The Discovery Service – Introduction
The Invicti Discovery Service enables you to become aware of your enterprise's online collateral, web applications, and services.
Without centralized control, you can lose track of a large number of web assets. Assets that are forgotten tend to become more vulnerable over time, as new attack techniques are developed, and vulnerabilities in older web technologies become more exploitable without constant updating. Abandoned and unmaintained web applications, sites, and APIs make prime targets for malicious actors.
The Invicti Discovery Service helps you to rediscover these web resources. Following registration with Invicti Enterprise, the discovery process starts with your email address as the first search criterion, immediately suggesting web resources that might also belong to you.
Additional resources about the importance of Web Asset Discovery
For further information about the importance of asset discovery, see Why web asset discovery is a crucial part of your AppSec program.
Once you start adding assets to your list of websites, the system makes new suggestions based on those websites. Invicti analyzes your configuration and data, then suggests further websites that might also belong to you.
Working with the Discovery Service
Enabling and Disabling the Discovery Service
Invicti Enterprise Cloud
The Discovery Service is always enabled for the Cloud version of Invicti Enterprise.
Invicti Enterprise On-Premises
- Select the Settings -> General option in the sidebar
- In the General Settings page, navigate to the Discovery Service fields
- You can enable or disable the Discovery Service by toggling the Enable Discovery Service checkbox
- The default value for the Discovery Radar Service URL field is https://services.netsparker.cloud. This value should ONLY be changed in consultation with the Invicti Support team.
How the Discovery Service collects information
Resources which are leveraged dynamically
There are several resources that Invicti Enterprise uses to discover your web assets:
- Email Matching - the domain part of your email address
- Website Matching - the domain name of assets listed in the Websites & APIs page of your Invicti Enterprise console
- Reverse IP Lookup - the IP address of assets configured in the Websites & APIs page of your Invicti Enterprise console
- Organization Name Matching - the Organization Names extracted from the TLS certificates of assets configured in the Websites & APIs page of your Invicti Enterprise console
- Only Registered Domains - you can limit the discovery results to return only websites that have a publicly available DNS record
The Discovery Service can be configured to connect to your AWS infrastructure. Any assets discovered (typically residing on EC2 instances) can subsequently be added to your Websites & APIs page.
Resources which can be manually added to the Discovery Service configuration
The Discovery Service can be optimized my making the following manual adjustments:
- additional and excluded second-level domain names
- excluded TLD (top-level domain) names from the discovery service results
- additional and excluded organization names
- excluded and excluded IP addresses
- you can get hints for additional second-level domain names from the Knowledge Base section of a Scan Report