Consider supporting the Cybersecurity Operations Center at The University of Texas at Austin.
orange line art of robot head thinking

Find High-Risk Vulnerabilities in your Web Applications

    1. Free for Education, State/Local Government, Non-Profits

      UT Austin Information Security Office’s Dorkbot service identifies risky pages using public data, verifies the problem and reports it in real-time.

      Over 2,400 educational institutions, state/local government agencies and other non-profits from 7 continents (and 205 countries) are served by Dorkbot.

      Web application attacks are the #1 source of data breaches.

      These exploits are caused by web application vulnerabilities such as SQLi, XSS, LFI, and RFI which collectively account for 9.1% of incidents and 18.6% of breached records1. SQLi and XSS in particular are preferred attack vectors by hackers2. For example, in recent years notable SQLi data breaches have varied from massive credit card breaches, large scale targeted attacks against universities and government agencies, as well as election related web servers and databases.


      Say hello to Dorkbot.

      Dorkbot automates the discovery and verification of web application vulnerabilities across entire domains at scale. Specifically, Dorkbot hunts for SQLi, XSS, and other less common vulnerabilities, leveraging search engine cache and other public sources of indexed sites. Once identified vulnerabilities are verified, notices with remediation instructions are automatically sent to your security inbox and you'll receive a monthly summary report of our activities. Since its launch over 2 years ago, Dorkbot coverage has grown to over 2,400 institutions including 99% of the largest doctoral research institutions in the US, 100% of all US HBCUs and most all top institutions of higher education across 205 countries.


      These articles have also been written about Dorkbot:

      EDUCAUSE (Feb-2019)

      Austin American Statesman (May-2019)


      1. Verizon Data Breach Investigation Report (DBIR) 2018   //   2. The 2019 Hacker Report by hackerone


      Dorkbot will automatically detect, verify and report on these vulnerabilities: 

      Code Injection | Cross Site Scripting (XSS) | OS Command Injection | Path Traversal | Remote File Inclusion / Local File Inclusion | SQL Injection (SQLi) | XPath Injection

      Years In Service
      Unique Institutions Served
      Verified Vulnerabilities Reported

      Interested In Dorkbot?

      Dorkbot Inquiry
      Specify which top level domains you would like subscribed for your organization (e.g., foo.edu).

      We offer an assortment of information security software and services created and engineered for higher education institutions and enterprises.

      Learn More