Announcing VPN Hunter
Today, we're excited to announce the public launch of VPN Hunter!
VPN Hunter is a service that discovers and classifies the VPNs and other remote access services of any organization. Given only an organization's domain name (eg. msu.edu), VPN Hunter can find a wide range of remote access services associated with that organization, such as:
- SSL VPNs: VPN Hunter will seek out SSL VPNs from vendors including Juniper, Cisco, Palo Alto, Citrix, Fortinet, F5, SonicWALL, Barracuda, Microsoft, and Array.
- Remote Access: VPN Hunter will also discover other remote access services including IPsec, PPTP, OpenVPN, RDP, and SSH.
- Email Portals: VPN Hunter will find a handful of web-based email portals including Outlook Web App, Gmail, and Zimbra.
- Generic Login Sites: VPN Hunter can also discover in-house web apps and other generic login sites that aren't tied to a particular third-party vendor or product.
While VPN Hunter's underlying techniques aren't particularly sophisticated, we hope it will raise awareness of how exposed many organizations' services are to the public Internet. Keep in mind that the automated capabilities of VPN Hunter are a tiny fraction of the reconnaissance effort that a determined attacker would put into "casing" your organization.
With the pleasantries out of the way, feel free to go try out VPN Hunter on your own at www.vpnhunter.com or check out one of the following example results:
- Results for juniper.net: two Juniper SSL VPNs, Outlook Web App, and a generic login site.
- Results for msu.edu: a Juniper SSL VPN, SSH remote access, and a generic login site.
- Results for paloaltonetworks.com: Humorously enough, Palo Alto Networks appears to use Juniper's SSL VPN (their competitor).