Internet wide surveys to study and understand the security state of the Internet as well as facilitate research into various components / topics which originate as a result of our surveys.

About Project Resonance

Project Resonance is an effort to improve security of the Publicly Exposed data and information followed by a deep analysis and data correlation.

We focus specifically on identifying different kinds of Systems and components which are unknown to Security teams. Examples of such systems/components are unknown custom headers, data leak patterns, modern technology stacks, custom protocols, and third party dependencies, etc.

How does it work?

Project Resonance works in multiple comprehensive phases as mentioned below:

  • Internet wide Data Collection / Monitoring
  • Data Normalization and Filtering
  • Shipping to Central Database
  • Study and Analysis of Data
  • Results Released to Public
All the non-confidential data that come out of Project Resonance is free to download for researchers and security practitioners. Feel free to use this data for further educational and research purposes.


Internet Wide Data Collection/Monitoring
We first collect different kinds of public data from various parts of internet using our distributed collectors.


Data Normalization

Based on the collected data, we extract meaningful information by passing it to our massive processing engines.


Shipped to Central DB

Normalized data is picked from distributed collectors and shipped to our Central DataBase. No critical / Sensitive Data is stored.


Data Analysis

Data is filtered, segregated and analyzed for multiple research and studies. Unknown technologies, headers, etc. are extracted.


Results Released

Based on Data Analysis, results and outcomes are released through Blogs / Dataset as well as passed to our our product NVADR.

How is it useful for the world?

The data that comes out of Project Resonance has multiple use-cases for Security Researchers, DFIR teams as well as Threat Intelligence teams. Few examples explaining how this data can be used:

  • Studying the Internet’s security posture by discovering and collecting information about different kind of technology components like custom protocols, services, data leaks, etc.
  • Understanding Attack Surface: Project Resonance can define the global impact of a vulnerability / misconfiguration / data leak using the internet-wide data collection and analysis.
  • Responsible Disclosures: We have in past done many responsible disclosures when we identified any publicly exposed System which shouldn’t be. This is done in a very confidential and responsible manner. 
  • Specific Research Topics can be picked by security practitioners by studying specific / multiple unknown headers, protocols, tech-stacks, interesting security patterns, data leak patterns, cloud storage objects, etc. 

Legal Considerations

We respect legal boundaries and privacy concerns, therefore we do responsible research and adhere to the following procedure:
  • Non-Intrusive: All our research and studies are non-intrusive in nature. 
  • Responsible data release: While we release our datasets, we don’t release all the datasets out in public. We pay very close attention to make sure that no sensitive data is stored as well as released as a part of our datasets. We only release data which helps to facilitate security research but at the same time do not allow any attack exposure for anyone in the world. 
  • Low Rate: We do all our studies on a very low rate so that no one is affected adversely from our research. 
  • Exclusion Lists: If you don’t like to be a part of our research, we respect that preference. We have as exclusion list which we take very seriously. If you don’t want to be in included in our studies, drop us an email at
  • Responsible Disclosure: Many times, we find some components / piece of information / assets which we think shouldn’t be publicly exposed. In such cases, we will responsibly disclose this to the respective owners of the organization. 
If there any further questions left unanswered, have a look at our FAQ section. Still have doubts, please get in touch and drop us an email at

Frequently Asked Questions.

Under any circumstances, we don’t access any authenticated / restricted / protected resources. Our collectors only collect data from public sources on the internet.

All our studies are non-intrusive. We take special care of making sure no systems are negatively affected because of our research.

If you don’t want to be in included in our studies, drop us an email at and we will exclude your assets from all our future research.

No, we don’t crawl any HTTP/HTTPS servers during any phase of our research.

We use a combination of open-source tools and our own in-house developed tools. We are polishing them and they will be out in Open Source community soon.

Share in your network

Share on facebook
Share on linkedin
Share on google
Share on twitter
Share on reddit
Share on whatsapp