¶ Audits system
¶ What is Audits system?
In Cryeye, we have many integrated open source and licensed security software that we call audits. In the audit system, our users can manually run audit checks on their Assets.
¶ Cryeye Audits.
Cryeye Audits can be used for many different pruposes.
¶ Web audits
For example you can scan your web resource for:
- Security vulnerablities
- Malware
- Bruteforce to find weak credentials
- Enumerate users and files in network
- Check for security exploits
- Try to leak info about your Server settings
- Find subdomains and phishing domains
- Also you can run audits to get advices about Design and Usability of your web site and many others.
Here you can see example scan results of one of our Security audits.
¶ Infrastructure audits
Or users can upload and scan their Infrastructure files, for Vulnerabilities and misconfigurations.
Cryeye can scan next infrastructure:
- Docker Images, to avoid security weaknesses and incorrect settings that can be present within the images used to create Docker containers.
- Docker files, to prevent potential security issues that can arise when creating and configuring Docker images
- Terraform infrastructure, vulnerabilities and incorrect settings in which, can refer to potential security issues that can arise when provisioning and managing infrastructure using Terraform, an open-source infrastructure-as-code (IaC) tool.
- AWS CloudFormation infrastructure, vulnerabilities and incorrect settings in which, can refer to potential security issues that can occur when creating and managing infrastructure using CloudFormation, Amazon Web Services' (AWS) infrastructure-as-code (IaC) service.
- Ansible infrastructure, vulnerabilities and incorrect settings in which, can refer to potential security issues that can arise when using Ansible, an open-source automation tool, to provision and manage infrastructure.
- Helm infrastructure, vulnerabilities and incorrect settings in which, can refer to potential security issues that can arise when using Helm, a package manager for Kubernetes, to deploy and manage applications in a Kubernetes cluster.
- Kubernetes infrastructure, vulnerabilities and incorrect settings in which, refer to potential security issues that can arise when deploying and managing applications in a Kubernetes cluster.
- Azure Resource Manager (ARM), vulnerabilities and incorrect settings in which, infrastructure refer to potential security issues that can arise when using ARM to provision and manage resources in the Microsoft Azure cloud environment.
Here you can see example scan results of one of our Infrastructure audits.
¶ Mobile audits
Also users can upload and scan their Mobile application files for vulnerabilities and misconfigurations in mobile application such as:
- APK (Android Application Package) applications, vulnerabilities and incorrect settings in which, can refer to potential security issues that can arise in Android applications distributed in the form of APK files.
- IPA (iOS App Store Package) applications, vulnerabilities and incorrect settings in which, can refer to potential security issues that can arise in iOS applications distributed through the Apple App Store.
Here you can see example scan results of one of our Mobile audits.
¶ Whitebox audits
And You can use our Whitebox audits to scan source code and Github repositories to find vulnerabilities and weaknesses in development process. Whitebox audits now supports next Program languages:
Here you can see example scan results of one of our Whitebox audits.
¶ Recon Audits
Cryeye users can use our Recon Audits to crawling internet for leaked personal data which can be associated with:
- Usernames leakage refer to instances where user identifiers or usernames associated with online accounts have been exposed or made publicly accessible without the owner's consent.
- Emails leakage refer to situations where email addresses or email account data has been exposed or made publicly accessible without the account owner's consent.
- Phone numbers leakage refer to situations where individuals' phone numbers have been exposed or made publicly accessible without their consent.
- Organization information leakage refers to situations where sensitive or confidential data related to an organization has been exposed or made publicly accessible without the organization's consent or knowledge.
- Bank card numbers leakage refer to situations where the account numbers associated with debit cards or credit cards have been exposed or made publicly accessible without the cardholder's consent.
Here you can see example scan results of one of our Recon audits.
Also we have Smart contract audits to scan for Smart contract blockchains vulnerabilities.
¶ Singular and Multi audits services
In Cryeye Audits system split on two services is a Audits (singular) and Audits (multi)
¶ Audits (Singular)
In Audits (Singular) users can create projects to work with one target. This means that you can create many projects, but you can only run scans on one target per project.
For example you create Singular Url project and you can run Web audits on url, but if you need to run same Web audits to IPv4 target you need to create new Singular project with IPv4 asset.
¶ Audits (Multi)
In Audits (Multi) users can create projects to work with many targets at the same time. This means that you can create many projects, and in any of this projects you can scan many different targets in one scan.
For example in on Multi target project and you can add URL, IPv4, IPA application file, link to source code or archive, Username, Email, and others available targets. Then you can choose audits for different targets and our system autimaticly choose which audits run on target, this will depend on which purpose the audits you select are suitable for.
