What’s New? 🚀✨
BeVigil Asset Explorer Launch
We’re excited to introduce BeVigil Asset Explorer, a powerful tool for exploring digital assets. It collects APKs from various sources, including the Play Store, third-party app stores, and user-uploaded apps on BeVigil. After scanning these APKs within BeVigil, BeVigil Asset Explorer compiles data on various digital assets, including domains, subdomains, IPs, S3 buckets, URLs, and more than 50 digital assets, which can be accessed through the search function on Asset Explorer as well as the Asset Explorer API.
BeVigil Asset Explorer
Main Features offered by BeVigil Asset Explorer:
1. Find Subdomains: Use our domain-based search to discover all subdomains associated with a domain found in mobile apps. The same information can also be extracted using the API endpoints as well.
For example, by searching for ‘google.com’ and selecting the ‘Domain’ search option, you can find the subdomains associated with it.
Finding Subdomains based on Domain Name Search
2. Find Similar Mobile Apps: Discover mobile apps that have the same domain present within the app’s source code using our domain-based search. The same information can also be extracted using the API endpoints.
For example, by searching for ‘google.com’ and selecting the ‘Domain’ search option, you can find all the metadata of mobile apps that contain ‘google.com’ in their source code.
Finding Apps based on Domain Name Search
3. Find URLs from Domain Names: Identify all URLs related to a specific domain using our domain-based search. The same information can also be extracted using the API endpoints as well.
For example, by searching for google.com and selecting the ‘Domain’ search option, you can find all URLs associated with the ‘google.com’ domain.
Finding URLs based on Domain Name Search
4. Discover Assets from Mobile Apps: Search and uncover all assets from mobile apps, including URLs, hostnames, IP addresses, emails, file paths, Firebase URLs, and S3 URLs, using package names. With our package name-based search, you can find over 50 digital assets associated with a specific domain. The same information can also be extracted using the API endpoints.
For example, by searching for ‘com.google.android.googlequicksearchbox’ and selecting the ‘Package Name’ search option, you can discover all assets related to the package name.
Finding 50+ Assets based on Package Name Search
5. Find Wordlists: Uncover comprehensive wordlists containing words extracted from various assets within a mobile app, which can help in identifying additional endpoints in web apps, REST APIs, etc. The same information can also be extracted using the API endpoints as well.
For example, by searching for com.google.android.googlequicksearchbox and selecting the ‘Package Name’ search option, you can find Wordlist parameters extracted from various URLs and API endpoints associated with a package name.
Finding Wordlist based on Package Name Search
6. Find URL Parameters: Discover all URL parameters extracted from different URLs obtained from mobile apps using our package name-based search, which can assist in creating custom wordlists. These, in turn, can help discover more endpoints in web apps, REST APIs, etc. The same information can also be extracted using the API endpoints as well.
For example, by searching for com.google.android.googlequicksearchbox and selecting the ‘Package Name’ search option, you can find URL parameters extracted from all the URLs present in mobile apps.
Finding URL Parameter based on Package Name Search
7. Find S3 buckets present in mobile apps: Discover all S3 buckets within a mobile app with our package name-based search. The same information can also be extracted using the API endpoints as well.
For example, by searching for com.moocho.pittfuel and selecting the ‘Package Name’ search option, you can find all S3 Buckets associated with the mobile app.
Finding S3 Bucket based on Package Name Search
8. Find S3 buckets from Keywords: Effortlessly discover all S3 buckets by searching for the company’s brand names and keywords, streamlining the process of identifying storage resources. With our package name-based search, you can find S3 bucket assets associated with a keyword. The same information can also be extracted using the API endpoints as well.
For example, by searching for google.com and selecting the ‘Keyword’ search option, you can find all S3 Buckets associated with the ‘google.com’ keyword.
Finding S3 Bucket based on Keyword Search
9. Internal Search: Take your search experience to the next level by utilizing the search bar in BeVigil Asset Explorer. With this functionality, you can refine your search results and further narrow down the comprehensive asset information based on your requirements.
Searching for specific Assets using the Asset Explorer Search
10. Exporting Search Results: What’s more? With BeVigil Asset Explorer, you have the added convenience of exporting all your search results to a CSV file. This feature allows you to streamline your workflow and effortlessly share crucial findings with other team members.
