Featured reads
Security Research
Security research and analysis with Netlas.io
white paper
Fast one-shot passive recon script with Netlas.io
blog post
How to find online cameras with Netlas.io?
blog post
Threat hunting
Non-intrusive security assessment
OSINT investigations
Reputation scoring
Security analysis
Security of IoT and Industrial devices
Vulnerable devices search
Uncover shadow IT and phishing threats
Attack surface identification
3-4 times per year
Please, sign in to manage newsletter subscription
Important updates, sales and promos
1-2 posts per week
Newest CVE, featured search queries
updates and announcements
Swagger UI
Handy web tool for testing Netlas API
Official Python SDK and command line utility
Netlas SDK
Netlas Blog
In-depth features overview & case studies
Netlas Cookbook
An ultimate guide on how to make the most of Netlas.io
Scripts & Code Samples
Useful scripts to create you own automations
Featured queries
Search queries for IoT, routers, IP cameras & more
Netlas usage, API specification, SDK & CLI installation
Restricted mobile device support
For a better experience please use screens with a horizontal resolution of 1280 pixels or more
Reconnaissance, security assessment, security research,
and other cases
dev tools,
code samples,
and other resources

Restricted mobile device support
For a better experience please use screens with a horizontal resolution of 1280 pixels or more
Netlas For security analysis

Attack surface identification
with Netlas.io

The success of a penetration test is often determined by the first step, which involves reconnaissance and identification of the attack surface.
The attack surface is usually means the network resources of an organization or information system that may be accessible from the Internet. To build it using Netlas, several methods can be employed.

IP and Domain WHOIS lookups

Netlas.io search engine supports searches through WHOIS records for both domains and IP addresses. The company name can be used as an initial piece of information. By utilizing the appropriate field in the query, it is possible to discover subnets managed by that specific company.

Forward, reverse and other DNS lookups

Numerous connections can be discovered by examining DNS records. You can search for domains connected to an IP or a specific subnet. It could involve the coincidence of MX records for domains or the mention of a specific IP address in a TXT record. You can search using any field of DNS registry to find related domains.

Subdomain enumeration

Netlas.io DNS database consists of billions of domains. It is growing every day. You can search for subdomains using the web-app and command line utility. There are also a number of third party applications integrated with Netlas.

Links, tags and other web content

Another important connection between entities on the Internet is cross-references. They can be found using a search within the body of responses. Contacts, such as emails, phones and tracking codes such as Google Tags or Facebook Pixel can be utilized. Meta data is also can be used. Sometimes search by SSL certificates can also reveal hidden pieces of the attack surface.

Attack Surface Discovery tool

Since identifying the attack surface is a standard task we have developed the Attack Surface Discovery tool to address this challenge. This tool is highly intuitive and allows users to visualize attack surfaces in the form of a graph, which can include domains, IP addresses, networks, autonomous systems, WHOIS objects, and more.

Working with this tool is extremely straightforward; users do not need to input commands or apply filters; Netlas automatically performs searches for each graph object. Users only need to choose one of the possible ways to discover relationships, and the results will be instantly displayed as new nodes in the graph.
Get your free Netlas.io account!
Sign up to get up to 50 requests/day for free.
Related articles