darknet_and_deepweb_risk_score
Differences
This shows you the differences between two versions of the page.
| — |
darknet_and_deepweb_risk_score [2025/04/14 11:28] (current) kaduuwikiadmin created |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ===== What is the Darknet Risk Score? ===== | ||
| + | The Darknet Risk Score is a comprehensive, | ||
| + | |||
| + | The score reflects the overall security posture of the organization from the perspective of a threat actor — providing key insights into: | ||
| + | |||
| + | * Credential exposure and password hygiene | ||
| + | * Infrastructure leaks and attack surface risks | ||
| + | * Employee and third-party behavior with private or external services | ||
| + | * Trends in breach frequency over time | ||
| + | * Presence of vulnerable or poorly configured systems | ||
| + | |||
| + | This score is particularly valuable for CISOs, red teams, cyber insurers, and third-party risk auditors seeking to understand external exposure beyond the traditional perimeter. | ||
| + | |||
| + | |||
| + | ===== How Does It Work? ===== | ||
| + | |||
| + | The risk scoring process can be caluclated in the new dahsboard or initiated via API. We created a {{ ::main.zip |sample script}} to assist you in automation of the calculation. | ||
| + | |||
| + | **1. Authentication** | ||
| + | The script logs into the LeakCenter API using valid API credentials to receive an access token for all subsequent requests. | ||
| + | |||
| + | **2. Company Registration** | ||
| + | The script checks whether the target domain (e.g. example.com) is already registered: | ||
| + | If yes: It reuses the existing company entry. | ||
| + | If no: It creates a new entry using the domain, company size, country, and industry. | ||
| + | |||
| + | **3. Passive and Active Enumeration** | ||
| + | Once the company is set: | ||
| + | * The system begins querying a wide variety of deepweb and darknet sources. | ||
| + | * Leaks are extracted using domain-matching logic, email correlation, | ||
| + | * Several technical risk metrics are evaluated ({{ :: | ||
| + | |||
| + | **4. Asynchronous Scoring Engine** | ||
| + | Once data collection is triggered: | ||
| + | * The backend asynchronously processes terabytes of threat intelligence, | ||
| + | * Each of the 9+ defined risk metrics (e.g. leak volume vs size, password strength, sensitive subdomains, exposed ports) is scored independently. | ||
| + | * These component scores are then weighted and normalized into a composite risk score. | ||
| + | |||
| + | **5. Polling & Final Report** | ||
| + | The script polls the API endpoint every hour until all component scores are marked as complete. | ||
| + | ⚠️ Note: Due to the heavy backend workload and scan complexity, the complete risk score generation **can take up to 48 hours.** | ||
| + | |||
| + | Once ready, the full report is downloaded as a JSON or text file. | ||
darknet_and_deepweb_risk_score.txt · Last modified: 2025/04/14 11:28 by kaduuwikiadmin
Page Tools
