Support
Web Asset Discovery

The Discovery Service – Introduction

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

The Discovery Service enables you to become aware of your enterprise's online collateral, web applications, and services.

Without centralized control, you can lose track of a large number of web assets. Assets that are forgotten tend to become more vulnerable over time as new attack techniques are developed and vulnerabilities in older web technologies become more exploitable without constant updating. Abandoned and unmaintained web applications, sites, and APIs make prime targets for malicious actors.

The Discovery Service helps you to rediscover these web resources. Following registration with Invicti Enterprise, the discovery process starts with your email address as the first search criterion, immediately suggesting web resources that might also belong to you.

TIP: For more information about the importance of asset discovery, refer to our blog post on Why web asset discovery is a crucial part of your AppSec program.

Once you start adding assets to your list of websites, the system makes new suggestions based on those websites. Invicti analyzes your configuration and data, and then suggests further websites that might also belong to you.

How to enable and disable the Discovery Service

Invicti Enterprise On-Demand

The Discovery Service is always enabled for the On-Demand (cloud) version of Invicti Enterprise.

Invicti Enterprise On-Premises

  1. Select Settings > General from the left side menu.
  2. On the General Settings page in the Discovery Service section:
  1. Select (to enable) or deselect (to disable) the checkbox next to Enable Discovery Service.
  2. The default value for the Discovery Radar Service URL field is https://services.netsparker.cloud. This value should ONLY be changed in consultation with the Invicti Support team.

How the Discovery Service collects information

Resources that are leveraged dynamically

There are several resources that Invicti Enterprise uses to discover your web assets:

  • Email Matching: The domain part of your email address.
  • Website Matching: The domain name of assets listed on the Websites & APIs page in Invicti Enterprise.
  • Reverse IP Lookup: The IP address of assets configured on the Websites & APIs page in Invicti Enterprise.
  • Organization Name Matching: The Organization Names extracted from the TLS certificates of assets configured on the Websites & APIs page in Invicti Enterprise.
  • Only Registered Domains: You can limit the discovery results to return only websites that have a publicly available DNS record.

AWS Connections

The Discovery Service can be configured to connect to your AWS infrastructure. Any assets discovered (typically residing on EC2 instances) can subsequently be added to the Websites & APIs page.

Resources that can be manually added to the Discovery Service configuration

The Discovery Service can be optimized by making the following manual adjustments:

  • Adding and excluding second-level domain names
  • Excluding TLD (top-level domain) names from the discovery service results
  • Adding and excluding organization names
  • Excluding and including IP addresses

TIP: You can get hints for additional second-level domain names from the Knowledge Base section of a Scan Report.