Kaduu provides a wide range of analyst-reviewed threat intelligence indicators to identify your customers' compromised or stolen data and detect attacks before they happen.

How do we find the data?

We use a network of software based crawlers that process data 24/7 from paste sites, underground marketplaces, IRC, onion sites, P2P and other sources. Additionally we have Russian, French, German and English speaking analysts who operate undercover in the darknet. Our team has discovered many exclusive leaks in the past that have been recognized by global press.

How do we present the data?

Accessing the dark web and finding various data leaks is relatively easy. The more difficult part of the task is narrowing down the search to find meaningful and actionable threat data that a client can use to truly improve the security posture. The threat information in Kaduu can be provided as raw data or contextual data. Kaduu uses state-of-the-art self-learning ML algorithms to identify correlations between different data sets and give the administrator a risk indicator. The data can be made available via a web-based user interface, a REST API or also as an export in various formats (XML, CSV). 

How up-to-date is the data?

In certain areas, such as the Domains, Forums & Leaks, we archive historical data. New leaks are added regularly, but it is safe to assume that there is a considerable amount of time between the publication of the leak on the darknet and the appearance of the vulnerability. Hot leaks are often first abused by the criminals themselves before they are offered. In other areas, however, we offer a live search. For example, paste and git sites are visited hourly, but it can take up to 12 hours for all data to be indexed. Onion sites are live only and provide insight in a period of about 12 hours. Older entries on Onion sites are not cached. In the social media space, we present data within a timeframe of a few hours.

How much automation is possible?

To make the most of the service, the customer should be alerted when new and relevant information emerges. At the beginning, the monitoring service is accompanied by an onboarding. We find the optimal search terms through manual queries and evaluations, which are later transferred to the automated alerting (e.g. via E-Mail).


The whole of the information generated by artificial intelligence is greater than the sum of the individual pieces of information added together. We connect the dots!

Most affordable CTI data in the market - tailored for MSSP's and security vendors
Intelligent analysis of the information and the most flexible search option of any tool out there  
Access to historical data and also real live view in Darknet and Deep Web