Get started with Discovery
Over its lifetime, an organization will add, change, and remove web assets. This makes identifying all potential web application targets crucial for security. Invicti Platform's discovery service automatically finds these assets, allowing you to add them for scanning, evaluation, and vulnerability remediation.
This document explains how to use the Discovery service, starting with an initial list of discovered web assets that may be quite broad, fine-tuning the list, and eventually creating targets for scanning.
Step 1: Initial configuration
The starting point for the discovery service is the email address of the Invicti Platform master user. By default, Invicti will discover web applications on domains and subdomains that match the second level domain of your account, with any top level domain (TLD), including web applications that do not have a publicly available DNS record. Invicti will also search for other sites hosted on the same web server as other discovered web assets using reverse IP address lookup techniques.
These default settings are designed to discover a very wide set of possible websites but may result in a large number of false positive matches. You can reduce the number of false positive matches by reviewing your Discovery Configuration and narrowing the scope of the discovery service. Specifying IP addresses, organization names, and domains for inclusion and exclusion will also help fine-tune the discovery results.
How to configure the Discovery service
For step-by-step instructions on how to:
- Change the Discovery settings
- Specify inclusions
- Set exclusions
Refer to the Adjust Discovery configuration document.
Step 2: Filter the results
Applying filters to the results can also help make the list more manageable and allow you to focus, for example, on a particular domain or organization. The following filters are available:
- Domain
- IP address
- Risk Score
- Organization
- Second level domain
- Top level domain
How to filter the Discovery results
- Click + Add a filter at the top of the Discovery table.
- Select and specify the filter you want to use.
Filtering results by risk score enables you to prioritize the discovery results according to how likely each site is to have vulnerabilities. For more information, refer to the Utilize predictive risk score document. |
Step 3: Ignore specific URLs
As you review your list of discovered URLs, you may identify sites that you want the discovery service to ignore completely. You can mark these URLs as “ignored” so they no longer appear in the Discovery list.
How to ignore specific URLs
- Enable the checkbox next to the URL you want to ignore.
- Click Bulk actions > Ignore entries.
The Discovery list will refresh with the ignored entry now hidden.
Step 4: Create targets
A target is a URL that you would like to scan for security vulnerabilities. After configuring and filtering your discovery results and setting up targets, you are ready to start scanning your assets for vulnerabilities.
How to create targets
- You can easily create targets directly from the discovery list. For more information, refer to the Create assets from website discovery document.
- Alternatively, you can add targets via the Inventory > Targets page. For more information, refer to the Add target and Add multiple targets documents.
Step 5: Review the Discovery list after adding targets
Whenever you add a new target, the Discovery service makes new suggestions based on that target. This means additional “discovered websites” are added to your Discovery list, as Invicti works continuously to identify all possible web applications associated with your organization. It is therefore recommended that you review your discovery list to identify new URLs for target creation and scanning. During this process, you may also need to adjust the Discovery configuration again to filter out, for example, any second-level domains that do not belong to your organization.