Exporting the Search Results in BeVigil Asset Explorer
11. Curl Command: Simplify access to your search results by copying the corresponding curl commands and easily incorporating them into your workflows.
Curl Command in the BeVigil Asset Explorer
12. BeVigil CLI: With our Command Line Interface (CLI) option, users can directly access BeVigil Asset Explorer directly from their preferred command line environment.
BeVigil Asset Explorer CLI
13. BeVigil Asset Explorer API – The BeVigil Asset Explorer search functionality is also available through an API, which can be accessed at https://osint.bevigil.com.
BeVigil Asset Explorer empowers you to efficiently sift through millions of digital assets, making it an invaluable tool for researchers, security professionals, and anyone seeking comprehensive digital asset information.
For additional information and support, please visit the BeVigil Asset Explorer page.
UI Improvements and Bug Fixes:
We’ve implemented several UI improvements to enhance the overall website performance and provide a smoother user experience. Additionally, we have resolved bugs that were causing errors, ensuring a more stable and reliable platform.
Footer Page Revamp:
Additionally, we have revamped the footer page across all BeVigil pages for a more user-friendly experience.
Footer Page Revamp in the BeVigil Asset Explorer
BeVigil Enterprise:
The BeVigil Asset Explorer is a small dataset of digital assets extracted from mobile apps where you can gain minimum visibility over your attack surface. However, our BeVigil Enterprise goes even a step further and provides a blueprint of an organization’s overall external attack surface, including the core infrastructure and software components. These are then scanned for any misconfigurations, vulnerabilities, etc., thereby preventing potential exploits or cyberattacks targeted at the organization.
BeVigil Enterprise Dashboard
BeVigil Enterprise Features and Modules:
1. Attack Surface Monitoring – CloudSEK’s comprehensive Attack Surface Monitoring (ASM) solution, BeVigil Enterprise, helps organizations detect and control risks associated with external attack surfaces, such as Network Interfaces, Web Applications, APIs, Mobile Applications, Cloud Services, etc.
2. Web App Scanner – BeVigil Enterprise Web App Scanner identifies security vulnerabilities in web applications such as Injection Attacks, Cross-Site Scripting (XSS) vulnerabilities, Cross-Site Request Forgery (CSRF) attacks, Security Misconfigurations, and many more.
3. SSL Scanner – BeVigil Enterprise SSL Scanner ensures the security of a website and its associated systems. They are used to detect and identify potential risks that may be present in the website’s SSL configuration.
4. DNS Scanner – BeVigil Enterprise DNS Scanner is an essential Module for network security. It can detect several types of web security misconfigurations including SPF and DMARC misconfigurations, subdomain takeovers associated with 50+ services, and Private IP Disclosure.
5. Mobile App Scanner – BeVigil Enterprise Mobile App scanner module can be used to identify potential security risks in mobile applications. It can detect OWASP Mobile Top 10 vulnerabilities in the applications, misconfigurations, malware, and hard-coded secrets.
6. API Scanner – BeVigil Enterprise API Scanner conducts scans, detects API endpoints, and maintains an inventory of all API services. Thus, the API scanner can identify security flaws, such as improper authentication, data exposure, and potential entry points for cyber-attacks
7. Network Scanner – BeVigil Enterprise Network Scanner automatically scans and identifies active hosts, open ports, and available services in the network. The network scanner helps administrators and security professionals gain a comprehensive view of the network’s topology and assess potential security risks.
8. Cloud Scanner – BeVigil Enterprise’s Cloud Scanner evaluates the security of cloud-based assets. It automatically scans cloud infrastructure, and S3 buckets for vulnerabilities, misconfigurations, and security risks.
9. CVE Scanner – BeVigil Enterprise’s CVE (Common Vulnerabilities and Exposures) Scanner identifies and tracks known vulnerabilities in software systems. It automatically scans and analyzes devices, applications, and systems to compare them against the CVE database, which contains a comprehensive list of publicly disclosed vulnerabilities.
For more details regarding BeVigil Enterprise, you can visit our page at https://www.cloudsek.com/bevigil-enterprise or schedule a demo using the link at https://www.cloudsek.com/request-a-demo.
In summary, our goal with this release of BeVigil is to deliver maximum value to app developers, security researchers, and organizations. We achieve this by offering a means to explore various assets using the BeVigil Asset Explorer. If you have any ideas for inclusion in our next version, please don’t hesitate to reach out to us at [email protected]