Crowdsource Modules
Crowdsource is Detectify’s community-driven vulnerability research program. Security researchers from around the world contribute detection modules that power vulnerability scanning across all four Detectify products.
How Crowdsource Works
Security researchers discover new vulnerabilities, develop proof-of-concept exploits, and submit detection modules to Detectify. Each module defines:
- What to test — The specific vulnerability or misconfiguration to detect
- How to test — The payloads, requests, and detection logic needed to identify the issue
- How to verify — The response characteristics that confirm the vulnerability is exploitable
Submitted modules go through a review process before being deployed to Detectify’s scanning infrastructure. Once approved, the module is available to all Detectify customers automatically.
Coverage Across Products
Crowdsource modules power detection across all four Detectify products:
| Product | How Crowdsource modules are used |
|---|---|
| Attack Surface Management | Detect misconfigurations, exposed services, and known vulnerabilities across your external attack surface |
| Web Application Security Testing | Test web applications for injection vulnerabilities, authentication flaws, and application-specific issues |
| API Security Testing | Test API endpoints for injection, authorization, and logic vulnerabilities |
| Internal Scanning | Detect vulnerabilities in internal applications and services behind your firewall |
Module Types
Technology-Specific Modules
These modules target vulnerabilities in specific software, frameworks, or platforms. Examples include:
- CVEs in popular web frameworks (WordPress, Drupal, Laravel)
- Misconfigurations in web servers (Apache, Nginx, IIS)
- Default credentials on administrative interfaces
- Known vulnerabilities in JavaScript libraries and dependencies
Generic Vulnerability Modules
These modules test for vulnerability classes that apply across technologies:
- SQL injection across different database engines
- Cross-site scripting in various contexts (HTML, JavaScript, attribute)
- Server-side request forgery through different parameter types
- Path traversal across operating systems
Configuration Modules
These modules check for security misconfigurations:
- Exposed administrative panels and debug endpoints
- Missing security headers (CSP, HSTS, X-Frame-Options)
- Directory listing enabled on web servers
- Unrestricted file upload functionality
Continuous Updates
The Crowdsource community continuously contributes new modules. When a new vulnerability is publicly disclosed or a new attack technique is discovered, researchers develop and submit detection modules. This means Detectify’s scanning capabilities expand continuously without requiring any action from you.
Module updates are deployed automatically. You do not need to update scan profiles or configurations to benefit from new modules.
Research Quality
Every Crowdsource module is based on real vulnerability research. The modules send actual exploit payloads and validate responses, ensuring that reported findings represent genuine, exploitable issues rather than theoretical risks.