VULNEBIFY

Success!
<- Home

About Vulnebify

Vulnebify is a cyber defense platform designed to help businesses, authorities, and security professionals identify, mitigate, and defend against vulnerabilities on the public Internet.

We operate a distributed checking network that collects publicly accessible metadata β€” such as open services, TLS certificates, and HTTP response details β€” to provide visibility into exposed infrastructure. Our goal is to make the Internet safer by supporting vulnerability awareness, proactive defense, and responsible security research.

What we check

Vulnebify performs low-impact, non-intrusive checks of publicly reachable IP addresses and domain names. Our checks are strictly limited to metadata collection and does not attempt to authenticate, exploit, or access private systems.

Data we collect includes:

  • Open service availability
  • HTTP response metadata (status, headers, page titles)
  • TLS certificate chains and fingerprinting
  • Basic service banners and protocol-level data

We follow ethical checking principles as outlined in our Terms and Conditions.

How to identify Vulnebify

We ensure our scanners are easily identifiable through both DNS and HTTP headers:

  • DNS authenticity: all scanners use verified A and PTR records. For example, vulnebify-node-1.scanning.vulnebify.com resolves to and from the same IP, ensuring traffic is from authentic Vulnebify Scanners.
  • User-Agent: HTTP requests include the following header:
    Mozilla/5.0 (compatible; VulnebifyResearch/1.0; +https://about.vulnebify.com/)

How to block Vulnebify

If you prefer not to receive traffic from Vulnebify Scanners, you can block or filter our probes in any of the following ways:

  • DNS-based filtering: block IPs that have both forward and reverse DNS records matching *.scanning.vulnebify.com. This includes:
    • A record: the hostname resolves to the IP
    • PTR record: the IP resolves back to the hostname
  • User-Agent filtering: deny HTTP requests with the following User-Agent string:
    Mozilla/5.0 (compatible; VulnebifyResearch/1.0; +https://about.vulnebify.com/)
  • Opt-out: email [email protected] with your IP range or CIDR block to request exclusion

Opt-out requests are reviewed and verified for ownership before being processed. We aim to respond within 7 business days.

Why our work matters

The data collected by Vulnebify is used by security teams, CERTs, and authorized security researchers to identify exposures early and reduce risk. It supports proactive defense by enabling faster response times, increased visibility, and continuous assessment of Internet-facing assets.

Blocking our scanners may reduce the effectiveness of these early-warning efforts and prevent notification of emerging risks.

Contact

For questions, concerns, or abuse reports, please reach out:

Email: [email protected]

<- Home
πŸ‡ΊπŸ‡¦ Made in Kyiv with love