Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Document Platform Exposure

Document Platform Exposure

Section titled “Document Platform Exposure”

6 automated security scanners

Airtable Database Exposure

Section titled “Airtable Database Exposure”

Purpose: The Airtable Database Exposure Scanner is designed to identify potential vulnerabilities in the exposure of Airtable databases through web reconnaissance. It performs a comprehensive analysis by examining DNS records, HTTP responses, TLS configurations, and open ports to detect misconfigurations that could lead to unauthorized access or data leakage.

What It Detects:

  • Insecure DNS Records: The scanner checks for missing SPF, MX, NS, CAA, and DMARC records which are crucial for email security and domain authorization.
  • Missing or Weak Security Headers: It evaluates the presence of secure headers such as Strict-Transport-Security (HSTS), Content-Security-Policy (CSP), X-Frame-Options, and X-Content-Type-Options to enhance web application security.
  • Vulnerable TLS/SSL Configurations: The scanner identifies outdated TLS versions like TLSv1.0 and TLSv1.1, as well as weak cipher suites that use RC4, DES, or MD5 ciphers. It also ensures the use of more secure protocols such as TLSv1.2 and TLSv1.3.
  • Open Ports and Services: By scanning for open ports and identifying running services, it helps in detecting misconfigurations that could be exploited.
  • Airtable-Specific Indicators: The scanner searches for patterns indicative of exposed Airtable base URLs or API endpoints and checks for the accidental exposure of API keys related to Airtable in public repositories.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com). This is essential for performing DNS record, HTTP security header, TLS configuration, port scanning, and Airtable-specific checks.

Business Impact: Unauthorized access to sensitive data stored in Airtable databases can lead to significant financial losses, legal penalties, and damage to reputation. Properly configuring DNS records, securing HTTP headers, maintaining robust TLS configurations, and managing API keys securely is crucial for protecting digital assets.

Risk Levels:

  • Critical: Conditions that directly lead to unauthorized access or the exposure of sensitive data without proper authentication mechanisms in place.
  • High: Conditions where weak security practices could be exploited by attackers, potentially leading to significant risks if not mitigated promptly.
  • Medium: Conditions where improvements in configuration and management would significantly enhance overall security posture but do not pose an immediate threat.
  • Low: Informal or non-critical findings that may indicate a need for better documentation or awareness rather than an urgent risk.
  • Info: General information about the system’s DNS, network configurations, which does not directly affect security but could be useful for ongoing management and improvement.

Example Findings:

  1. A domain with no SPF record configured poses a critical risk as it makes email authentication impossible, potentially allowing unauthorized senders to spoof the domain.
  2. An application exposing sensitive data through an API without proper HTTPS encryption or secure headers could be considered high-risk due to the potential for data leakage and unauthorized access.

Notion Confluence Page Exposure

Section titled “Notion Confluence Page Exposure”

Purpose: The Notion Confluence Page Exposure Scanner is designed to identify potential exposure of Notion and Confluence pages via web reconnaissance, ensuring that sensitive information remains secure and inaccessible over the internet.

What It Detects:

  • Security Headers Analysis: Checks for the presence of critical security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options.
  • TLS/SSL Inspection: Identifies outdated or insecure TLS versions (e.g., TLSv1.0, TLSv1.1) and detects weak cipher suites and protocols like RC4, DES, and MD5.
  • DNS Record Analysis: Examines TXT, MX, NS, CAA, and DMARC records for misconfigurations or missing security settings, particularly looking for SPF records that allow open relaying (v=spf1.*[+\-~?]all).
  • HTTP Content Analysis: Scans for redirects to unauthorized domains and checks for sensitive information in page content.
  • Port and Service Fingerprinting: Conducts port scanning to identify open ports that may indicate exposed services, performing service fingerprinting to determine the software running on identified ports.

Inputs Required:

  • domain (string): The primary domain to analyze (e.g., acme.com).

Business Impact: This scanner is crucial for organizations managing Notion and Confluence instances that may contain sensitive information. It helps in identifying misconfigurations that could lead to unauthorized access, data leakage, or compliance violations.

Risk Levels:

  • Critical: Exposure of critical security headers like Strict-Transport-Security missing or improperly configured.
  • High: Use of outdated TLS versions (e.g., TLSv1.0, TLSv1.1) and weak cipher suites/protocols.
  • Medium: Misconfigurations in DNS records such as SPF records allowing open relaying.
  • Low: Presence of unauthorized redirects or accidental exposure of sensitive information in HTTP content.
  • Info: Open ports that may not be required for the service but could indicate potential misconfiguration.

