Major Update for Attack Surface Discovery tool

Netlas.io
7 min readMar 21, 2024

--

Intro

Attack Surface Discovery tool on Netlas.io has a major update! It is now, without any doubt, the best-in-class graphical tool for reconnaissance.

Let’s see what brand new features have appeared in the latest update and how they will help you. Enjoy reading!

Brief example of using the new version of ASD

Main features

Grouping

The most important part of the update is the support for group operations. If in the previous version, you could not conduct searches that would have more than 50 results, now this limitation has been significantly increased. The new version of ASD allows you to add up to 100,000 of results as a group.

Let’s look at how it works. Add a “spacex.com” node. Next, open the search and pay attention to the request “Subdomains”.

This is what it looked like in the previous version of the tool:

Search is not available because there is no mechanism for displaying such many nodes on the workspace. Very bad, very unpleasant.

And here’s how the same situation looks in the new version of ASD:

So, we can already find something. Click on the “Add & Group” button.

All 106 subdomains were placed to the single group node.

The bad news is that there are some restrictions depending on pricing plan you use. For more information, See the “Attack Surface Discovery tool” section of pricing.

Group operations

The first thing you can do is click on the new node. If you do this with the left mouse button, a regular search window will appear.

The difference between these searches and the old ones is that they refer to “some” nodes from the group. It will be difficult for you to figure out which one. In the same case, if you want to work with a limited number of objects from a group, you must first extract them. To do this, right-click on the group.

Now we are interested in the “View list” button; I will explain the meaning of the remaining functions a little later. For now, let’s just open the list:

To move a node outsdide from a group, you need to click the corresponding button opposite the desired object. Everything is easy :)

Now from the freed node, we can conduct separate searches, the identity of which we will be sure of.

However, it is not difficult to notice the difference in the available searches before and after some nodes have been retrieved. Let’s look at this using the example of searching for subdomains.

If we take them from the entire group, then there are a total of 12 subdomains available:

Let’s try to exclude “mail.spacex.com” and “dev.spacex.com”. The search has changed, and now when performing a group operation we will only get 9 subdomains:

It also possible to search for objects that are part of a group separately. To do this use the following button:

In addition, as you may have already noticed, groups can be renamed, copied, pinned, and excluded. The last two points are like those when working with standard nodes. Let’s look at the operation of the first two functions.

To rename a group, you need to click the corresponding button in the context menu, like this:

Next, enter a new name, for example, “Just subdomains”, and save it. So, we get the following result:

You can use this to navigate groups faster when working with large and confusing perimeters.

Now let’s look at copying. Click the following button:

And you will copy the entire list to the clipboard. Quite convenient if you need to transfer search results somewhere in parts while working.

And finally, grouping and ungrouping. These buttons will allow you to combine objects into new groups and split existing lists into separate nodes. There are two conditions:

  1. Objects to be merged must be of the same type (for example, only subdomains).
  2. There should be no more than twenty nodes in the list to ungroup, otherwise, you will not be able to ungroup them.

Look at an example. Let’s say we add NS servers from “spacex.com” separately, not as a group. Then let’s select them. This is what it will look like:

Next, press RMB, then the following button:

You will get the following result:

Then we will try to divide the created group. Use RMB on it, after “Ungroup”. Now the workspace again has four separate records.

Let’s add a few more nodes, demonstrating double connections between objects. Thus, “mx1.spacex.com” will simultaneously be both a subdomain and a mail server for “spacex.com”. Moreover, by looking at some subdomain searches, we can find that some of them are mail servers for Swarm resources.

Saving and downloading

Once your graph has been compiled, you can download it to your device. Before doing this, save it by clicking one of the following buttons:

After this, the download button will become available.

When downloading, you can choose which elements of the graph interest you. It is important to mention that nodes that have been excluded will not be added to the loaded surface.

This is what the downloaded file looks like:

But what to do with it?
You can put this file as input into nmap or any similar scanner. For example, like this:

Not the best example, since nmap was unable to resolve some domains…

This is where most of the new functionality ends. Let’s now look at some small innovations.

Minor features

New colours

Firstly, new colours have appeared for different types of nodes. This will allow you to quickly navigate your attack surfaces, distinguishing objects not only by icons but also by colours.

Here’s what it looks like now:

And here’s what it looked like before:

Thanks to the new colours, the graph will no longer merge into a single entity, which makes using the ASD Tool much more convenient.

Nodes hiding

In addition, a function to hide excluded nodes has been added. It removed objects from the graph that you decided to exclude, which also allows you to influence how you work with it. Let’s look at this based on.

Let’s say we have a “netlas.io” node, from to which we search for subdomains:

Now exclude two nodes from our graph:

These objects remain in the workspace, but you cannot search by them, and they will not be saved when downloading the graph. Let’s just remove them.

To do this, activate the switch at the bottom of the workspace:

And you will get the following result:

Hiding nodes will allow you to clear your workspace of unnecessary objects, making the graph more readable.

Conclusion

Today Netlas received another major update, which, it seems to me, significantly improves the experience with the ASD Tool. Now you can build truly large perimeters by exploring large organizations.

You can also read about Netlas usage for Attack Surface Discovery and Visualization in our articles:

I must also say that this is not all. There are other cool tools in development that… However, you will see for yourself. Follow the news.

Good luck!

So many new things…

--

--

Netlas.io

Discover, research and monitor any assets available online