Understanding UT Austin DorkBot and Its Role in Web Security at Dartmouth

Dartmouth Information Security partners with the University of Texas at Austin’s DorkBot project to proactively identify and remediate common web application vulnerabilities across Dartmouth’s public-facing websites and services.

DorkBot is an open-source, research-driven security scanner developed by the Center for Identity at UT Austin. It automates the detection of OWASP Top 10 vulnerabilities, helping organizations improve their web security posture in a safe and controlled manner.

 

Overview

Dartmouth Information Security partners with the University of Texas at Austin’s DorkBot project to proactively identify and remediate common web application vulnerabilities across Dartmouth’s public-facing websites and services.

DorkBot is an open-source, research-driven security scanner developed by the Center for Identity at UT Austin. It automates the detection of OWASP Top 10 vulnerabilities, helping organizations improve their web security posture in a safe and controlled manner.

Why DorkBot Is Important

Web applications are a common target for attackers. Many breaches stem from unpatched or misconfigured web services. DorkBot helps Dartmouth:

• Identify high-risk vulnerabilities, such as SQL injection and cross-site scripting (XSS).

• Proactively address security issues before they can be exploited.

• Improve awareness and hygiene for web application owners and developers.

DorkBot scans for vulnerabilities that align with the OWASP Top 10, a standard reference list of the most critical web application security risks:

1. Broken Access Control

2. Cryptographic Failures

3. Injection

4. Insecure Design

5. Security Misconfiguration

6. Vulnerable and Outdated Components

7. Identification and Authentication Failures

8. Software and Data Integrity Failures

9. Security Logging and Monitoring Failures

10. Server-Side Request Forgery (SSRF)

How DorkBot Works

DorkBot scans Dartmouth’s web presence using a combination of intelligent crawling and pattern matching. It mimics common attacker behaviors (such as using known vulnerable URL patterns or “Google dorks”) to surface weaknesses without causing harm or disruption.

All scanning traffic from DorkBot originates from the University of Texas at Austin IP range: 146.6.161.0/25.

What to Expect

• DorkBot scan activity may show up in your web server logs as unusual or malformed requests.

• These scans are authorized and non-malicious. They are part of Dartmouth's ongoing efforts to secure our web infrastructure.

• Please do not block the 146.6.161.0/25 range, as doing so may prevent the detection of critical vulnerabilities on your site.

Need Help?

If you have questions about DorkBot activity or would like help interpreting scan data, reach out to the Dartmouth Information Security Office:

📧 information.security@dartmouth.edu