Exposure Intelligence · by XENOPS

Your passwords are already out there. We find them.

Info-stealer malware grabs your team’s logins, session cookies, and tokens and posts them online within hours. Qannas finds the ones tied to your company — and shows them to you, not the whole internet.

See the platform Request access

You only ever see your own data. There is no search box for the whole database — that’s the point.

Free check

Has a stealer already grabbed your team?

Drop your domain or a work email. We’ll look for leaked credentials, cookies, and tokens tied to it across our stealer-log lake.

No login, no spam. We only show results tied to assets you can prove you own.

Why this matters

You can’t reset a password you don’t know leaked.

RedLine, LummaC2, Raccoon — these stealers run quietly on your employees’ laptops, grab whatever’s sitting in the browser, and ship it to a Telegram channel before lunch. Your firewall never sees it. Most scanners don’t either.

Info-stealers

RedLine, LummaC2, Raccoon

Within hours

logs land on Telegram & dark-web markets

What leaks

passwords, session cookies, tokens

The platform

Here’s what your team sees every morning.

A live posture score, a map of where you’re exposed, and a queue of things to fix — all scoped to ACME Corporation. Click the sidebar to walk through the whole product.

app.qannas.io / overviewLIVE

Overview

Exposure posture for ACME Corporation.

Search exposures, assets, emails…S

EXPOSURE POSTURE

0/ 100▼ 8 pts

0active exposures

Critical18
High30
Medium177
Low1,367

GLOBAL EXPOSURE MAP13 countries

active exposure activity

RECENT CRITICAL EXPOSURESlast 24h

ceo@acme.comRedLinestealerEMEA2h agoNew

vpn.acme.comLummaC2stealerNAMER5h agoTriaged

employee@acme.comRaccoonstealerAPAC1d agoOpen

dev.acme.comUnknownstealerEU3d agoResolved

FRESHEST INTELLIGENCE

RedLine

stealer log

1,284

LummaC2

stealer log

942

Raccoon

stealer log

317

Unknown

stealer

TOP RISK ASSETS

ceo@acme.com92

vpn.acme.com74

api.acme.com61

git.acme.com48

mail.acme.com33

Add watchlistCreate alert ruleExport reportIntegrations

All 8Critical 3High 2Medium 2Low 1

Hover a row to inspect

ASSETTYPESOURCEREGIONFIRST SEENSTATUS

finance@acme.comCredentialRedLineEMEA3h agoNew

Infected machineDXB-LAPTOP-02

Malware familyRedLine

GrabbedJun 26, 2026

PasswordIn use

Open investigation →

ceo@acme.comCredentialRedLineEMEA2h agoNew

Infected machineFIN-LAPTOP-04

Malware familyRedLine

GrabbedJun 22, 2026

PasswordIn use

Open investigation →

api.acme.comCredentialRedLineNAMER8h agoNew

Infected machineAUS-WS-44

Malware familyRedLine

GrabbedJun 25, 2026

PasswordIn use

Open investigation →

vpn.acme.comCredentialLummaC2NAMER5h agoTriaged

Infected machineNYC-WS-118

Malware familyLummaC2

GrabbedJun 24, 2026

PasswordReset pending

Open investigation →

git.acme.comTokenRaccoonAPAC2d agoOpen

Infected machineTKY-WS-03

Malware familyRaccoon

GrabbedJun 18, 2026

PasswordActive

Open investigation →

mail.acme.comCookieLummaC2EU1d agoOpen

Infected machineLON-LAPTOP-09

Malware familyLummaC2

GrabbedJun 19, 2026

PasswordSession live

Open investigation →

employee@acme.comCookieRaccoonAPAC1d agoOpen

Infected machineSG-LAPTOP-21

Malware familyRaccoon

GrabbedJun 20, 2026

PasswordSession live

Open investigation →

dev.acme.comTokenUnknownEU3d agoResolved

Infected machineBER-WS-07

Malware familyUnknown

GrabbedJun 12, 2026

PasswordRevoked

Open investigation →

Open 4Triage 1Waiting 1

Hover a case for detail

INV-2041Open

ceo@acme.com

FamilyRedLineMachineFIN-LAPTOP-04Grabbed5 days ago

PasswordIn useRelated3 cookies/tokensAnalystSara M.

Force resetPush to Jira

INV-2038Open

finance@acme.com

FamilyRedLineMachineDXB-LAPTOP-02Grabbed3 days ago

PasswordIn useRelated5 cookies/tokensAnalystOmar K.

Force resetPush to Jira

INV-2035Triage

api.acme.com

FamilyRedLineMachineAUS-WS-44Grabbed4 days ago

PasswordIn useRelated2 cookies/tokensAnalystSara M.

Force resetPush to Jira

INV-2031Waiting

git.acme.com

FamilyRaccoonMachineTKY-WS-03Grabbed11 days ago

PasswordActiveRelated4 cookies/tokensAnalystLina H.

