assetfinder

Assetfinder is a reconnaissance tool designed for automated security workflows within Canva. Its primary function is to discover domains and subdomains that could be associated with a specified domain, enhancing the visibility of potential attack surfaces.

Ideal Use Cases & Fit

This tool excels in scenarios where comprehensive subdomain discovery is required, such as during the initial phases of security assessments or penetration testing. It works best when provided with a list of target domains in newline-separated format. Assetfinder effectively uncovers potential attack vectors by identifying associated domains and subdomains. However, it is not suitable for deep web reconnaissance or applications requiring significant interaction with discovered services.

Value in Workflows

Assetfinder adds significant value to security workflows by streamlining the reconnaissance process. It can be integrated early in security assessments to gather domain information, which can then inform further testing and analysis steps. This logical placement helps prioritize risk assessment and focus subsequent efforts on the most critical assets.

Input Data

The tool expects a file input in newline-separated format, where each line contains a domain to be analyzed. The input format is critical as it allows for batch processing of multiple domains. An example input could be:

example.com
example2.com

Configuration

subs-only: A boolean parameter that, when set to true, restricts results to only include subdomains of the target domain. This is useful for narrowing down the focus to relevant subdomain data during reconnaissance and enhancing the specificity of the gathered information. Default is false.

Ideal Use Cases & Fit​

Value in Workflows​

Input Data​

Configuration​

Ideal Use Cases & Fit

Value in Workflows

Input Data

Configuration