About Us
ONYPHE is an Attack Surface Management (ASM), Attack Surface Discovery (ASD) and Cyber Threat Intelligence (CTI) solution. We scan the entire Internet and Dark Web for exposed assets and crawl the links just like a Web search engine. Our data is searchable with a Web form or directly from our numerous APIs.
Our company was created mid-2017 in France, Europe, with one simple idea in mind: giving our customers, in an Ethical way, the same view as cybercriminals so that initial access vectors are killed before any bad thing happens.
There lies our purpose of fighting ransomware exposure.
Our company was created mid-2017 in France, Europe, with one simple idea in mind: giving our customers, in an Ethical way, the same view as cybercriminals so that initial access vectors are killed before any bad thing happens.
There lies our purpose of fighting ransomware exposure.
Ethical scanning
About Ethical Internet Scanning
Better than a few written words, a video with our CEO giving the opening keynote at CTI Summit in 2022. The subject was how to be Ethical while performing Internet Scanning activities:
On 19th of October 2022 our founder and CTO @PatriceAuffret gave the opening keynote of the Cyber and Threat Intelligence Summit (CTIS-2022) event. It gathered roughly 200 people in the field of defensive and threat intelligence fields. The subject of our CTO’s keynote was: “Ethical Internet Scanning in 2022”. The full recording of the conference has been put online for spreading.
To make a long story short, we defined our 10 Commandments for Ethical Internet Scanning activities. We want to open the discussion with researchers and companies worldwide so we all agree on the Ethical Way of doing it. Overall, it would make such activity better perceived from network owners and seen as another great tool in the defensive arsenal.
Act transparently
Our 10 Commandments for Ethical Internet Scanning
- Web server explaining purpose on every probe
- Give an opt-out request e-mail address
- Set whois records with organization & abuse@ email address
- Give probes IP address list on probes Web servers
- Reverse DNS pointing to your project/company
- Handle abuse requests on a timely manner, ask no question
- Only send standard packets/protocol requests
- Scan slowly to not stress target (or source) networks
- Use fixed IP addresses, not trashable ones
- Honor remove collected data requests on a timely manner, ask no question
