Back

Third party services

Third party services

Of course we are all for responsible disclosure, and you can read more about it on our blog. So here we have listed all the third party services we use in different ways in alphabetical order and an added a short comment on why or how we use them.

Adyen

For payments we use Adyen. You can read their terms and conditions on their website.

Amazon

We use various Amazon services in Ireland, including Amazon EC2, Amazon RDS, Amazon SES and Amazon S3 to provide Detectify to you.

ARSoft.Tools.Net

We use various ARSoft.Tools.Net for DNSSEC and SPF auditing. Read more about the ARSoft.Tools.Net license here.

AWSSDK

Used for communication between internal services. Read more about the AWSSDK Apache 2.0 license here.

BouncyCastle.Crypto

We use BouncyCastle.Crypto for various cryptographic operations. Read more about the BouncyCastle.Crypto license here.

CefSharp

Chrome Embedded Framework (Cef) Bindings for .NET is made through CefSharp. Read more about the CefSharp license here.

Chrome Embedded Framework

To mimic the behaviour of Google Chrome, we use a build of CEF. Read more about the Chrome Embedded Framework license here.

Desk

Whenever you have a question for us, we will receive that question and answer it via Desk. You can find their privacy policy here and their terms of use here.

DiffLib

We use DiffLib to spot differences in the returned data for various security tests. Read more about the DiffLib license here.

Disqus

We use Disqus as the commenting service to our blog. So perhaps you want to read through their terms of service and privacy policy.

Effective TLDs

Used by registered-domain-libs (a library we use).
http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat

// ***** BEGIN LICENSE BLOCK *****
// Version: MPL 1.1/GPL 2.0/LGPL 2.1
//
// The contents of this file are subject to the Mozilla Public License Version
// 1.1 (the "License"); you may not use this file except in compliance with
// the License. You may obtain a copy of the License at
// http://www.mozilla.org/MPL/
//
// Software distributed under the License is distributed on an "AS IS" basis,
// WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
// for the specific language governing rights and limitations under the
// License.
//
// The Original Code is the Public Suffix List.
//
// The Initial Developer of the Original Code is
// Jo Hermans <jo.hermans@gmail.com>.
// Portions created by the Initial Developer are Copyright (C) 2007
// the Initial Developer. All Rights Reserved.
//
// Contributor(s):
//   Ruben Arakelyan <ruben@rubenarakelyan.com>
//   Gervase Markham <gerv@gerv.net>
//   Pamela Greene <pamg.bugs@gmail.com>
//   David Triendl <david@triendl.name>
//   Jothan Frakes <jothan@gmail.com>
//   The kind representatives of many TLD registries
//
// Alternatively, the contents of this file may be used under the terms of
// either the GNU General Public License Version 2 or later (the "GPL"), or
// the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
// in which case the provisions of the GPL or the LGPL are applicable instead
// of those above. If you wish to allow use of your version of this file only
// under the terms of either the GPL or the LGPL, and not to allow others to
// use your version of this file under the terms of the MPL, indicate your
// decision by deleting the provisions above and replace them with the notice
// and other provisions required by the GPL or the LGPL. If you do not delete
// the provisions above, a recipient may use your version of this file under
// the terms of any one of the MPL, the GPL or the LGPL.
//
// ***** END LICENSE BLOCK *****
				

ExCSS

Some security tests are specific to CSS. The service uses ExCSS to tokenize and interpret CSS. Read more about the ExCSS license here.

gearman.net

For communication with the Gearman work queue we use gearman.net. Read more about the gearman.net Simplified BSD License here.

Google AdWords

We have Google AdWords tracking on the page to optimize our advertising within the network. You can find their privacy policy here.

Google Analytics

We use Google Analytics to analyse the website traffic. To learn more about the Google Analytics terms of service you can read here. You can read more about the privacy and about safeguarding your data here.

HtmlAgilityPack

When auditing websites, Detectify handles a lot of HTML. That is partly done through HtmlAgilityPack. You can read more about the HtmlAgilityPack license here.

idna_convert

We use this to parse IDNA urls.

// {{{ license

/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
//
//
// This library is free software; you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as
// published by the Free Software Foundation; either version 2.1 of the
// License, or (at your option) any later version.
//
// This library is distributed in the hope that it will be useful, but
// WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
// USA.
//
//
// }}}


/**
* Encode/decode Internationalized Domain Names.
*
* The class allows to convert internationalized domain names
* (see RFC 3490 for details) as they can be used with various registries worldwide
* to be translated between their original (localized) form and their encoded form
* as it will be used in the DNS (Domain Name System).
*
* The class provides two public methods, encode() and decode(), which do exactly
* what you would expect them to do. You are allowed to use complete domain names,
* simple strings and complete email addresses as well. That means, that you might
* use any of the following notations:
*
* - www.nörgler.com
* - xn--nrgler-wxa
* - xn--brse-5qa.xn--knrz-1ra.info
*
* Unicode input might be given as either UTF-8 string, UCS-4 string or UCS-4 array.
* Unicode output is available in the same formats.
* You can select your preferred format via {@link set_paramter()}.
*
* ACE input and output is always expected to be ASCII.
*
* @author Matthias Sommerfeld <mso@phlylabs.de>
* @copyright 2004-2011 phlyLabs Berlin, http://phlylabs.de
* @version 0.8.0 2011-03-11
*/
				
			

MySQL

For some of our temporary storage, we use a hardened version of MySQL.

Newtonsoft.Json

We use the Newtonsoft.Json library in for parsing configuration files. Both for our own sake, but also to audit JSON endpoints and files found in the wild. You can read more about the Newtonsoft.Json license here.

RabbitMQ.Client

Parts of the internal communication is done through RabbitMQ. To leard more about the Apache 2.0 terms and conditions, click here. You can also read the RabbitMQ Mozilla Public License here.

Registered-domain-libs

We use this to get filter invalid domain names.

/*
* Calculate the effective registered domain of a fully qualified domain name.
*
* <@LICENSE>
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to you under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* </@LICENSE>
*
* Florian Sager, 25.07.2008, sager@agitos.de
*/
				
			

ShareThis

If you would like to share anything from our blog, you can use the share buttons at the end of each blog post. You can find their privacy policy here and their terms of use here.

Site Dossier

We use sitedossier.com to find additional subdomains on scanned domains.

SSH.NET

Used for connecting to endpoints running SSH/SCP. Read more about the SSH.NET license here.

SyslogNet

Logging is always needed. SyslogNet solves this. Read more about the SyslogNet license here.

VirusTotal

We use VirusTotal to find viruses and malware hosted on scanned domains. Detectify is authorized for commercial use of VirusTotal.

Wordpress

Our blogs run on WordPress and everything we publish can be found at blog.detectify.com and labs.detectify.com.

YamlDotNot

We use YamlDotNot for auditing leaked .yml and .yaml files. Read more about their license here.