Getting Started with Discovery

Over its lifetime, an organization will add, change, and remove web assets. An important task, therefore, is to identify all possible web applications that could be potential targets for a hacker to attack. The discovery service in Acunetix is designed to identify all possible web applications for you to eventually add them to your list of targets for scanning, evaluation, and vulnerability remediation.

This guide shows you how to use the discovery service, starting from an initial list of discovered web assets that may be quite broad, through to fine-tuning the list, and eventually creating targets for scanning.

PREREQUISITES for Acunetix On-Premises:

  • Internet connection
  • Allowlist Invicti's discovery service URLs:
  • https://discovery-service.invicti.com
  • https://jwtsigner.invicti.com/

Step 1: Initial configuration

The starting point for the discovery service is the email address of the Acunetix master user. By default, Acunetix will discover web applications on domains and subdomains that match the second level domain of your account, with any top level domain (TLD), including web applications that do not have a publicly available DNS record. Acunetix will also search for other sites hosted on the same web server as other discovered web assets using reverse IP address lookup techniques.

These default settings are designed to discover a very wide set of possible websites but may result in a large number of false positive matches. You can reduce the number of false positive matches by reviewing your Discovery Settings and narrowing the scope of the discovery service. Specifying IP addresses, organization names, and domains for inclusion and exclusion will also help fine-tune the discovery results.

How to configure the discovery service

For step-by-step instructions on how to:

  • Change the Discovery Settings
  • Specify inclusions
  • Set exclusions

Refer to Adjusting Discovery Settings, Inclusions, and Exclusions.

Step 2: Filtering the results

Applying filters to the results can also help make the list more manageable and allow you to focus, for example, on a particular domain or organization. The following filters are available:

  • Domain
  • Ignored Entries
  • IP Address
  • Only Created Targets
  • Organization
  • Risk Score
  • Second Level Domain

How to filter the discovery results

  • Click the Filter bar at the top of the discovery table then select and specify the filter you want to use.
  • Alternatively, use the quick filters by clicking the count icons in the Organization, IP Address, Second Level Domain, and Top Level Domain columns.
  • Filtering results by risk score enables you to prioritize the discovery results according to how likely each site is to have vulnerabilities. For more information, refer to Utilizing Predictive Risk Scoring.  

Step 3: Ignoring specific URLs

As you review your list of discovered URLs, you may identify sites that you want the discovery service to ignore completely. You can mark these URLs as 'ignored' so they no longer appear in the discovery list.

How to ignore specific URLs

  1. Click the checkbox next to the URL you want to ignore.
  2. Click Exclude, then select Ignore Entry.

The discovery list will refresh with the ignored entry now hidden.

TIP: To view all ignored URLs, filter the discovery results by Ignored Entries.

Step 4: Creating targets

A target is a URL that you would like to scan for security vulnerabilities. After configuring and filtering your discovery results, you are ready to start scanning your sites for vulnerabilities. Each site needs to be set up as a target. Scans are then run on individual targets or target groups.

How to create targets

  • You can easily create targets directly from the discovery list. For step-by-step instructions, refer to Target creation from Web Asset Discovery.  
  • Alternatively, you can manually add targets via the Targets page or import targets using a CSV file. For more information, refer to Adding Targets.

Step 5: Reviewing the discovery list after adding targets

Whenever you add a new target to Acunetix, the discovery service makes new suggestions based on that target. This means additional 'discovered websites' are added to your discovery list, as Acunetix works continuously to identify all possible web applications associated with your organization. It is therefore recommended that you review your discovery list to identify new URLs for target creation and scanning. During this process, you may also need to adjust the discovery settings, inclusions, or exclusions again to filter out, for example, any second level domains that do not belong to your organization.

« Back to the Acunetix Support Page