Application and Service Discovery in Acunetix 360

This feature enables you to become aware of your enterprise's online collateral, web applications and services. This enables you to conduct a comprehensive security audit and better secure your online presence, continually reducing security threats.

This service works independently from our Acunetix 360 product, and already has hundreds of millions of services on its database. It continually scans the entire internet.

  • As soon as you register with Acunetix 360, the system begins the discovery process with your commercial email, immediately suggesting targets that might also belong to you.
  • Once you start adding targets, the system makes new suggestions based on those targets.
  • Acunetix analyzes your configuration and data, then suggests further targets that might also belong to you.

The Discovered Targets page displays and enables you to manage all targets Acunetix 360 has discovered:

  • You can conduct faceted search in a minimalistic way. Basic operations like ignore, create target and blacklist some parameter can be achieved here as well.
  • The Status column's default filter is set to New, so that newly discovered targets are displayed. This page then operates like a To Do list. We recommend that you keep on top of this list, and process discovered items, by creating or excluding each discovered target every time you log in.

All users with Manage Targets permission can view Discovered Targets and configure Service Discovery Settings.

Discovered Targets Fields

This table lists and explains the panels in the Discovered Targets page.

Field

Description

Authority

This is the domain that has been identified.

IP Address

This is the IP address identified for the target.

Second Level Domain

A second-level domain is a domain that is directly below a top-level domain (TLD). For example, in example.com, 'example' is the second-level domain of the .com TLD.

Top Level Domain

The TLD refers to the last segment of a domain name, or the part that follows immediately after the dot(.) symbol. For example, in the domain name www.example.com, the top-level domain is 'com'. TLDs are mainly classified into two categories: generic TLDs and country-specific TLDs. Examples of some of the popular TLDs include: .com, .org, .net, .gov, .biz and .edu.

Organizational Name

This is the name of the organization that identified as the registered owner of the target.

Status

This is the status of the target which can be one of the following:

New: This indicates targets that have just been discovered

Ignored: This indicates targets that you've ignored

Created: This indicates targets that you've created

Filtering

Filters enable you to find discovered targets that match given criteria.

How to Filter Your List of Discovered Targets
  1. In the Discovered Targets page, click the filter button (  ) next to any column header. The filter dialog is displayed.

  1. Click the delete icon ( ) to delete all fields by which you don't want to filter.
  2. Add a New Filter if necessary (see How to Add a New Filter).
  3. In the relevant field, where relevant:
  • From the FIELD dropdown, select a field
  • From the OPERATOR dropdown, select an operator
  • In the VALUE field, enter a value
  1. Click Apply. The list is filtered by the selected criteria.
How to Add a New Filter
  1. In the Discovered Targets page, click the filter button ( ) above the Discovered Targets field next to any column header. The filter dialog is displayed.
  2. In the filter dialog, click New Filter. A new row is displayed.
  3. Configure as required.
How to Filter Using Faceted Search

You can also filter the list of Discovered Targets using a faceted search. Click the number next to the IP Address, Second Level Domain, Top Level Domain or Organization Name in any row to filter on that criteria.

The list will display only targets that fit the criteria you've clicked on.

Service Discovery Settings

In this page, you can configure the settings that determine how the Discovered Targets list searches for online resources.

The discovery process uses specific parameters to suggest targets:

  1. IP Address or IP Range
  2. Second Level Domain (SLD)
  3. Top Level Domain (TLD)
  4. Organization Name

You can extend or narrow the results using these parameters, for example:

  • You can select to detect all targets that have SLD acunetix
  • You can select to detect all targets that have TLD .gov

The Service Discovery Settings page has the eight tabs. Each is outlined below.

Match Settings

This table lists and explains the sections in the Match Settings tab. They are all enabled by default.

Setting

Description

Email Matching

Enable to use your account's email address second level domain as a matching option.

Target Matching

Enable to use your added target’s second level domain as a matching option. This target matching option has a limit of 32 targets.

Only Registered Domains

Enable to exclude web services that do not have a publicly available DNS record.

Reverse IP Lookup

Enable to take the IP address pointing to a web server and search for other sites known to be hosted on the same web server.

Organization Name Matching

Enable to conduct another scan via the Organization Names extracted from the result set’s TLS certificates.

Second Level Domains

This tab lists the addresses that are below the top-level domains. A second-level domain is a domain that is directly below a top-level domain (TLD). For example, in example.com, 'example' is the second-level domain of the .com TLD.

Organizations

This tab lists the organization name (listed in the certificate's organization name fields or target’s copyright section) for each target or service that you want included in your Discovered Targets list.

IP Addresses

This tab lists the IP addresses for each target or service that you want included in your Discovered Targets list.

Excluded Second Level Domains

This tab lists the excluded second-level domains for each target or service that you want included in your Discovered Targets list.

Excluded Top Level Domains

This tab lists the top-level domains for each target or service that you want included in your Discovered Targets list. The TLD refers to the last segment of a domain name, or the part that follows immediately after the dot(.) symbol.

Excluded Organizational Names

This tab lists the name of the organization that is registered as the owner of the target.

Excluded IP Addresses

This tab lists the IP Addresses whose targets you would like excluded from the Discovered Targets list.

How to Configure Service Discovery Settings
  1. Log in to Acunetix 360.
  2. From the sidebar, click Discovery, then Discovered Targets. The Discovered Targets page is displayed.

  1. Click Settings. The Service Discovery Settings page is displayed.

  1. Configure the settings as explained in the table above.
  2. Click Save & Recrawl.

Creating Targets

Customers can create a target or multiple targets from the list of discovered targets.

How to Create a Target from the Discovery Tool
  1. Log in to Acunetix 360.
  2. From the sidebar, click Discovery, then Discovered Targets. The Discovered Targets page is displayed.

  1. Select the relevant targets, and click Create. You can also choose to create a Target for all the domains discovered using the drop down next to the Create button. The Import Targets page is displayed.

  1. Complete the fields as explained in Import Targets in Acunetix 360.
  2. Click Save.

Excluding Discovered Targets

You can exclude or ignore targets in this list, because they are redundant or duplicates. This will remove these items from the list, and they will not get discovered a second time.

How to Ignore a Discovered Target
  1. Log in to Acunetix 360.
  2. From the menu, click Discovery, then Discovered Targets. The Discovered Targets page is displayed.

  1. If you want to ignore some Discovered Targets:
  • Ignore one target by clicking Ignore in the target's row
  • Ignore multiple targets by selecting the relevant ones and clicking Ignore in the top right corner
How to Ignore All Discovered Targets
  1. Log in to Acunetix 360.
  2. From the sidebar, click Discovery, then Discovered Targets.

  1. Click the Ignore dropdown at the top of the page.
  2. Select Ignore [#] Targets.

Blacklisting Discovered Targets

You can blacklist discovered targets based on certain criteria. This means that targets that meet the criteria, such as an IP address, will be excluded from the list.

Option

Description

Blacklist IP Address

Select to exclude all targets and services with this IP address.

Blacklist Second Level Domain

Select to exclude all targets and services with this second level domain.

Blacklist Top Level Domain

Select to exclude all targets and services with this top level domain.

Blacklist Organization

Select to exclude all targets and services with this organization.

How to Blacklist a Discovered Target
  1. Log in to Acunetix 360.
  2. From the sidebar, click Discovery, then Discovered Targets. The Discovered Targets page is displayed.
  3. Next to the relevant target, click the Ignore dropdown.
  4. Select a Blacklist option. A confirmation dialog is displayed.
  5. Click Yes, Exclude.

 

« Back to the Acunetix Support Page