Summary
Dartmouth Information Security partners with the University of Texas at Austin’s DorkBot project to proactively identify and remediate common web application vulnerabilities across Dartmouth’s public-facing websites and services.
DorkBot is an open-source, research-driven security scanner developed by the Center for Identity at UT Austin. It automates the detection of OWASP Top 10 vulnerabilities, helping organizations improve their web security posture in a safe and controlled manner.
Body
Overview
Dartmouth Information Security partners with the University of Texas at Austin’s DorkBot project to proactively identify and remediate common web application vulnerabilities across Dartmouth’s public-facing websites and services. We also partner with CISA to offer similar services targeted for the education sector https://www.cisa.gov/
DorkBot / Gastronaut: Are security scanners developed and maintained by the UT Austin - Information Security Office https://security.utexas.edu/dorkbot. It automates the detection of OWASP Top 10 vulnerabilities, helping organizations improve their web security posture in a safe and controlled manner.
CISA: This service deep-dives into publicly accessible web applications to uncover vulnerabilities and misconfigurations that attackers could exploit. This comprehensive evaluation includes, but is not limited to, the vulnerabilities listed in the OWASP Top Ten, which represent the most critical web application security risks.
Why DorkBot / CISA Is Important
Web applications are a common target for attackers. Many breaches stem from unpatched or misconfigured web services. DorkBot helps Dartmouth:
-
Identify high-risk vulnerabilities, such as SQL injection and cross-site scripting (XSS).
-
Proactively address security issues before they can be exploited.
-
Improve awareness and hygiene for web application owners and developers.
DorkBot / CISA scans for vulnerabilities that align with the OWASP Top 10, a standard reference list of the most critical web application security risks:
-
Broken Access Control
-
Cryptographic Failures
-
Injection
-
Insecure Design
-
Security Misconfiguration
-
Vulnerable and Outdated Components
-
Identification and Authentication Failures
-
Software and Data Integrity Failures
-
Security Logging and Monitoring Failures
-
Server-Side Request Forgery (SSRF)
How DorkBot / CISA Works
DorkBot / CISA scans Dartmouth’s web presence using a combination of intelligent crawling and pattern matching. It mimics common attacker behaviors (such as using known vulnerable URL patterns or “Google dorks”) to surface weaknesses without causing harm or disruption.
All scanning traffic from DorkBot originates from the University of Texas at Austin IP range: 146.6.161.0/25.
All Scanning from CISA originates from the following IP addresses and IP ranges.
3.17.86.146/32
3.21.221.204/32
3.128.98.3/32
3.146.202.49/32
3.148.119.10/32
18.117.215.217/32
18.220.113.68/32
54.151.50.224/32
54.215.127.224/32
64.69.57.0/24
100.27.42.128/25
What to Expect
-
DorkBot / CISA scan activity may show up in your web server logs as unusual or malformed requests.
-
These scans are authorized and non-malicious. They are part of Dartmouth's ongoing efforts to secure our web infrastructure.
-
Please do not block the 146.6.161.0/25 range, as doing so may prevent the detection of critical vulnerabilities on your site.
-
Please do not block the following IP addresses and ranges for the same reason.
3.17.86.146/32
3.21.221.204/32
3.128.98.3/32
3.146.202.49/32
3.148.119.10/32
18.117.215.217/32
18.220.113.68/32
54.151.50.224/32
54.215.127.224/32
64.69.57.0/24
100.27.42.128/25
Need Help?
If you have questions about DorkBot / CISA activity or would like help interpreting scan data, reach out to the Dartmouth Information Security Office:
📧 information.security@dartmouth.edu