Dark Web ID integration

Overview

This integration allows vPenTest to automatically leverage compromised credentials from Dark Web ID as part of both internal and external network penetration tests. Using compromised credentials from Dark Web ID, vPenTest can enumerate the environment for sensitive data and perform additional attacks, demonstrating the impact of stolen credentials. In the report, vPenTest will indicate if credentials found on the dark web were used as part of the penetration test to accomplish its objectives.

Benefits

  • Confirm if Dark Web ID credentials are still valid.

  • Gain clarity on the risks of weak passwords, validate controls like 2FA, and strengthen defenses against potential breaches.

By revealing how stolen credentials can be used by malicious actors to gain unauthorized access, vPenTest delivers deeper insights, stronger security outcomes, and greater value in every assessment.

How to...

Perform the steps below:

  1. Navigate to vPenTest > Global Settings > API Integrations tab.

  2. Turn on the toggle to enable the Dark Web ID integration.

  3. Upon enabling the integration, a two-step form is presented. The first step takes the credentials to fetch the details from the Dark Web ID portal. All details are required, and you can click Save or Close at any stage to cancel the integration setup.

Step 1: Integration details

  • To turn this integration on, you will need your Dark Web ID username and password.

  • A user can’t go to the next step unless the test integration is successful. The next step will be available only if the credentials are correct.

Step 2: Match organizations

  1. This step lists all the organizations available in vPenTest for the logged-in user and a drop-down menu that takes all organizations available in Dark Web ID to be mapped.

  2. Once enabled, organizations that are matched to a Dark Web ID organization will have the Dark Web ID icon on the Organization List page in vPenTest.

  3. After mapping all the organizations and clicking Complete Integration, you’ll see the confirmation pop-up below.

  4. After the integration is complete, the API Integrations tab on the Global Settings page will show that the integration was enabled, and you should now see the Manage Integration option.

Perform the steps below:

  1. Navigate to vPenTest > Global Settings > API Integrations tab.

  2. Toggle to disable the Dark Web ID integration.

When the integration is disabled, the below confirm modal will be visible and upon confirmation, the integration will be disabled.

NOTE  If you decide to re-enable the integration, organizations that you previously mapped will stay the same. You will not have to map organizations that were already mapped again, only new ones.

To make it easier for you to see which organizations are synced after the integration, a Dark Web ID icon shows up next to any organizations that are mapped to a Dark Web ID organization on the Organizations page.

If an organization in vPenTest is mapped with a Dark Web ID organization, its Organization Profile page will show the details below.

If you need to change the Dark Web ID organization synced with a particular organization in vPenTest, follow the steps below to edit and change the mapped organization.

  1. Navigate to Organization.

  2. Click the organization you wish to update.

  3. Click Edit Details and then click Integration tab.

  4. In the drop-down menu, select the organization you wish to sync from Dark Web ID to vPenTest.

If an organization is not mapped with a Dark Web ID organization and the Dark Web ID integration is enabled, a button that says Match to a Dark Web ID Organization will be visible on the Organization Profile page.

The integration leads to automation. Any assessments you schedule with the Dark Web ID integration enabled will allow vPenTest to use the credentials for that organization during the scheduled penetration test.

Below is a sample output of what you can expect to see in the technical reports: