Docs

Discovery

Discovery is a process of finding Entrypoints. This can be done once and reused going forward, assuming the target does not change.

Suggest Edits

Creating a Discovery

To run a Discovery in an existing project, follow these steps:

  1. In the left pane, select the Projects option to see the list of available projects.
  2. Select the project, then click the Add entrypointsCreate new discovery.

Specifying discovery details

In the Details tab, enter any free-text name for the scan In the Discovery name field.

Defining targets

In the Targets tab, do the following:

  1. Choose a discovery targets type. Discovery targets may be the following types:

Publicly accessible from Bright's cloud - Scanning directly from the cloud is allowed for authorized targets only. Learn more about Target Authorization.

On a private network or not authorized - Scanning via CLI in Repeater Mode, provides secure access to local networks or unauthorized targets. Learn more about Repeater Mode

Target credentials

(Optional) Authentication - Select an authentication type, or Scan without authentication, if it's not needed. Learn more about Authenticated scans.

Discover Entrypoints

Select a suitable way to discover entrypoints while scanning. Learn more about Entrypoints.

For websites and web apps

Via crawling - Smart Crawler is a procedure to minimize crawler time. It can skip Entrypoints with duplicate parameters, and so on. Learn more about Crawling.

URL - Enter a URL (target host) to scan the whole or a part of the specified application. The crawler will map the entire application attack surface automatically.

To discover only specific parts of your application or add multiple hosts, click on the right of the Targets section. In this case, only the specified sections of the application and everything downstream from them will be scanned.

🚧

Note:

Some hosts may be unreachable or unauthorized for a direct scan from the cloud:

  • If a host cannot be reached by the engine, select a running Repeater for the scan in the Network Settings section.
  • If a host is unauthorized for a direct scan from the cloud, either select a running Repeater for the scan or add a .nex file to the host root directory. (Learn more about Managing organizations).

Subdomains crawling

This allows the crawler to explore more than just the direct links from the target URLs. It can also check out the higher-level folders and subdomains related to those URLs. However, it will not crawl other authorized domains that were not part of the discovery’s scope.

For instance, a Discovery started against the test.com/bar. Here's how the crawler will behave with the checkbox selected:

  • Allowed:
    test.com/groups
    shop.test.com
  • Not allowed:
    example.com/login

Use smart crawling for speed optimization

Skip URLs or forms with duplicate parameter names but different values to reduce crawling time.

Depth of client-side chained interactions

Define how deep the crawler should try to use chained options such as multi-level nested drop down menus.

Via a .HAR file - Use a pre-recorded session of your interaction with the application (HAR file), which has been created either manually or automatically (using QA tools, such as Selenium to scan your application). This discovery type enables you to define the scope of a scan and ensures complete coverage of the attack surface.

See Creating a HAR File to learn how to create a HAR file.

See Scanning a website with a HAR file for detailed information.

Delete the file after it has been sent to the engine for a scan - Mark this checkbox if you don't want the file to be saved.

👍

To enjoy both full automation and deeper attack surface analysis, you can combine Crawling and Recording (HAR) in a single discovery.

For APIs

Via API schema file (for API endpoints)- Use an *.yml file to discover APIs. See Scanning API endpoints for detailed information. The file can be chosen from a disc or pre-uploaded to the Bright app. Also, you can simply add a link to the file.

For GraphQL

This tab allows you to specify a GraphQL endpoint link for introspection, similar to configuring API schemas above. Introspection is a GraphQL schema feature that enables users to inquire about the supported queries within a GraphQL schema.

To proceed, provide a GraphQL schema file by one of these options:

  • File from a disk - to upload a file from your computer. Required file formats: .gql, .graphql, .json.
    • Link to GraphQL introspection endpoint - add a link to the target GraphQL endpoint
  • Pre-uploaded file - to select a pre-uploaded file from Bright cloud storage
  • Introspection endpoint - use this field to target the publicly accessible introspection
    If you want uploaded files to be deleted after sending them to the engine, mark the corresponding checkbox.

Entrypoint discovery options

Skip entrypoints, if a response is longer than - Bright allows configuring the limit to entrypoint response duration, which is 1000 ms by default. If the response takes longer than the predefined time (for example, due to some target configuration changes), Bright will skip that entrypoint. You can change the limit, but this will affect the scan speed. Learn more about Entrypoints.

(Optional). The Skip Entrypoints by patterns section contains an expression that excludes the most common static files like images, audio, video, and other files that don't contain any vulnerabilities (including fonts). If you don't want these files to be excluded, you can clear the URL regex pattern field.

In this pane, you may set additional parameters to be ignored during scanning.

  • Below the Method field, click + Add exclusion. Empty fields will appear.
  • From the Method dropdown menu, select the method you want to be excluded from scanning.
  • In the URL regex pattern field, enter the parameters for the selected method.

For example, if you don't want the POST method to go over entry points that contain vendor in the URL, from the Method dropdown menu, select POST and then in the URL regex pattern field, enter vendor. Any URL that contains vendor will be excluded from scanning.

CSS & XPath exclusions - CSS selectors & XPath for links to exclude.

Target specific settings

In the Additional Headers section, define any custom headers to be appended to or replaced in each request. If you need to add some authentication headers, see Header Authentication.

👍

Tips:

  • If you need to add several Additional headers, you can copy-paste them in a single Name field. The headers will be distributed among the fields automatically.
  • Users can configure (add/change) headers during a Discovery scan. These headers are then associated with each discovered Entrypoint in that scan.
  • The same headers are used in subsequent scans performed against the previously discovered Entrypoints.
  • Users can manually modify (add/change) headers for each individual Entrypoint after the discovery scan. There is no way to change a header that would affect multiple or all of the Entrypoint simultaneously.
  • To apply header changes to all entrypoints, users must run a new Discovery with the updated Headers.

Configuring optimizations settings

Discovery performance and speed

Concurrent requests - Specify the maximum concurrent requests allowed to be sent by the scan in order to control the load on your server. The default value is 10 requests.

Summary

There are three available options on how and when to run a discovery:

  1. Run discovery now - click the Run button to start the discovery immediately

  2. Schedule a single discovery - adjust the start time and date for this discovery


  3. Create a recurring discovery - Define the frequency and schedule of the discovery to run repeatedly and automatically.


To schedule the scan, select Schedule a single discovery for later. Then adjust the start date and time in the fields below.

To start the scan immediately, click the Run.


Tracking a Discovery History

To open a table which contains detailed information about all performed Discoveries, do the following:

  • Projects tab → select a particular Project → Discovery History

The table is fully adjustable using icon. Also, you can perform the following actions over Discoveries using button:

  • Stop
  • Rerun
  • Delete

To open a Discovery in a separate page, click button.

Updated about 1 month ago