Shadowspot™ — Attack Surface Management
Shadowspot is CyberXTron's External Attack Surface Management (EASM) product. It continuously discovers and monitors your internet-facing assets, identifying exposures, misconfigurations, and vulnerabilities before attackers do — surfacing each finding as an actionable incident.
What Shadowspot Discovers
Starting from your seed assets (domains, IP ranges, ASNs), Shadowspot maps your entire external-facing footprint:
| Asset Type | Examples |
|---|---|
| Subdomains | All subdomains under your registered domains |
| IP addresses | All IPs resolving to or associated with your assets |
| Open ports & services | Web servers, databases, SSH, RDP, and more |
| Web technologies | Frameworks, CMSs, CDNs, and server software |
| Cloud resources | Exposed S3 buckets, GCS, Azure Blob, cloud APIs |
| SSL/TLS certificates | Certificate inventory, expiry tracking, weak configs |
What Gets Detected
Shadowspot raises incidents for:
- Exposed sensitive services — Databases, admin panels, development environments accessible from the internet
- Subdomain takeovers — Subdomains pointing to deleted or misconfigured cloud resources
- Expired or weak SSL certificates — Certificates expiring within 30 days, or using deprecated protocols (TLS 1.0/1.1, weak ciphers)
- Cloud storage misconfigurations — Publicly accessible storage buckets containing sensitive data
- Known CVEs on discovered software — Software versions with publicly known exploits
- Default credentials — Services accessible with default username/password combinations
- New asset changes — Previously unseen assets that appear in your attack surface
- Open redirects and CORS misconfigurations — Web-layer security issues on discovered endpoints
How It Works
- You configure seed assets (domains, IP ranges) in your Shadowspot workspace
- Shadowspot continuously discovers all assets associated with your seeds
- Each discovered asset is probed for exposures and vulnerabilities
- Findings are validated and enriched with context and severity scores
- Incidents are created in the CyberXTron platform for each confirmed finding
- Your attack surface is re-scanned continuously for changes
Incidents
Every Shadowspot finding is surfaced as an incident containing:
- Asset — The specific host, URL, or resource affected
- Finding type — What was discovered (e.g., exposed service, subdomain takeover, CVE)
- Severity — Based on exploitability and potential impact
- Evidence — Proof of the exposure
- Remediation guidance — Specific steps to address the finding
→ Working with Shadowspot Incidents
Continuous Monitoring
Shadowspot doesn't just scan once — it monitors continuously:
- New assets are detected as your infrastructure evolves
- Resolved findings are verified as actually remediated
- Asset changes (new open ports, changed technologies) are tracked
- Alerts are raised for any new exposures on previously monitored assets