Press Release - Accelerated Innovation, Seasonal Roadmaps, and Webscout Moonstone

Webscout -

The field of cybersecurity is constantly changing and so is Webscout. To keep you in the loop with our development process, we are introducing a new series of seasonal Press Release articles aimed at democratizing Webscout's feature development.

Welcome to Moonstone, the first installment of these seasonal sprints, commencing today and continuing until March 1st 2024. We invite you to familiarize yourself with our visions for Moonstone, encompassing significant enhancements, new functionalities, and major changes to the way Webscout works.

As detailed in our most recent blog post, Celebrating Growth: Reflections on Success and Where Webscout is Heading, we are thrilled to announce that we are transitioning to operate Webscout as a full-time venture. Until now, Webscout has predominantly been a side project pursued during evenings and weekends, so the transition to full-time is a massive step forward in our journey.

While the transition empowers us to convert ideas into working concepts ✨a lot✨ faster than before, it also comes with potential pitfalls such as tunnel vision and other personal biases. The last thing we want is to build a service that may not genuinely serve our users.

To address these risks and to ensure that we stay true to our mission, we pledge to forge stronger connections with our community. Not only by opening up our roadmaps in these seasonal press releases, but also by interacting a lot more on various social media and introducing bi-weekly updates to our platform.

As it stands, Webscout can only be used to answer a relatively limited set of questions related only to websites and URLs. While Webscout provides a neat overview of subdomains, email addresses (thank you IntelligenceX❤️) , hosting providers, and technologies, its functionalities and level of detail are somewhat limited when compared to web scanning services like urlscan. We want to change that. Specifically, we envision making the following changes to Webscout throughout the Moonstone season.

  • Enhanced Interactivity. All web artifacts, fingerprints, banners, and other data types will be made interactive, enabling users to pivot on almost everything in a search result.
  • Threat feed collection and augmentation. All popular cyber threat intelligence feeds will be collected in a single hub for seamless pivoting and enrichment.
  • Optimized Search Functionality. We will be reworking Webscout Lookup to deliver much faster scanning speeds, to provide more in-depth enrichment, and to accept a wider selection of input such as IP-addresses, full-text banner searches, and various web fingerprints. 

Enhanced interactivity. Firstly, we want to make Webscout a lot more interactive. The investigation and utilization of Webscout should not come to an end once a domain or URL has been scanned; it should be the beginning of a much deeper and more elaborate investigation. Every piece of information displayed in the Lookup result should be clickable and pivotable, and it should be up to you, the analyst, to determine how and with what information results should be enriched. We are currently laying the groundwork for what we hope will become tomorrow’s community platform for cyber threat intelligence sharing and internet security research. If you want to pilot this project and help shape its direction, you can sign-up here to unroll in the early beta [update October 12th: Early sign-up is currently closed for registrations - stay tuned for updates on Twitter and Linkedin].

Threat feed collection and augmentation. Secondly, we're consolidating the most reputable sources of public cyber threat intelligence feeds and information security news into one centralized location. As a community, we generate and disseminate vast amounts of valuable threat intelligence. However, much of this information goes to waste because it's dispersed across the web. Given that cyber threat intelligence typically only has a very short shelf-life, the community faces a net loss when vital data is shared on platforms that are not on our radar. To address this, we're launching a comprehensive cyber threat intelligence hub, compiling as many high-quality information sources as possible. Users will have the capability to pivot from any Indicator of Compromise (IoC) directly into our enrichment engine, view its observation history across different feeds, and trace it back to its original source, whether that's Twitter, a public MISP instance, or another platform. Naturally, all feeds will be available as RSS-like feeds and easily exportable in both STIX and JSON formats. If you are a public or private producer of cyber threat intelligence and want your feed displayed with explicit attribution to your service, please reach out to us on info@webscout.io

Optimized Search Functionality. It's high time Webscout Lookup, the search engine featured on our landing page, gets the attention it deserves. Since its launch in early spring this year, feedback has been pouring in, and we're gearing up for an update set to considerably boost its performance. Most notably, we're supercharging the bot to operate at a much faster pace by compartmentalizing all jobs that involve calls to third-party APIs. In its present configuration, a Lookup scan might occasionally take a few minutes to wrap up. This lag primarily stems from the fact that all enrichment in the current model are processed in real-time, leveraging a mixture of third-party tools and APIs of varying reliability, as illustrated in the diagram below.

Moving forward, all enrichments that depended on third-party APIs—like the subdomain discovery we conduct in partnership with Chaos and the email discovery in collaboration with IntelligenceX—will operate asynchronously in the background. What this means in practice is that when you search using Webscout Lookup, you'll receive an immediate result primarily derived from our pre-indexed data, with the exception of the web capture component. As you review your results, your search is concurrently sent to a queue for deeper API-based enrichment. Leveraging our exclusive partnerships, we aim to infuse as much valuable context and detail into your search as we can, but your searches will not take forever to complete like before. The enhanced process is delineated in the diagram below:

Besides significantly speeding up Lookup and increasing its reliance on pre-indexed data, we're expanding its search capabilities to encompass a broader range of internet data. Currently, our engine supports searches exclusively on domains and URLs, but soon you will be able to conduct advanced textual searches on elements like IP addresses, CPEs, banners, response headers, simhashes, ja3, ja4, and various other web fingerprints. Results from all searches will be enriched with information about where specific pieces of information have previously appeared on the internet. We call this “Selector Observations”. 

In this article we have unveiled our revamped and more open approach to development and presented our visions for Webscout Moonstone, the current development season which runs until January 1st 2024. 

Our primary objective in the Moonstone season is to lay a foundation that can support our goal of building tomorrow’s cybersecurity platform: a platform where a diverse community of cybersecurity enthusiasts, ranging from novices to experts, can join forces in their pursuit of hunting evil in cyberspace.

Thank you so much. Your continued support means the world to us.

With ❤️ from Denmark
The Webscout Team