection and discovery of networks, segments, routes, IP addresses, gateways or groups of any of them (including other groups)
• Smart quick search.
• Detection by interfaces, routes and others.
• Comprehensive search, surfing all ranges of private networks.

Change detection, new hosts, new ports, banner change or MAC
• Supports ranges and subnets
• Dynamic and static addressing
• Configuration inheritance

Possibility of defining for each segment, equipment or range:
• Auto detection
• Management of dynamic or static addresses.
• Host tracking form (IP, MAC or name)
• Added to the trust base
• Location inheritance
• Name

At the host level, the following information is detected and displayed:
• Name
• IP
• Mac
• Open ports
• Applications and versions in each port
• Banners
• Vulnerabilities
• Default passwords
• Factory settings
• Weak configurations

The scans are programmable, the following characteristics can be modified:
• Frequency in minutes, hours, days, weeks, months
• Groups to which it applies
• Start and end date
• System module to apply

On active directories detected the following tracking is done:
• Individual users
• Individual equipment
• Administrators
• Inactive users
• Blocked users
• Inactive equipment
• Total users
• Total equipment
• Password quality
• Password Policy

Alerts are generated when changes are detected in any of these parameters:
• Number of administrators
• Inactive users and equipment
• Weak passwords
• Alerts on established thresholds

Hacknoid has two active directory widgets. The first shows the total alerts on an active directory as well as other disaggregated data such as:
Changes in administrators
Number of vulnerable users according to the strength of their passwords
Change in thresholds: the threshold is a variable that is configured in the system to show just when it is exceeded, on the changes that occur at the active directory level (this will depend largely on what the organization considers an “excessive or suspicious movement” in normal parameters)

The second widget monitors and graphically displays changes in 4 groups that are selected in the widget configuration section and which can be:
• Number of Groups in the AD
• Total number of users in AD
• Number of admin users in AD
• Number of DNS servers.
• Domain controllers
• Disabled users
• Users with “password does not expire”
• Users without a defined password

  • DOMAIN MODULES
    • Add and monitor equipment by name
    • Tracking type A (IPv4), AAAA (IPv6), MX (mail), SOA and TXT DNS records
    • Change detection in DNS records associated with equipment
    • Change detection in network domains
    • Relationship between equipment monitored by Hacknoid and related domains
    • History and changes in addressing to non-network equipment or outside the institution (eg: mydomain.com records can lead to other equipment that would allow you to send mails @mydomain.com or provide fraudulent web pages as if it were the institution from servers outside of it)

The Web analysis module performs the following checks:
• Existence of security incidents according to international CVE database
• Default passwords
• Trivial passwords based on public information and dictionaries
• Files, directories, web pages and default settings
• Obsolete, insecure or outdated versions of Microsoft Internet Information Services and ASP.Net
• Obsolete, insecure, or outdated versions of Apache, PHP and Python
• Obsolete versions of OpenSSL vulnerable to heartbleed, renegotiated SSL, etc.
• Secure connections with TLSv1 onwards and data encryption with strong encryption greater than 256 bits
• Expired SSL certificates
• SSL certificates signing and certifying authorities reliability
• HTTP headers and infrastructure information revealing
• HTML forms with plain text submission
• HTML forms without data type checking or control characters escaping
• Vulnerable HTML forms to blind SQL Injection
• User sessions and cookies security
• Enumeration of web server users
• Public listing of web server directories
• Discovery of hidden or insecure addresses (ex: administration panels)
• Tracking published content in search of sensitive information: documents, names, addresses and infrastructure information using full navigation engines (including javascript execution) that allow obtaining the same information that an attacker would see using a conventional web browser, including the saved screenshots as evidence
• Existence of mechanisms and blocks against password guessing attempts in login forms (presence of protection and proper operation of intrusion detection)
• Existence of server response to undefined HTTP methods that allow HTTP authentication (HTTP ByPass vulnerabilities) to be skipped
• HTTP TRACE and TRACK debugging methods enabled
• User revealing, file structure and private directories through FPD (Full Path Disclosure) vulnerabilities
• Existence of files belonging to version development and control stages (git, svn, mercurial, etc.)
• Pages vulnerable to XSS (Cross Site Scripting) direct and reflected (XSS level 1 and XSS level 2)
• Addresses vulnerable to CSRF/XSRF (Cross Site Request Forgery)
• Absence of protection in HTTP headers of web applications against malicious uses and fraud through click theft (Clickjacking)
• Defacing attack detection (where an attacker changes the code of one site to show another)

Hacknoid has three web vulnerability widgets that display different types of alerts.
The first shows alerts such as:
• Empty passwords on devices
• Known passwords based on dictionary
• Open web services exposed in standard ports
• Directories published without access control

The second shows alerts that warn about:
• Permission to enter empty passwords in data entry forms
• Search for known or trivial passwords
• Form manipulation
• Alerting on forms sending sensitive information (eg passwords) without encryption

The last widget shows alerts such as:
• URL address where the specific vulnerability is located.
• Mishandling of cookies in sessions that would allow obtaining user data stored in them
• Headers, protocols, encryption systems, certificates, etc. review
• Applications, configuration problems, directory listings, CGI, XSS, SQL Injection, etc. review

  • Alertas por contraseñas predeterminadas.
  • Alertas por contraseñas triviales.
  • Alertas si la base de datos permite potencialmente la ejecución de comandos.
  • Soporta Oracle Database (8.x, 9.x, 10.x, 11.x y 12.x en todas sus versiones)
  • Soporta PostgreSQL 8.x y 9.x en todas sus versiones
  • Soporta MySQL 3.x, 4.x y 5.x en todas sus versiones
  • Soporta MariaDB 5.x en todas sus versiones
  • Soporta Microsoft SQL Server (2000, 2005, 2008, 2008R2, 2012, 2014) en todas sus versiones
  • Permite ver datos de la base como fabricante, versión y puerto donde atiende
  • Control de horas de acceso de usuarios de bases de datos
  • Control de altas y bajas de usuarios de base de datos

• Availability
• Secure connections and data encryption with TLSv1.0 onwards
• TLS negotiation status on plain text connections
• TLS renegotiated vulnerabilities
• Default configurations vulnerable and exploitable by spambots
• Existence of DNS records of the SPF type used to verify the authenticity of the origin during the sending of emails and to avoid identity theft
• Presence of the server in international spam lists

CONFIGURATION
• In this panel we can:
• Configure application parameters
• Create, edit or delete objects
• Configure and see the operation of the modules

DOWNLOAD OUR BROCHURE