Welcome to Kaduu Wiki. Kaduu is a SaaS based platform offering Darknet & Deep Web monitoring. You can find more information about the product here https://kaduu.io. Please find below technical articles about our various features. If you have any questions, please contact support@kaduu.io.

In today's interconnected world, organizations are prime targets for cyberattacks, with phishing and malware attacks being among the most prevalent. Early detection is key, and our Threat Intelligence Product enables precisely that.\\

Cyber attackers often employ strategies like typo squatting, a tactic where they register domains that closely resemble legitimate ones. An example would be an attacker targeting a bank and registering a domain like 'www.bannkofexample.com'. At a quick glance, your customers or employees might not spot the difference, thus falling prey to the attacker's tactics.\\

That's where our Threat Intelligence Product steps in. It vigilantly monitors all new global domain registrations for similarities to your own. This proactive approach helps identify potential threats at their genesis, allowing you to thwart an attack before it materializes.\\

However, attackers can be crafty, often embedding your organization's name within a subdomain or a directory. For instance, they might use URLs like 'www.randomsite.com/yourbankname' or 'yourbankname.fakesite.org'. Such subtle incorporations are designed to exploit human oversight and amplify the attacker's success rate.

Our product enhances your defense by not only tracking domain registrations but also by monitoring SSL Transparency logs, allowing you to also detect your domain name within the subdomain part of a malicious URL. SSL Transparency logs are public records maintained by SSL providers detailing each SSL certificate issued. Scrutinizing these logs aids in unmasking potential hidden threats lurking in the subdomains.\\

Further fortifying your cyber defense, our product integrates information from resources like PhishTank, OpenPhish and similar sources. These repositories maintain a global database of URLs reported for phishing or disseminating malware, allowing us to also detect your company or brand name within a directory of a URL.

By amalgamating these varied sources of intelligence, our product provides you with comprehensive, real-time visibility into potential cyber threats.

• Domain Database Search
• Domain Info Lookup
• Creating alerts based on your search

• Domain Live Typosquatting Search

• Certificate Monitoring

• Phish Feed Monitoring

• Social Media Spoofing

• App Spoofing

This feature addresses a significant and often overlooked cyber risk: sensitive data leakage. In numerous instances, developers and freelancers inadvertently deposit sensitive configurations, test data, and code into public repositories that can be anonymously accessed. This can potentially include critical data such as usernames, passwords, API keys, client details, and proprietary information about your internal infrastructure.

Such exposure of sensitive data puts your organization at a heightened risk of targeted cyber attacks. Opportunistic hackers can easily scour these public repositories, acquiring valuable data that can be exploited to compromise your systems.

In addition, our product also protects against the threats lurking within specialized search engines like Shodan. These platforms often expose details about potentially unsecured servers, shadow IT, and vulnerabilities within your applications.

In essence, this module provides a robust solution to safeguard your organization against sensitive data leakage and targeted cyber threats, enhancing your overall cybersecurity resilience

• Code Monitoring

Code Monitoring: Kaduu allows you to capture search terms and check their publication on publicly available Github, SourceForge, GoogleCode and other repositories. If there is a match, we publish the result with the corresponding link and allow you to automate the analysis of the results. Kaduu connects to the code sharing platforms once per day for each keyword. Any code sharing server can introduce a number of security risks for an organization, including:

Data leakage: If an organization uses a code sharing software to store sensitive data, such as source code, login credentials, or customer data, there is a risk that this data may be accidentally leaked through a misconfigured repository or a compromised account.

Insider threats: If an organization uses a code sharing softwareto collaborate on projects, there is a risk that an employee or contractor may intentionally or accidentally cause a data breach, for example by committing sensitive information to a public repository.

Third-party risks: If an organization uses a code sharing software to collaborate with third-party vendors or open-source contributors, there is a risk that a malicious actor may use this access to gain unauthorized access to an organization's data or systems.

Malicious code injection: If an organization uses a code sharing software to manage their software development, there is a risk that a malicious actor may inject malicious code into the repository, which can then be executed on the organizations systems.

Phishing and Social engineering: code sharing servers are widely used for software development and many developers are active on it. Hackers may use phishing and social engineering tactics to gain access to organization's sensitive information.

Compromised dependencies: If an organization uses open-source libraries, they may be unknowingly importing a compromised dependency into their codebase.

Google Dork Monitoring: Google hacking, a

Sensitive information: Google hacking can be used to search for sensitive information such as credit card numbers, social security numbers, and login credentials that may have been accidentally exposed on a website.

Vulnerable files and directories: Advanced operators can be used to search for specific file types, such as .php or .asp, that may indicate a vulnerability in a website's code.

Misconfigured servers: Google hacking can be used to search for servers that have been misconfigured, such as those that have directory listing enabled, which can reveal sensitive information about the server and its contents.

Backdoors: Google hacking can be used to search for backdoors, which are small programs that can be used to gain unauthorized access to a system.

Open ports: Google hacking can be used to search for open ports on a network, which can indicate a vulnerability that can be exploited by attackers.

Exposed databases: Google hacking can also be used to search for exposed databases, which can contain sensitive information such as customer data, financial information, etc

• Bucket Monitoring
• Public IP's and passive Vulnerability Monitoring
• Paste & Git Monitoring
• Google Dork Monitoring
• URL Shortener Monitoring

• E-Mail Monitoring

• Hacker Forum Search - Surface Web
• Telegram Hacker Channel Search
• Discord Hacker Channel Search
• Live Search
• Social Media Search

• Leak Search
• Create Bookmarks

• Credit Card Search

• Bot Search

• Ransomware Site Monitoring

COMPARE THE DATA

• Benchmarks
• Trends

——–

ALERTS

• Creating Alerts
• Splunk Integration

ACCESS & EXPORT DATA

• Export to CSV, XML etc
• Create MS-Word based report (.Docx)
• API

SETUP OPTIONS

• Asset Manager

GENERAL TOPICS

• How do we find the data in Kaduu
• How to download complete leak files
• Can you search for more than one keyword at the same time
• Simple vs Expert Mode