The external scan, in simple terms
The external scan is a preventive tool created by Stoïk and made available to all policyholder throught Stoïk Protect. It aims to identify vulnerabilities in the company's information system through an automated and weekly analysis of its external surface, visible to everyone on the Internet and the darknet.
The external scan is non-intrusive and focuses only on the company's external infrastructure accessible to all – much like a thief checking from the street whether the front door of a house is open or the alarm is poorly configured. It employs the same techniques as cyber attackers, which makes it highly effective.
The external scan, technically
The external scan uses the company's domain name to estimate its attack surface, searching for everything within its external perimeter.
The domain name represents the company's public identity on the Internet, including domains, subdomains, associated IP addresses, and various services. In practical terms, these are all the paths through which a malicious hacker might attempt to gain entry.
The external scan then conducts an audit to identify technical vulnerabilities, aiming to discover them before they can be exploited. It also examines other external information, such as Internet reputation or the presence of data leaks related to the main domain name.
Finally, it detects vulnerabilities by connecting to the CVE database and performs port scans to check if certain ports are open. If a vulnerability is identified, it is displayed on the "Infrastructure" tab of your Stoïk Protect platform.
The external scan is built on an aggregation of open-source tools, with the main ones being Shodan, Nucleus, Censys, and Sublist3r. For its operation, the scan makes a significant number of queries from an AWS IP range located in Ireland once a week, during the night from Friday to Saturday.