Application and Service Discovery
Acunetix 360's discovery service enables you to become aware of your enterprise's online assets, web applications, and services.
- Without centralized control, you can end up with thousands of assets that may be long-forgotten and left to their fate. These abandoned and unmaintained sites make prime targets for malicious actors
- So, you can’t protect what you don’t know about.
Acunetix 360 helps you discover these websites. As soon as you register with Acunetix 360, the system begins the discovery process with your commercial email, immediately suggesting websites that might also belong to you.
- Once you start adding websites, the system makes new suggestions based on those websites. Acunetix 360 analyzes your configuration and data, then suggests further websites that might also belong to you.
This topic explains how Acunetix 360 discovers web assets and services.
To manage the Discovery Service in Acunetix 360, see Managing Discovery Service in Acunetix 360. To create websites via the Discovery Service, see Creating Websites via Discovery Service.
How the Discovery Service works
There are three main resources that Acunetix 360 uses to discover your web assets.
- Your Email's Domain
- Second-Level Domain of Existing Websites
- Knowledge Base
Email domain
As soon as you register with Acunetix 360, the system begins the discovery process with your email address, immediately suggesting websites that might also belong to you.
The service takes the domain name (e.g. acunetix from user@acunetix.com) and starts querying. At the same time, the service queries the IP address of discovered websites. For example, the service queries the IP address of Acunetix and lists the results in the discovered websites section.
Second Level domain
While the domain name of your email address is used to query the discovery service, Acunetix further uses this domain address to look for additional websites. For example, when the service discovers acunetix.com from your email address, it also starts looking for websites, such as api.acunetix.com and test.acunetix.com. Then, it lists these websites under the Discovered Websites.
Links in the Knowledge Base
In addition to the second level domain, you can utilize the Out of Scope Links Node in the Knowledge Base. The node lists those links that are excluded from a scan in the Scan Scope settings.
Although Acunetix 360 aims to crawl every part of the target web application to identify vulnerabilities, the scanner still allows you to determine the scope of the scan. Even if you do, Acunetix 360 lists these websites to inform you which links remain uncrawled.
You can use these links and feed the discovery service so that Acunetix 360 tries to find additional websites. Once you do that, you will be able to see additional websites in the discovered websites.
When you add, for example, freecsstemplates as a second level domain into Acunetix 360, the discovery service starts querying and populating the discovered websites as the following:
Public Data Source
Three main sources act as information for Acunetix 360 to discover websites that may be related to you. But, which service does Acunetix use to query in order to list these websites?
The Discovery Service is a separate service that works completely independent from Acunetix 360 and currently runs here: https://services.acunetix360.com/
Acunetix 360 queries the discovery server and lists the results in the application. There is the public source where the Discovery Service collects this data: Certificate Transparency Logs.
Certificate Transparency Logs
This is a registration system in which all certificate authorities have to register every SSL certificate they sign.
In this registration system, logs are kept as binary. The Discovery Service downloads these logs, parses them, and saves them into the database.
By doing this, for example, when “www.google.com” is added to Acunetix 360, Discovery Service gets the Organization (O) and Subject Common Name values from this website's SSL certificate and filters websites that match the organization name or subject common name in that SSL certificate from the backend database and shows them as a discovered website in the UI.
These records will be listed under the Discovered Websites.
Discovery Service FAQ
Question: I have example.com. However, Acunetix 360 Discovery Service could not find this domain. Why?
- As specified above, the Discovery Service is a separate service that works completely independent from Acunetix 360. Acunetix 360 inquiries third-party databases to identify websites that may be related to you.
- Secondly, the Discovery Service does not provide a 100% guarantee that Acunetix 360 will discover all of your websites. If only third-party databases have information related to your website, Acunetix 360 can discover and list them.
- Also, the Discovery Service can find those websites that are public even if they are not publicly accessible.
Question: In order to utilize the Discovery Service in Acunetix 360 On-Premises, which URL/port should I permit?
While using Acunetix 360 On-Premises, you should select the Enable Discovery Service under the General Settings. Also, you should enter https://services.acunetix 360.com to the Discovery Service URL so that Acunetix 360 can carry out the query to discover websites.