Skip to main content

🏎️ Getting Started

Escape Inventory is uniquely capable of detecting and classifying Application Assets exposed (externally or internally) by an organization in a few minutes without requiring any agent or traffic interception.

How does it work?

Escape Inventory requires at least a domain name as input, and optionally a variety of read-only integrations. It uses a combination of open-source and proprietary AI-technologies to provide an exhaustive and enriched Inventory of all the Applicative Assets exposed by an organization.

A simplified version of how Escape Inventory technically works

Supported Application Assets:

  • APIs: REST, GraphQL, gRPC, WebSocket, SOAP, etc.
  • API Schemas: OpenAPI Specification, GraphQL Introspection, Postman Collections, etc.
  • Web Apps: Frontends, Single Page Applications (SPA), etc.

Fingerprinted Characteristics of Application Assets:

  • Network Scope: External, Internal
  • Status: Current, Zombie, Legacy, Shadow
  • Environment: Production, Staging, Development
  • Technology: REST, GraphQL, etc.
  • Framework: Flask, Laravel, Next.js, etc.
  • Cloud Hosting: AWS, Azure, OVH, Akamai, GCP, etc.
  • Firewall: Cloudflare, AWS ELB, Azure WAF, Akamai Firewall, etc.
  • Authentication: Keycloak, Auth0, API Key, etc.
  • Code Owners: Requires integration with a Git Hosting Service.

Risk Detection for Exposed APIs

  • Leakage of Sensitive Data and Secrets
  • External Exposure
  • Disclosure of API Documentation
  • Lack of Authentication or Authorization
  • Detection of Critical Vulnerabilities

Output

The Escape API Services Inventory

The output consists of five filterable, sortable, and searchable dataframes listing all detected and fingerprinted Application Assets.

  • Dataframe 1: API Services – Represents root API services, each potentially encompassing multiple API Endpoints exposed on the Internet. Escape can detect or generate the associated API Schema, which contains multiple API Endpoints.
  • Dataframe 2: API Schemas – Offers a schema-first perspective on API Services. This view is especially valuable as some API Schemas, although detected within the research scope, are not linked to any specific API Service.
  • Dataframe 3: Frontends – Lists all detected web applications, frontends, and SPAs within the research scope.
  • Dataframe 4: Sensitive Data & Secrets – Lists all potential Sensitive Data and Secret exposed on the Internet with a very low false positive rate, considering factors like the surrounding code, data flow, and access patterns.
  • Dataframe 5: Repositories & Code Projects – When a Git Hosting integration is connected, this allows to link directly the exposed API Services with the right Code Projects in Repositories, including the Code Owners.