Force resetPush to Jira

6 assets monitored2,297 lifetime matches

+ Add asset

@acme.comEmail domainHigh1,284

acme.comWeb domainHigh942

executives@acme.comIdentityCritical18

203.0.113.0/24IP rangeMedium7

supplyco.comThird-partyMedium34

acme-cloudBrand keywordLow12

ALERT RULES

Exec credentials

Exec identities · Critical + High

Slack #sec-ops

VPN & remote access

vpn.acme.com · High +

Email + Splunk

Source-code hosts

git.acme.com · Medium +

Slack #eng-sec

Weekly digest

All assets · All

FIRED (24h)4

ceo@acme.comExec credentialsSlack2h ago

finance@acme.comExec credentialsSlack3h ago

vpn.acme.comVPN & remote accessSplunk5h ago

git.acme.comSource-code hostsSlack2d ago

POSTURE — LAST 6 MONTHS78/100

71Jan

74Feb

69Mar

76Apr

86May

78Jun

EXPORTS

PDF

June exposure summary

Jun 2026 · 2h ago

Download

PDF

Q2 board posture

Q2 2026 · 5d ago

Download

CSV

Credential reset log

YTD 2026 · 1d ago

Download

CEF

SIEM export (CEF)

Last 30 days · 6h ago

Download

SConnected

Slack

Alerts to #sec-ops

SConnected

Splunk

CEF / Syslog stream

WConnected

Webhooks

Custom HTTP callbacks

EConnected

Digests + critical alerts

JConnect

Jira

Auto-create tickets

SConnect

ServiceNow

Incident sync

MConnect

Microsoft Teams

Channel alerts

PConnect

PagerDuty

On-call escalation

TEAM+ Invite

Sara Mansour

sara@acme.com

Admin

Omar Khalil

omar@acme.com

Analyst

Lina Haddad

lina@acme.com

Viewer

PLAN

Growth — 12 seats · 5,000 monitored assets · 1-year retention

Manage billingUsage

API KEY

qks_live_••••••••••••3f9aRotate

Capabilities

From a raw stealer log to a reset password.

The lake ingests the world’s stealer logs. The product joins them to your assets — and only your assets.

Watch only what you own

Give us your domains, execs, IP ranges, and vendors. We watch those, and nothing else.

Stealer logs, as they land

We pull RedLine, LummaC2, and Raccoon logs plus breach dumps, and match the new ones against your assets within minutes.

You see your data. Only yours.

There is no search box for the whole database. Scoping happens in the data layer, not the UI, so a client bug can’t reach anyone else.

Click a hit, see the story

Open an exposure to see the infected machine, the malware family, when it was grabbed, and whether that password is still in use.

Alerts where you already work

Fresh, high-severity hits go to Slack, email, or a webhook, or straight into your SIEM and ticketing.

Posture that holds up in a meeting

Watch your score move over time and mean-time-to-reset. Export a board deck or a compliance file when someone asks.

Why Qannas

The rule we won’t bend.

Handing a company the plaintext of its own leaked credential so it can reset it is fine. Letting one tenant search another’s data isn’t. Qannas is built around that line.

You only ever see your exposure

Every query runs against your org at the database. A bug in the app can’t reach another tenant’s data, because the app never has it.

A fresh log beats an old one

A RedLine grab from last week is a fire. A dump from 2019 is background noise. We rank by how recent it is and how critical the asset is, not by raw count.

This exists so you can reset passwords

We hand you the leaked credential so you can kill it. Speed-to-reset is the only number we care about — alert count is noise.

How it works

Point, match, ping, reset.

01
Point us at your stuff
List your domains, execs, IP ranges, and third parties. That list is your whole perimeter — we never look outside it.
02
We match new logs
As fresh stealer logs and breach dumps come in, a matching job joins them to your list. Deltas only, so it stays cheap.
03
You get pinged
A fresh, high-severity hit lands in Slack, email, a webhook, or your SIEM within minutes.
04
Reset, close, repeat
Confirm the credential is live, force a reset, push the ticket, and watch mean-time-to-reset come down.

Built by operators

From the team behind XENOPS.

Qannas is built and pressure-tested by the offensive-security collective atxenops.ae. The same people who run pentests and red teams for real clients built the matching engine — because they know what an attacker looks for first.

Visit XENOPS Research labs

BY XENOPS

Early access

See what’s already out there on you.

We onboard a handful of companies at a time. Tell us your domain and we’ll set up your tenant.

Email qannas@xenops.ae Use the contact form

Your passwords are already out there. We find them.

Has a stealer already grabbed your team?

You can’t reset a password you don’t know leaked.

Here’s what your team sees every morning.

Overview

From a raw stealer log to a reset password.

Watch only what you own

Stealer logs, as they land

You see your data. Only yours.

Click a hit, see the story

Alerts where you already work

Posture that holds up in a meeting

The rule we won’t bend.

You only ever see your exposure

A fresh log beats an old one

This exists so you can reset passwords

Point, match, ping, reset.

Point us at your stuff

We match new logs

You get pinged

Reset, close, repeat

From the team behind XENOPS.

See what’s already out there on you.