Painless Attack Surface Discovery

Get alerts on newly discovered assets and monitor them for insecure configurations, data leakage and more.

What does it do?

Automate asset discovery and then add a security monitoring to it wherever possible.

Auto discover subdomains

Starting with an adversarial approach to collecting existing subdomains and assets that already belongs to you, Assetwatch alerts you on new ones as they spawn across the internet.

Monitor security configuration

Since we maintain an up-to-date list of your digital assets we also constantly monitor their security critical artefacts like DNS properties, TLS connection strengths, Certificate issues, Framework and libraries, etc.

Verified alerts

Most of our alerts are automated. We do manual verifications for specific tests to ensure you have almost no false positives. Think of us writing security test cases for all your digital assets using an adversarial mindset.

FAQ

How do I get started?

Once you create an account, add a domain by adding the domain name. Give it a few minutes and the dashboard for your new domain should update within 5 minutes. You can see the snapshot under “Current Status”.

Is there a naming scheme for adding domains like www or https?

Yes. The app only accepts the top level domain name. Even if you enter a subdomain, the TLD will be used.

How much time does it take to scan my domain?

Depends on the number of your sub domains that are discovered. It typically takes a minute or two for under 20 subdomains and can take an hour for more than 500+ subdomains.

What does the takeover monitor do?

We watch your added domain for most security misconfigurations and threats. The subdomain monitor alerts you if any one of your domain is vulnerable to a subdomain takeover attack.

Can I scan my domain more than once a day?

Yes, you can! Click on the domain for which you would like to rescan. Scroll down the dashboard all the way to Rescan your domain. If you are using a Pro plan, your domain is rescanned every 24 hours.

Can I use your API?

Yes! The Pro plan allows you to access the Assetwatch api at https://api.assetwatch.io