This scanner checks for common Connectwise Automate security misconfigurations and missing best practices. To get started, fill out the form below:

    After clicking submit, the scanner will redirect to the results page. Server scans are performed in real-time; it may take several minutes for the results to be displayed.


    How does the scanner work?

    The scanner receives the FQDN of an Automate server and performs the following checks:

    • Port checks for services that should be open (like HTTPS) and services that should be closed (like MySQL and the Connectwise File Service)
    • TLS version checks to determine any cryptography issues
    • HTTP header checks to examine potential enumerability and client-side attacks
    • Enumeration checks — the scanner queries Shodan and Google to see if the server is listed, and it also checks to see if the server accepts connections from India to validate GeoIP rules

    Is the Connectwise Automate Security Scanner secure?

    Yes. All the background data transmission between the scanner components uses TLS encryption. Additionally, the scanner retains no record of the scan results (see “What happens to my data?” below).

    What happens to my data?

    Results are only shown on the results page — the scan results are not stored. The only data retained is what you enter into the form (to prevent abuse/spam, etc.).