Ashwin Ramaswami
Ashwin Ramaswami
Better understand which vulnerabilities we have are actually useful / important to notify, and which ones are just false positives or not very severe. Potentially use this list (https://us-cert.cisa.gov/ncas/alerts/aa21-209a) for...
Our elasticsearch sync works fine for most cases, except for the case in which a domain is deleted. In this case, we need to store a record of this deletion...
Right now, we have to wait for a censys scan / port scan to verify that ports 443 / 80 are open, before running wappalyzer / intrigue / web scraping....
https://github.com/smicallef/spiderfoot - make a spreadsheet for each data source, include if API key required, maybe list if it is useful to crossfeed / priority (P1/P2/P3)
Improving the user interface to allow analysts to filter out common vulnerabilities at low risk of exploitation, such as certain vulnerabilities in PHP. For example, users could be able to...
For domain discovery and open ports Not sure if we'll do this
Right now, wappalyzer is only run on the home page of the domain. We should run it on every webpage that is scraped through our webscraper scan.
Potentially use tools such as https://github.com/stanford-esrg/stratosphere
- Initially, this scan should just pull the data from dnstwist, lookingglass, and hibp
Normally, the submenu looks like this:  Below 1024px width, though, it looks like this:  There is no way to access the submenu (the "menu" tab only has the...