Dashboard Help

Guides on how to use the dashboard

By Lars Reddering and 1 other

• 6 articles

Managing members on your Catcher24 dashboard

Adding them, removing them, and other frequently asked questions. How many members can I add to my organization? You are able to add as many users as you like. How to add a new user to an organization? In order to be able to add new members to an existing organization, you must have an admin role within an organization. 1. Open the dashboard and select the correct organization. 2. Click Members under the Organization management section of the menu. 3. This is the current member overview of this organization, press the green invite member button. 4. Enter the email. https://app.arcade.software/share/Uz9CpfMKVJLpjAbc0CVC Your invited member will receive an email containing the invite information and login or register link to the dashboard. Once logged in, the member can accept the invitation and be part of your organization. How do I remove a user? 1. Open the dashboard and select the correct organization. 2. Click Members under the Organization management section of the menu. 3. Click the red garbage bin of the member you want to remove from your organization and confirm the removal of the member. Can I withdraw an invitation? When an invited member has not yet accepted the invite, the invitation will be shown in a separate invitations overview. You can simply remove the invitation and the user will no longer be able to accepted or decline the invite in their dashboard. 1. Open the dashboard and select the correct organization. 2. Click Members under the Organization management section of the menu. 3. In the invitations overview, click the red garbage bin of the member you want to remove from your organization and confirm the removal of the member.

Last updated on Jul 17, 2025

What IPs does Catcher24 use to scan my environment?

If you’re using security technologies like a Next-Gen Firewall, Intrusion Prevention System (IPS), Intrusion Detection System (IDS), or a Web Application Firewall (WAF), they may flag Catcher's traffic as suspicious and block it. We recommend allowlisting our IP ranges to avoid these problems. This article provides the full list of IP ranges you’ll need to configure in your security tools to avoid false positives or blocked traffic during scans. 95.211.123.176/28 185.24.173.0/24 FAQ Where should I add these ranges? You should add these ranges to the appropriate IPS, IDP etc. you have enabled. If your applications are hosted by a 3rd party, please inform them that you will run scans from these ranges, to avoid your 3rd party blocking our IPs. What about my firewall? If you use a perimeter firewall, please don't add our ranges to it as that would show results which aren't accessible through the internet normally.

Last updated on Aug 06, 2025

Catcher security score

The Security Score in Catcher provides a quick, comprehensive view of your organization's overall security posture. It combines three key metrics into a single score ranging from 0 to 100, where higher scores indicate better security. How the Security Score Is Calculated The score is a weighted sum of three components: - Vulnerability Risk Score (VRS) – 60% weight - Behavior Risk Score (BRS) – 25% weight - Endpoint Protection Score (EPS) – 15% weight Formula Security Score = (VRS × 0.6) + (BRS × 0.25) + (EPS × 0.15) If Phished integration or ESET integration is not configured, their weights are redistributed proportionally among the remaining components to maintain a total weight of 100%. Component Breakdown Vulnerability Risk Score (VRS) Assesses the severity of vulnerabilities in your environment. - Penalty per vulnerability: - Critical: 40 - High: 20 - Medium: 5 - Low: 1 - Score normalization: Average penalty is normalized against a max of 120. - Score caps based on highest severity: - Critical: max 50 - High: max 70 - Medium: max 85 - Low: max 95 - No vulnerabilities: 100 Behavior Risk Score (BRS) Derived from the Phished integration. - If configured, score is fetched directly (0–100). - If not configured, BRS is excluded from the calculation. Endpoint Protection Score (EPS) Evaluates ESET endpoint protection and update status. Formula: EPS = ((Protected / Total) × 0.6 + (Updated / Total) × 0.4) × 100 - If not configured, EPS is excluded from the calculation. How to Improve Your Catcher Security Score Improving your Catcher Security Score means strengthening your organization's overall cybersecurity posture. Since the score is based on three components—Vulnerability Risk Score (VRS), Behavior Risk Score (BRS), and Endpoint Protection Score (EPS)—you can target improvements in each area: Vulnerability Risk Score (VRS) – 60% Weight This is the most heavily weighted component, so reducing vulnerabilities has the biggest impact. Steps to improve: - Patch critical and high vulnerabilities promptly. These carry the highest penalties. - Conduct regular vulnerability scans to identify new issues early, or do this automatically by scheduling your scans. - Implement automated patch management to reduce manual effort and delays. - Remove or isolate unused or legacy systems that may introduce risks. Behavior Risk Score (BRS) – 25% Weight This score comes from the Phished integration, which assesses user behavior around phishing threats. Steps to improve: - Enable and configure the Phished integration if not already done. - Identify and report our phishing simulations in your email client. - Train your security awareness by completing security awareness training. Endpoint Protection Score (EPS) – 15% Weight This score reflects how well your endpoints are protected and updated via ESET integration. Steps to improve: - Ensure all endpoints have ESET protection installed. - Keep endpoint protection software up to date. - Automate updates and protection checks to maintain coverage. - Monitor for unprotected or outdated devices and remediate quickly. If Integrations Are Missing If either Phished or ESET integrations are not configured, their weights are redistributed. This means the remaining components become even more critical to your score. Tip: Configuring all integrations ensures a balanced and accurate score—and gives you more control over improvements.

