Get started with Website discovery

Website discovery surfaces web assets associated with your organization so you can review them and add relevant ones to your Targets list for scanning.

This document walks you through the end-to-end process: configuring discovery, filtering results, dismissing unwanted URLs, creating targets, and reviewing the list after adding targets.

Step 1: access Website discovery

Website discovery runs automatically for your organization. It identifies web applications that match the second-level domain with any top-level domain and uses reverse IP lookup to find sites hosted on the same servers.

Select Discovery > Website discovery from the left-side menu to view discovered URLs.

Because this broad approach can generate false positives, you can refine results using the filtering and bulk actions described in the following steps.

Step 2: filter results

Once URLs appear in the discovery list, use filters to focus on the assets most relevant to you.

Select Discovery > Website discovery from the left-side menu.
Click Add a filter to open the filter options.
Choose one or more filter criteria:
- Domain: filter by domain name
- IP address: filter by IP address
- Organization: filter by organization name
- Second level domain: filter by second-level domain
- Top level domain: filter by top-level domain
Enter the value for each filter and apply.

The list updates to show only URLs that match your filter criteria.

Step 3: manage unwanted URLs with bulk actions

If URLs appear in the list that don't belong to your organization or that you don't want to track, you can use bulk actions to remove them efficiently.

Select Discovery > Website discovery from the left-side menu.
Enable the checkboxes next to the URLs you want to manage.
Click Bulk actions and choose one of these options:

Ignore entries

Removes selected URLs from the active discovery list without affecting future discovery. Ignored URLs won't reappear unless you clear the ignored list.

Exclude options

Prevents future discovery of URLs matching specific patterns:

Exclude IP - Blocks all URLs hosted on the selected IP addresses
Exclude second level domain - Blocks all URLs from the selected second-level domains (for example, excludes all example.* domains)
Exclude top level domain - Blocks all URLs from the selected top-level domains (for example, excludes all *.org domains)
Exclude organization - Blocks all URLs associated with the selected organizations

When to use exclude vs ignore

Use Ignore entries for individual URLs you don't want to see again
Use Exclude options to prevent entire categories of URLs from appearing in future discovery

Step 4: create targets from the discovery list

To start scanning a discovered URL, convert it into a target.

For instructions on adding single or multiple URLs to your Targets list, see Create assets from Website discovery.

Step 5: review after adding targets

After you add a target, Website discovery continues running in the background. It uses your newly added target as an additional data point to generate further URL suggestions, so the list may grow over time.

Review the discovery list periodically to catch new assets associated with your organization. As the list grows, you may need to adjust your configuration to exclude domains that aren't relevant to your organization.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?

Step 1: access Website discovery​

Step 2: filter results​

Step 3: manage unwanted URLs with bulk actions​

Ignore entries​

Exclude options​

Step 4: create targets from the discovery list​

Step 5: review after adding targets​

Need help?​