Yes, Attaxion uses various technologies to discover both known and unknown assets that are somehow connected to a provided root asset.
As an external attack surface management (EASM) platform, Attaxion helps cybersecurity teams adhere to the EASM process, the first step of which is asset discovery.
Refer to the article about external asset types to learn about the kinds of assets Attaxion can find.
How Attaxion Finds Unknown Assets
Attaxion relies on plenty of scanning methods that vary depending on the scanning mode.
These are the primary methods that Attaxion can employ for asset discovery:
- WHOIS Lookup
- Reverse WHOIS Lookup
- Passive Subdomains Lookup
- DNS Lookup
- Reverse DNS Lookup
- IP Geolocation Lookup
- IP Netblocks Lookup
- Cloud Providers Scanner
- Web Crawler
- Active Subdomains Scanner
- SSL Lookup
- Port Scanner
After the account administrator adds and verifies one or more root assets, Attaxion applies these methods to discover assets that are related to it and keeps continuously repeating this process to ensure all new assets also get discovered.
Neither of these methods require access to the organization’s network, which means they are essentially replicating the tools a potential adversary might use to find attack vectors.