Application Security Platform
Overview

Get started with Discovery

This document is for:
Invicti Platform

Over its lifetime, an organization will add, change, and remove web assets. This makes identifying all potential web application targets crucial for security. Invicti Platform's discovery service automatically finds these assets, allowing you to add them for scanning, evaluation, and vulnerability remediation.

This document explains how to use the Discovery service, starting with an initial list of discovered web assets that may be quite broad, fine-tuning the list, and eventually creating targets for scanning.

Step 1: Initial configuration

The starting point for the discovery service is the email address of the Invicti Platform master user. By default, Invicti will discover web applications on domains and subdomains that match the second level domain of your account, with any top level domain (TLD), including web applications that do not have a publicly available DNS record. Invicti will also search for other sites hosted on the same web server as other discovered web assets using reverse IP address lookup techniques.

These default settings are designed to discover a very wide set of possible websites but may result in a large number of false positive matches. You can reduce the number of false positive matches by reviewing your Discovery Configuration and narrowing the scope of the discovery service. Specifying IP addresses, organization names, and domains for inclusion and exclusion will also help fine-tune the discovery results.

How to configure the Discovery service

For step-by-step instructions on how to:

  • Change the Discovery settings
  • Specify inclusions
  • Set exclusions

Refer to the Adjust Discovery configuration document.

Step 2: Filter the results

Applying filters to the results can also help make the list more manageable and allow you to focus, for example, on a particular domain or organization. The following filters are available:

  • Domain
  • IP address
  • Risk Score
  • Organization
  • Second level domain
  • Top level domain

How to filter the Discovery results

  • Click + Add a filter at the top of the Discovery table.
  • Select and specify the filter you want to use.

Filtering results by risk score enables you to prioritize the discovery results according to how likely each site is to have vulnerabilities. For more information, refer to the Utilize predictive risk score document.  

Step 3: Ignore specific URLs

As you review your list of discovered URLs, you may identify sites that you want the discovery service to ignore completely. You can mark these URLs as “ignored” so they no longer appear in the Discovery list.

How to ignore specific URLs

  1. Enable the checkbox next to the URL you want to ignore.
  2. Click Bulk actions > Ignore entries.

The Discovery list will refresh with the ignored entry now hidden.

Step 4: Create targets

A target is a URL that you would like to scan for security vulnerabilities. After configuring and filtering your discovery results and setting up targets, you are ready to start scanning your assets for vulnerabilities.

How to create targets

Step 5: Review the Discovery list after adding targets

Whenever you add a new target, the Discovery service makes new suggestions based on that target. This means additional “discovered websites” are added to your Discovery list, as Invicti works continuously to identify all possible web applications associated with your organization. It is therefore recommended that you review your discovery list to identify new URLs for target creation and scanning. During this process, you may also need to adjust the Discovery configuration again to filter out, for example, any second-level domains that do not belong to your organization.

Share This Article