Last updated on Aug 18, 2025

How to scan websites hosted behind Cloudflare with Catcher24

This article explains how to set up Catcher24 to correctly scan web servers that are hosted behind Cloudflare. Catcher24 is fully compatible with Cloudflare, but it is important that you set up your targets in the Catcher dashboard correctly. This ensures our scanning engines can distinguish between and reach your intended targets (the website versus the underlying server). Configuring your targets - To scan only the website/web-application: Add the domain hostname. - To scan the server infrastructure: Add the server IP-address. - To scan the infrastructure and website: Add both the hostname and the IP-address. Please note that this will count as two targets. Best practice: In all situations, you must prevent scan interference by adding the Catcher24 scanning IPs to the Cloudflare allowlist.

Last updated on Apr 16, 2026

How to add Catcher24 IPs to the Cloudflare allowlist

To ensure Catcher24 can successfully scan your targets without being blocked by Cloudflare's security features, you must create a WAF Custom Rule to allow our scanning engines. Step-by-step guide 1. Log in to your Cloudflare dashboard and select your domain. 2. Navigate to Security > Security rules. 3. Click + Create rule > Custom rules 4. Name the rule: e.g., "Allow Catcher24 Scanners". 5. Configure the "If incoming requests match..." section: - Field: Select IP Source Address. - Operator: Select is in. - Value: Enter the Catcher24 IP ranges listed in this help article (type the first one, press Enter, then type the second). 6. Configure the "Then take action..." section: - Choose action: Select Skip. - WAF components to skip: Check the boxes for WAF components to skip. Click the More components to skip option and check all extra boxes as well. 7. The rule will look like this: 8. Click Deploy. Note: Using the "Skip" action is preferred over "Allow" because "Allow" only bypasses the firewall, whereas "Skip" prevents Cloudflare from presenting CAPTCHAs or JavaScript challenges that can block automated scanners. ⚠️ Important Note: Cloudflare Validation Checks Even with the Catcher24 IPs added to your allowlist, Cloudflare performs certain Validation Checks that run before your custom rules are evaluated. These checks cannot be disabled or bypassed by an allowlist. According to Cloudflare's documentation, this component blocks: - Malformed HTTP requests. - Specific attack patterns in HTTP headers (e.g., Shellshock attacks). - Requests that trigger "sanity checks" early in Cloudflare's infrastructure. How this affects your scans: Because these checks happen at the Cloudflare edge, before the request reaches your "Allow/Skip" rule, some specific scan probes sent by Catcher24 may still be blocked. - Scans that lose connection or fail. - Limited scan results on Cloudflare targets. - Blocked Probes: You may see scan logs indicating that certain connection attempts or specific exploit payloads failed, even though the IP is whitelisted. This is standard Cloudflare behavior and generally means Cloudflare is doing its job to protect your application from malformed traffic, even from authorized scanners. Suggestions for mitigating interference If you have already added the Catcher24 IPs to your allowlist but continue to see scan errors or incomplete results, the behavior is likely due to Cloudflare's mandatory validation checks which cannot be bypassed by standard allowlisting. Because these checks cannot be disabled directly on your main domain, we recommend one of the following approaches: 1. Create a dedicated subdomain This is the most effective workaround for production environments. - Setup: Create a specific subdomain (e.g., catcher-scan.yourdomain.com) and point its DNS to the same backend IP as your main website. - Configuration: On this specific subdomain, you can safely lower Cloudflare's security settings without affecting your main site users. - Disable "Browser Integrity Check". - Disable "Always Use HTTPS" (if necessary for specific HTTP probes). - Disable "Bot Fight Mode" or "Super Bot Fight Mode". - Action: Add this subdomain as your target in the Catcher dashboard. 2. Scan a staging environment If you have a staging or development environment that mirrors your production code, use that as your primary scan target. - Benefit: Staging environments often have relaxed WAF configurations or can be configured to bypass Cloudflare entirely (e.g., restricted by IP access only), allowing Catcher24 to scan the application logic without WAF interference. 3. Cloudflare Enterprise options If you are on a Cloudflare Enterprise plan, you may have access to advanced settings that are not available on standard plans. - Enterprise Features: Enterprise support can sometimes offer higher-level configuration options, such as custom "Host Header" modification or classifying specific scanner IPs as trusted traffic to bypass mandatory validation checks. Please contact your Cloudflare account manager if this applies to you.

Last updated on Apr 16, 2026

Export a PDF report of a target

Getting your security data out of the Catcher24 dashboard and into a PDF is a straightforward process, whether you need it for an internal audit, an insurance application, or just a peace-of-mind archive. Here is how you can download a report for a specific target. How to Download a PDF Report To generate a report for a specific target (such as a domain, IP address, or web application), follow these steps: 1. Select Your Organization If you manage multiple organizations, ensure you have selected the correct organization in the navigation menu. 2. Navigate to the Targets Navigate to the targets overview. 3. Open the Target Details Click on the specific Target name you wish to report on. This will open the detailed view showing the current security status, open ports, and found vulnerabilities. 4. Generate the PDF - Look for the "Download PDF" button, typically located in the top-right corner of the target's overview page. - Wait till the export PDF button is no longer loading. 5. Download and Save Once the system processes the data, your browser will open the target report PDF.

Last updated on Mar 20, 2026