Managing Discovery Service in Netsparker Enterprise
The Discovered Websites window displays and enables you to manage all websites Netsparker has discovered:
- You can filter results in each of the columns. Basic operations like ignore, create website and blacklist, for some parameters, can be achieved here as well.
- The Status column's default filter is set to New so that newly discovered websites are displayed. This window then operates like a To-Do list. We recommend that you keep on top of this list, and process discovered items, by creating or excluding each discovered website every time you log in.
All users with Manage Websites permission can view Discovered Websites and configure Service Discovery Settings.
This topic explains how to manage the Discovery Service in Netsparker Enterprise. For further information on the Discovery Service, see Application and Service Discovery.
Discovered Websites Fields
This table lists and explains the panels in the Discovered Websites window.
Field |
Description |
Authority |
This is the hostname or IP address and port number for a server. |
IP Address |
This is the IP address of the website. |
Top-Level Domain |
The TLD refers to the last segment of a domain name, or the part that follows immediately after the dot(.) symbol. |
Second Level Domain |
A second-level domain is a domain that is directly below a top-level domain (TLD). For example, in example.com, 'example' is the second-level domain of the .com TLD. |
Organization Name |
This is the name of the organization that is registered as the owner of the website. |
Status |
This is the status of the website. The options are:
|
Filtering
Filters enable you to find discovered websites that match given criteria.
How to Filter Your List of Discovered Websites
- In the Discovered Websites window, click the filter button (
) next to any column header. The filter dialog is displayed.
- Click to clear all fields.
- Add a New Filter if necessary (see How to Add a New Filter).
- In the relevant field, where relevant:
- From the FIELD dropdown, select an option
- From the OPERATOR drop-down, select an option
- In the VALUE field, enter a value
- Click Apply. The list is filtered by the selected criteria.
[ANCHOR LINK]How to Add a New Filter
- In the Discovered Websites window, click the filter button (
) above the Discovered Websites field next to any column header. The filter dialog is displayed.
- In the filter dialog, click New Filter. A new row is displayed.
- Configure as required.
How to Filter Using Faceted Search
You can also filter the list of Discovered Websites using a faceted search. Click the number next to the IP Address, Second Level Domain, Top Level Domain or Organization Name in any row to filter on that criteria.
The list will display only websites that fit the criteria you've clicked on.
Service Discovery Settings
In this window, you can configure the settings that determine how the Discovered Websites list searches for online resources.
The discovery process uses specific parameters to suggest websites:
- IP Address or IP Range
- Second Level Domain (SLD)
- Top-Level Domain (TLD)
- Organization Name
You can extend or narrow the results using these parameters, for example:
- You can select to detect all websites that have SLD netsparker
- You can select to detect all websites that have TLD .gov
The Service Discovery Settings window has eight tabs. Each is outlined below.
Match Settings
This table lists and explains the sections in the Match Settings tab. They are all enabled by default.
Setting |
Description |
Email Matching |
Enable to use your account's email address second-level domain as a matching option. |
Website Matching |
Enable to use your added website's second-level domain as a matching option. The website matching option has a limit of 32 websites. |
Only Registered Domains |
Enable to exclude web services that do not have a publicly available DNS record. |
Reverse IP Lookup |
Enable to take the IP address pointing to a web server and search for other sites known to be hosted on the same web server. |
Organization Name Matching |
Enable to conduct another scan via the Organization Names extracted from the result set’s TLS certificates. |
Second-Level Domains
This tab lists the addresses that are below the top-level domains. A second-level domain is a domain that is directly below a top-level domain (TLD). For example, in example.com, 'example' is the second-level domain of the .com TLD.
Organizations
This tab lists the organization name (listed in the certificate's organization name fields or the website's copyright section) for each website or service that you want included in your Discovered Websites list.
IP Addresses
This tab lists the IP addresses and IP ranges for each website or service that you want included in your Discovered Websites list.
Excluded Second-Level Domains
This tab lists the second-level domains for each website or service that you want excluded from your Discovered Websites list.
Excluded Top Level Domains
This tab lists the top-level domains for each website or service that you want excluded from your Discovered Websites list. The TLD refers to the last segment of a domain name, or the part that follows immediately after the dot(.) symbol.
Excluded Organizational Names
This tab lists the name of the organizations whose websites should be excluded from the service.
Excluded IP Addresses
This tab lists the IP Addresses whose websites you would like excluded from the Discovered Websites list.
How to Configure Service Discovery Settings
- Log in to Netsparker Enterprise.
- From the main menu, click Discovery, then Settings. The Application and Service Discovery Settings window is displayed.
- Configure the settings as explained in the table above.
- Click Save & Recrawl.
Discovery API
You can use API endpoints that enable you to ignore some of the discovered websites or change your discovery settings.
They perform other functions as well. For example, if you want to access the data as JSON or XML, you can use the API endpoints. You can then feed this data to other applications programmatically.
Please note that API endpoints have limited use for the operations on UI pages. For instance, you can use many filter operators on the UI but API requests only support the ‘Equal’ filter operator.