FAQ: Project Doppler

What is Project Doppler?

Project Doppler is a free and simple tool that lets organizations of any size quickly and easily gain
insights into their public internet exposure.

Doppler’s user-friendly interface reveals hard-to-discover exposures—like those related to third-party

services, shadow IT implementations, misconfigurations, and exploitation of systems—and offers tips
for addressing them.

Why did we make Project Doppler?

The increasing complexity of corporate IT environments, along with the rise of shadow IT, makes it hard
for organizations to keep up with their external exposures. Left unchecked, these exposures can expand
your network’s attack surface and increase your cyber risk.

To address this and raise the bar for attackers, Rapid7 developed Project Doppler, a free and simple tool
that lets organizations of any size quickly and easily gain insights into their public internet exposure.
Doppler’s user-friendly interface reveals hard-to-discover exposures—like those related to third-party
services, shadow IT implementations, misconfigurations, and exploitation of systems—and offers tips for
addressing them.

Doppler’s data is sourced from Rapid7’s Project Sonar, which scans the internet to identify exposures, and
Project Heisenberg, a globally-distributed honeypot network that monitors for potentially malicious
inbound connections.

Who can access Project Doppler?

Any user that already has an Insight account can gain access to Project Doppler.

How do I access Project Doppler?

If you already have an Insight Platform account, simply log in, and look for the Rapid7 Open Labs tile.
Project Doppler is accessible within Open Labs.

From there, click on “Join” and proceed through the setup process.

For additional guidance on how to access Project Doppler, check out the Quick Start Guide or video.

1
What is Rapid7 Open Labs?

Rapid7 Open Labs is a new space on the Insight Platform where we can showcase free and open
source tools that Rapid7 is offering as part of our commitment to helping everyone access the most
effective security technology and practices, bringing safety and resilience to as many people as
possible.

This mission is at the core of who we are. In our work to create a safer internet ecosystem that benefits
everyone, we're investing in supporting the open source cybersecurity community, as well as providing
free tools, nonprofit licensing for our commercial solutions, and access to security research data.

Rapid7 Open Labs is part of that mission. It's a space where we can share free or open source security
tools developed and maintained across Rapid7. These tools are designed to provide broad access to
key security capabilities, and are not subject to the same service level expectations for support and
availability as Rapid7’s commercial solutions, which is communicated through messaging in the Rapid7
Open Labs space.

What is the pricing for Project Doppler?

Project Doppler is free.

What level of support can users expect?

The tools showcased in Rapid7 Open Labs are free and open source and as such, are not subject to the
same service level expectations for support and availability as Rapid7’s commercial solutions.

Where possible, we have provided documentation to help users find answers about the functionality
and troubleshoot as needed. Feedback can be provided through the Feedback form within Project
Doppler.

Where does the data shared by Project Doppler come from?

Project Doppler’s data is sourced primarily from Rapid7’s Project Sonar, which scans the internet to
identify exposures, and Project Heisenberg, a globally-distributed honeypot network that monitors for
potentially malicious inbound connections.

Does using Project Doppler initiate a scan?

No, Project Doppler filters existing data that has already been collected by Project Sonar and Project
Heisenberg.

2
Can a user not associated with an organization’s internal infosec or IT
team use Project Doppler?
No. We expect users to be associated with the internal IT or infosec teams of particular organizations.
Their usage of Project Doppler should be focused on examining the external exposure of organizations
they represent.

To help ensure Project Doppler is being used by technical and security professionals for legitimate
corporate cybersecurity purposes, we will not permit personal emails (such as @gmail.com emails) to
be used to access Project Doppler.

Can I use Project Doppler to scan organizations other than my own?

The intended use case for Project Doppler is to assess one’s own organization, not another
organization, including vendors.

Users may only add sources that their organization owns, manages, or is responsible for maintaining.

Where should user feedback on Project Doppler be sent?

All feedback should be sent through the on-platform response form, accessible through the Settings
section.

Why does Project Doppler not show any data for my organization?

There are many reasons why Project Dopppler might not show data.

At its core, Project Doppler is dependent on Project Sonar. Project Sonar scans the internet on a
scheduled basis, not continuously. The full set of scans typically refreshes over a span of 35 days.
Different types of Sonar scans run at different frequencies. Due to the timing of Project Sonar scans, it
is possible that it might not see points of exposure if something is offline or inaccessible at the
moment of the scan.

Another possible reason that no data is appearing for a given organization is because the IP address
has been omitted from our scans. As a matter of policy, we respect requests to not scan particular IP
ranges by their owners. If we do receive such a request, we add the specified IP ranges to an opt list
that are omitted from Project Sonar scans. Any ranges within that list will subsequently not appear
within Project Doppler.

If you would like to remove your organization from the Project Sonar opt-out list, please contact
[email protected], and we’ll implement the appropriate changes. Data will not begin to populate
from the specified IP ranges until the next round of Project Sonar scans.

3
What are the inputs necessary to use Project Doppler?
The two main inputs that are necessary to use Project Doppler are domains or IP ranges owned by an
organization. IP ranges can be specified in dot-decimal notation or in CIDR notation.