Acunetix Standard & Premium Web Asset Discovery
One of the first tasks when securing a web application is to identify all possible points of entry for a potential hacker to attack. The crawler function in Acunetix is designed to achieve this exact scope.
The Acunetix Web Asset Discovery function borrows this concept and takes it to a different level.
Over its lifetime, an enterprise will add, change, and remove web assets. An important task, therefore, is to identify all possible web applications which could be potential targets for a potential hacker to attack. The Web Asset Discovery function is designed to "discover" all possible web applications for you to eventually add them to your list of targets for eventual scanning, evaluation, and vulnerability remediation.
The data is obtained from a service that works independently from the Acunetix product, and is already populated with hundreds of millions of services in its database, adding more as it continually scans the internet.
🔍 Acunetix Web Asset Discovery - Update Interval |
The list of Discovered websites is updated periodically, with a maximum delay of about 1 hour. |
Step 1 - Post-Install Master User Configuration
The starting point for the Web Asset Discovery function is the email address of the Acunetix master user. By default, Acunetix will discover web applications on domains and subdomains that match the second level domain of your account, with any TLD (top level domain), including web applications which do not have a publicly available DNS record. Also, Acunetix will search for other sites hosted on the same web server as other discovered web assets using reverse IP-address lookup techniques.
This phase of the Web Asset Discovery process is triggered automatically during the first logon immediately after installation, where you will be prompted to enter your email address, profile details, and license key. In this example, the email address used was "webmaster@acunetixexample.com"; we can check the resulting discovered websites from the Discovery menu item:
Step 2 - Adding Targets
Whenever you add a new target to Acunetix, Web Asset Discovery makes new suggestions based on that target. In this example, we have added https://acunetix.com and http://testphp.vulnweb.com as new websites. The Asset Discovery function will add a large number of additional "Discovered Websites":
...including a number of websites with completely foreign second level domains. We will see how to limit this further down in this article.
Step 3 - Adjust Web Asset Discovery settings
The default Web Asset Discovery default settings are designed to make the match a very wide set of possible websites. This will obviously create a large number of false positive matches. You can reduce the number of false positive matches by reviewing your Asset Discovery settings; some of these settings are discussed below.
Match Settings
The match settings can be adjusted to refine the behaviour of the Asset Discovery function.
Email Matching
The Email Matching function will use the second level domain of your master account for matching websites — we can see this function in action in Step 1 above.
Website Matching
Website Matching will use the second level domain of any website you add to match any additional websites with the same second level domain. So, in our Step 2 example, Asset Discovery will attempt to match any websites with <any subdomain>.acunetix.<any TLD> in its URL.
Reverse IP Lookup
If your website is hosted on a shared hosting solution where other websites that do not belong to you are sharing the same IP Address, you can disable the Reverse IP Lookup option.
Inclusions - Second Level Domains
If your organization has websites on several second level domains, you can specify the relevant second level domains to improve the accuracy of the Asset Discovery process. Using our example websites in Step 2 above, we can specify this:
Now, click on the Save button to refresh the Discovery list.
Excluded Top Level Domains (TLDs)
Our Discovery list may contain a number of second level domain matches in TLDs that are not relevant to our requirements. We can specifically exclude TLDs from the Asset Discovery function. In our example, we can specify the following TLDs to be excluded:
Now, click on the Save button to refresh the Discovery list.
Step 4 - Review Discovered Websites list
We can now take a second look at our Discovered Websites list:
This list has drastically reduced the number of false positives compared to the first run. Now we can proceed to the final step.
Step 5 - Set the Ignore flag on False Positives
One item in the list is acunetix.selfip.com; this is a false positive.
Select the item, and click the Exclude button for this item, and select the Ignore Entry menu option.
Now your Web Asset Discovery function has provided you with a sanitized Discovered Websites list.