Example Findings:

  1. A Notion page is found to be accessible over HTTPS without the Strict-Transport-Security header, posing a critical risk of data interception.
  2. An outdated TLS version (TLSv1.0) and weak cipher suite (RC4-SHA) are detected on a Confluence instance, indicating a high risk of security vulnerabilities.

Miro Whiteboard Tool Exposure

Section titled “Miro Whiteboard Tool Exposure”

Purpose: The Miro Whiteboard Tool Exposure Scanner is designed to assess the potential exposure of Miro whiteboard tools through web reconnaissance by analyzing DNS records, HTTP security headers, TLS configurations, and open ports. This tool helps in evaluating the security posture of domains related to Miro whiteboard usage.

What It Detects:

  • Security Headers Analysis: Checks for critical security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options.
  • TLS Configuration Issues: Identifies outdated or insecure TLS protocols like TLSv1.0 and TLSv1.1, and detects weak cipher suites such as RC4, DES, and MD5.
  • DNS Record Analysis: Examines TXT, MX, NS, CAA, and DMARC records for potential misconfigurations or missing security settings, including specific patterns in SPF, DKIM, and DMARC records.
  • HTTP Content Analysis: Analyzes HTTP responses for redirects that may lead to insecure endpoints and checks for the presence of Miro whiteboard tool-related content or links in the HTML body.
  • Open Ports and Services: Scans common ports (e.g., 80, 443) for open services that might be related to Miro whiteboard tools, attempting service fingerprinting to identify any exposed services.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com).

Business Impact: Assessing the security posture of domains related to Miro whiteboard usage is crucial for ensuring that sensitive collaboration tools are not exposed to insecure configurations, which could lead to unauthorized access and potential data breaches.

Risk Levels:

  • Critical: Conditions where outdated or missing critical security headers (e.g., Strict-Transport-Security) are present.
  • High: Conditions where insecure TLS protocols (TLSv1.0, TLSv1.1) or weak cipher suites (e.g., RC4, DES, MD5) are detected.
  • Medium: Conditions where misconfigurations in DNS records, such as missing or incorrect SPF, DKIM, or DMARC settings, may indicate potential security vulnerabilities.
  • Low: Informal findings related to the presence of Miro whiteboard tool-related content or links in HTTP responses.
  • Info: General informational findings about open ports and services that might be related to Miro whiteboard tools but do not directly impact security criticality.

Example Findings:

  1. A domain has missing Strict-Transport-Security header, which could lead to potential man-in-the-middle attacks.
  2. An outdated TLS protocol (TLSv1.0) and weak cipher suite (RC4) are detected on the target domain, indicating a high risk of security vulnerabilities.

Figma Design Tool Exposure

Section titled “Figma Design Tool Exposure”

Purpose: The Figma Design Tool Exposure Scanner is designed to identify potential exposure of the Figma design tool via web reconnaissance by analyzing DNS records, HTTP headers, TLS configurations, and open ports. This helps in detecting if sensitive design files are inadvertently accessible over the internet.

What It Detects:

  • DNS Records Analysis: Checks for specific TXT, MX, NS, CAA, and DMARC records that might indicate Figma usage or misconfigurations.
  • HTTP Headers Analysis: Examines security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options to ensure proper security configurations.
  • TLS/SSL Inspection: Examines SSL/TLS certificates for outdated protocols (TLSv1.0, TLSv1.1) and weak cipher suites (RC4, DES, MD5).
  • Port Scanning: Scans common ports to detect if Figma-related services or files are exposed.
  • API Analysis: Checks for any publicly accessible API endpoints that could expose Figma design data.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)

Business Impact: This scanner is crucial as it helps in identifying potential security vulnerabilities related to the exposure of sensitive design files from the Figma tool over the internet, which could lead to unauthorized access and data泄露.

Risk Levels:

  • Critical: Conditions where specific TXT or MX records indicate Figma usage, leading to significant risk of data leakage.
  • High: Presence of outdated TLS protocols (TLSv1.0, TLSv1.1) or weak cipher suites (RC4, DES, MD5), indicating inadequate security measures.
  • Medium: Misconfigurations in DNS records that might expose Figma-related data.
  • Low: Minor misconfigurations in HTTP headers or open ports not directly related to Figma usage.
  • Info: Informal findings regarding potential exposure through APIs but no concrete evidence of sensitive data leakage.

Example Findings:

  1. A domain with a specific TXT record indicating Figma integration might be flagged as critical, as it poses a high risk of exposing design files.
  2. An open port on the server hosting the Figma tool could be identified as medium severity if it is not properly secured, potentially allowing unauthorized access to sensitive information.

