====== Passive Vulerability Detection ======

In Kaduu we use a passive vulnerability detection approach. Passive Vulnerability Detection and Active Vulnerability Detection are two methods used to identify security vulnerabilities in a network or system.

  * Passive Vulnerability Detection is a method of identifying vulnerabilities without actively interacting with the system or network being tested. This is typically done by analyzing system logs, network traffic, or other passively generated data. In case of Kaduu we query databases in the deep web that may contain data on the target. The advantage of passive vulnerability detection is that it doesn't disrupt the normal operation of the system and can be done without the target's knowledge. However, passive detection may miss some vulnerabilities that can only be detected through active interaction with the system.

  * Active Vulnerability Detection, on the other hand, involves actively interacting with the system or network being tested to identify vulnerabilities. This typically involves running scans, probes, or penetration tests to identify potential security weaknesses. The advantage of active vulnerability detection is that it can provide a more comprehensive view of the system's vulnerabilities and can help confirm the findings from passive detection. However, active vulnerability detection can be disruptive to the system's normal operation and may require prior permission from the target.

===== How to use this feature? =====

For the infrastructure search we need the domain (example.com and not www.example.com) as input. You can't search for IP's or other elements, because based on the domain we first find out via databases, which subdomains all belong to the main domain. We get data from Dnsdumpster, Shodan but also Certificate transparency logs. We thus recreate the infrastructure as a hacker will see it, without performing active scans. For all elements found, we then search the deep web again to see if any information about open ports or vulnerabilities can be found. Again, no scans take place.


===== How do we present the data? =====

For every host we find we do a reverse DNS lookup and query databases like Shodan in order to find information about open ports, used applications or vulnerabilities (CVE).

{{::ext-data.png?800|}}