Adjusting Discovery Settings, Inclusions, and Exclusions
The Discovery service uses various attributes as relevant inputs when searching for web assets, web applications, and online services that might belong to your organization. By adjusting the settings and specifying inclusions and exclusions, you can change the scope of the Discovery search. This is particularly useful if you have a vast number of results that you want to narrow down to a specific domain, IP address, or organization name. This guide explains how to adjust the settings that are used by the Discovery service to determine what domains are included or excluded in your Discovery list.
How to adjust Discovery Settings
The Discovery Settings page allows you to customize the types of matches that the Discovery service will make when building your list of discovered web assets, web applications, and online services.
To adjust the types of matches used by the Discovery service:
- Go to Discovery > Settings in the Acunetix menu.
- Enable (select) or disable (deselect) the following options according to your preferences (by default, all options are enabled):
- Email Matching: The Email Matching function will use the second-level domain of your master account for matching websites. Disabling this setting will ignore the second-level domain of your master account.
- Website Matching: Website Matching will use the second-level domain of any Target you add to match any additional websites with the same second-level domain. If you disable this setting, then the Discovery service will add or remove entries into your Discovery list when you add or remove a Target.
- Only Registered Domains: By default, the Discovery service will exclude any web services that do not have a publicly available DNS record. You can disable this option if you wish to widen your search to possible websites, even if no DNS record for them exists.
- Reverse IP Lookup: If your website is hosted on a shared hosting solution where other websites that do not belong to you share the same IP Address, you can disable the Reverse IP Lookup option.
- Organization Name Matching: By default, the Discovery service will use the organization names extracted from SSL certificates of websites in your Discovery list to perform an additional search for other possible websites with a matching organization name in their SSL certificates.
- Enable Risk Scoring: Predictive Risk Scoring allows you to prioritize your web asset discovery results according to their potential risk before you scan them.
- Click Save for your changes to take effect.
How to specify Discovery Inclusions
On the Discovery Inclusions page, you can add specific search elements to instruct the Discovery service to find those particular web assets and add them to your Discovery list.
To specify results you want included in your Discovery list:
- Go to Discovery > Inclusions in the Acunetix menu.
- In the following sections, enter your elements for inclusion, then click + (plus icon) to add them to the inclusions list.
- IP Addresses: When specific IP Addresses are added to the inclusion list, the Discovery service uses this information to search in its database for matching candidate websites to add to the Discovery list.
- Organizations: When specific organization names are added to the inclusion list, the Discovery service uses this information to search in its database for candidate websites that match the organization names within their SSL certificates and adds them to the Discovery list.
- Second Level Domains: When second-level domains are added to the inclusion list, the Discovery service uses this information to search in its database for candidate websites with the specified second-level domains and adds them to the Discovery list.
- Click Save for your changes to take effect.
The IP addresses, organizations, and second level domains you specified will now be included in the Discovery list.
How to set Discovery Exclusions
The Discovery Exclusions page is where you can specify domains, IP addresses, and organizations that you do not want the Discovery service to include in the Discovery list. This is particularly useful if you want to intentionally narrow the scope of your Discovery results.
To exclude particular results from the Discovery list:
- Go to Discovery > Exclusions in the Acunetix menu.
- In the following sections, enter your elements for exclusion, then click + (plus icon) to add them to the exclusions list.
- IP Addresses: Websites hosted on the specified IP Addresses will be excluded from the Discovery list.
- Organizations: Websites with the specified organization names in their SSL certificates will be excluded from the Discovery list.
- Top Level Domains: Websites with the specified top level domains in their hostname will be excluded from the Discovery list.
- Second Level Domain: Websites with the specified second level domains in their hostname will be excluded from the Discovery list.
- Click Save for your changes to take effect.
The IP addresses, organizations, top level domains, and second level domains you specified will now be excluded from the Discovery list.