Office 365 Leakage

Section titled “Office 365 Leakage”

Purpose: The Office 365 Leakage Scanner is designed to identify potential data security risks within an organization’s Office 365 environment by detecting public document sharing, excessive permissions, and exposure of sensitive content. This tool aims to ensure compliance with data protection regulations and maintain the confidentiality of organizational information.

What It Detects:

  • Public Document Sharing: Identifies documents shared publicly via links that are accessible without authentication, specifically checking for URLs hosted on sharepoint.com or onedrive.com.
  • Excessive Permissions: Scans for users and groups with overly broad permissions on critical documents, which can lead to unauthorized access and data leakage.
  • Sensitive Content Exposure: Searches for sensitive information in publicly accessible documents using predefined regex patterns that capture potential data leaks such as social security numbers, credit card details, and confidential business information.

Inputs Required:

  • domain (string): The primary domain to analyze, which serves as the entry point for scanning within the Office 365 environment.

Business Impact: Ensuring that sensitive information is not exposed publicly can significantly reduce the risk of data breaches and legal liabilities. Compliance with regulations such as GDPR, HIPAA, and others mandates protection of personal and confidential business data.

Risk Levels:

  • Critical: Identifies public document sharing without authentication mechanisms, which poses a high risk of unauthorized access to sensitive information.
  • High: Detection of excessive permissions that allow editing by external parties, increasing the exposure of critical documents to potential misuse.
  • Medium: Exposure of sensitive content in publicly accessible documents, though not as severe as critical or high risks, it still represents a significant security concern.
  • Low: Issues related to SSL/TLS configurations and missing HTTP security headers are considered low risk if they do not directly impact the confidentiality and integrity of data.
  • Info: Informational findings regarding TLS/SSL issues that may require further investigation but currently pose no immediate threat to data security.

Example Findings:

  • A publicly accessible SharePoint site without authentication, potentially exposing sensitive documents.
  • An excessive permission setting allowing external users to edit critical company reports, which could lead to unauthorized disclosure of proprietary information.

Google Docs Leakage

Section titled “Google Docs Leakage”

Purpose: The Google Docs Leakage Scanner is designed to identify potential leaks of Google Docs via web reconnaissance by analyzing DNS records, HTTP responses, and TLS configurations to detect unauthorized access points.

What It Detects:

  • Unsecured Google Doc Links in Web Content: Scans web pages for publicly accessible Google Doc links that may indicate data leakage.
  • DNS TXT Records with Sensitive Information: Checks DNS TXT records for any embedded sensitive information or misconfigurations.
  • MX and NS Record Misconfigurations: Analyzes MX (Mail Exchange) and NS (Name Server) records to detect potential misconfigurations that could lead to data leakage.
  • Insecure HTTP Responses: Examines HTTP responses for missing security headers or insecure configurations.
  • Weak TLS/SSL Configurations: Inspects TLS/SSL certificates and cipher suites to identify outdated protocols and weak encryption methods.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)

Business Impact: Identifying potential leaks of Google Docs via web reconnaissance is crucial for maintaining the confidentiality, integrity, and availability of sensitive information stored in Google Docs. This helps organizations prevent unauthorized access and data leakage that could lead to significant security breaches and compliance issues.

Risk Levels:

  • Critical: Conditions where there are clear indications of potential data leakage through unsecured Google Doc links or misconfigured DNS TXT records.
  • High: Conditions where public exposure of sensitive information is possible due to insecure HTTP responses or weak TLS/SSL configurations.
  • Medium: Conditions where minor misconfigurations in DNS settings might not directly lead to data leakage but could indicate a higher risk profile for future vulnerabilities.
  • Low: Informal findings that do not pose significant security risks but may benefit from improvement in overall network configuration and management practices.
  • Info: General information about the domain, such as its presence on the internet without clear indications of sensitive data exposure or misconfigurations.

Example Findings:

  1. A web page contains a publicly accessible link to a Google Doc that should not be publically accessible.
  2. DNS TXT records for example.com contain information that could compromise security, such as outdated SPF records.
  3. The domain uses weak TLS versions or cipher suites that are susceptible to attacks, indicating inadequate encryption practices.
  4. Insecure HTTP responses lack essential security headers like Strict-Transport-Security, which can lead to data leakage over unencrypted connections.
  5. Misconfigured MX and NS records might indicate a higher risk of unauthorized access due to mismanagement in email or domain name resolution settings.