WisQuas

WisQuas™ - Digital Footprint Discovery & Asset Analysis Crawler

Why limit your Vulnerability Assessments and Penetration Testing efforts to a single or even handful of systems during an engagement when you can analyze the entire domain and all of its assets. Perform an all-in-one Threat Landscape Assessment, Vulnerability & Misconfiguration Scan, Digital Footprint & Inventory, and OSINT Investigation, with WisQuas.

Improve your Time To Remediation (TTR), with WisQuas, and next level Digital Footprint Discovery and Asset Analysis Crawling.

How does it work?

WisQuas will perform the following functions around a provided domain name:

Resolve hostnames to IP addresses

Perform ASN lookup on IP address to provide ownership info and geo/location info
Perform subdomain enumeration and lookups
Perform WHOIS lookup on domain name
Reverse look-ups are performed on all WHOIS attributes
Reputation and classification look-ups are performed on all subdomains and IP addresses
Inventory and storage performed on all received headers, cookies, and meta-data (no content/request data is stored)
Original URL request is ‘base-lined’ to be compared to all other requests
Tactical fuzzing and enumeration across entire domain performed to generate unique errors and reveal layered web services
Inspection of robots.txt file if available
Enumerate through possible HTTP Verbs
Perform Host Header Manipulation to detect additional accessible containers
Catalog and store all digital assets in searchable database.

View WisQuas

Building a haystack of Digital Inventory for further analysis

RQL is Lucene based, with some additional custom search parameters and scoring methods (more info below) to increase likelihood of retrieving legitimate findings versus false positive findings. Our goal is to decrease noise-to-signal ratio, and increase the amount of actionable intelligence provided by WisQuas.