Web Asset Discovery

Web Asset Discovery enables you to become aware of your web assets, web applications, and online services. With this information, you can conduct a comprehensive security audit and better secure your online presence, continually reducing security threats. This guide explains how web asset discovery works, the information you can view on the Discovery page, the available settings, and how to use the count icons for quick filtering of your discovery results.

Overview of Web Asset Discovery

The discovery service works independently from the Acunetix product. As soon as you activate your Acunetix license, the system begins the discovery process with the master user's email address, immediately suggesting URLs that might also belong to you. It continually scans the entire internet, and once you start adding targets, the system makes new suggestions based on those targets. Acunetix also analyzes your configuration and data to then suggest further websites that might also belong to you.

The Discovery list

As you use Acunetix, the Discovery page builds a list of candidate websites that you might want to add to your list of targets. This list is updated every time you:

  • Add (or remove) a Target
  • Change one of the flags on the Discovery > Settings page
  • Add an Inclusion to one of the inclusion lists (IP Addresses, Organizations, or Second Level Domains)
  • Add an Exclusion to one of the exclusion lists (IP Addresses, Organizations, Top Level Domains, or Second Level Domains)

Update interval: The list of Discovered websites is updated periodically, with a maximum delay of about 1 hour. 

Discovery Settings

The Discovery Settings page allows you to customize the types of matches that the Web Asset Discovery function will make when building your Discovery list.

  • Email Matching: The Email Matching function will use the second-level domain of your master account for matching websites. Disabling this will ignore the second-level domain of your master account.
  • Website Matching: Website Matching will use the second-level domain of any target you add to match any additional websites with the same second-level domain. If you disable this setting, then the Web Asset Discovery function will add or remove entries into your Discovery list when you add or remove a Target.
  • Only Registered Domains: By default, Web Asset Discovery will exclude any web services that do not have a publicly available DNS record. You can disable this option if you wish to widen your search to possible websites even if no DNS record for them exists.
  • Reverse IP Lookup: If your website is hosted on a shared hosting solution where other websites that do not belong to you share the same IP Address, you can disable the Reverse IP Lookup option.
  • Organization Name Matching: By default, Web Asset Discovery will use the Organization Names extracted from SSL certificates of websites in your Discovery list to perform an additional search for other possible websites with a matching Organization Name in their SSL certificates.

Inclusions

The Discovery Inclusions page allows you to add search elements for Web Asset Discovery to find additional candidates and add them to your Discovery list.

  • IP Addresses: You can add IP Addresses to your inclusion list, and Web Asset Discovery will use this information to search in its database for candidate websites to add to your Discovery list.
  • Organizations: You can add organization names to your inclusion list, and Web Asset Discovery will use this information to search in its database for candidate websites that match the organization names within their SSL certificate and add them to your Discovery list.
  • Second Level Domains: You can add second-level domains to your inclusion list, and Web Asset Discovery will use this information to search in its database for candidate websites with the specified second-level domains to add to your Discovery list

Exclusions

On the Discovery Exclusions page, you can specify the following types of exclusions so that Web Asset Discovery excludes websites from your Discovery list:

  • IP Addresses: Websites hosted on the specified IP Addresses will be excluded from the Discovery list.
  • Organizations: Websites with the specified Organization names in their SSL certificates will be excluded from the Discovery list.
  • Top Level Domains: Websites with the specified Top Level domains in their hostname will be excluded from the Discovery list.
  • Second Level Domain: Websites with the specified Second Level domains in their hostname will be excluded from the Discovery list.

Quick filtering from the Discovery list

The Discovery list provides count icons for each Organization, IP Address, Second Level Domain, and Top Level Domain. These count icons are clickable and serve as a shortcut to a filtered view, based on the chosen count icon.

« Back to the Acunetix Support Page