Over 2,000 educational institutions, state/local government agencies and other non-profits from 7 continents (and 205 countries) are served by Dorkbot.
Web application attacks are the #1 source of data breaches.
These exploits are caused by web application vulnerabilities such as SQLi, XSS, LFI, and RFI which collectively account for 9.1% of incidents and 18.6% of breached records1. SQLi and XSS in particular are preferred attack vectors by hackers2. For example, in recent years notable SQLi data breaches have varied from massive credit card breaches, large scale targeted attacks against universities and government agencies, as well as election related web servers and databases.
Say hello to Dorkbot.
Dorkbot automates the discovery and verification of web application vulnerabilities across entire domains at scale. Specifically, Dorkbot hunts for SQLi, XSS, and other less common vulnerabilities, leveraging search engine cache and other public sources of indexed sites. Once identified vulnerabilities are verified, notices with remediation instructions are automatically sent to your security inbox and you'll receive a monthly summary report of our activities. Since its launch over 2 years ago, Dorkbot coverage has grown to over 1,750 institutions including 99% of the largest doctoral research institutions in the US, 100% of all US HBCUs and most all top institutions of higher education across 165 countries.
These articles have also been written about Dorkbot:
1. Verizon Data Breach Investigation Report (DBIR) 2018 // 2. The 2019 Hacker Report by hackerone
Dorkbot will automatically detect, verify and report on these vulnerabilities:
Code Injection | Cross Site Scripting (XSS) | OS Command Injection | Path Traversal | Remote File Inclusion / Local File Inclusion | SQL Injection (SQLi) | XPath Injection