Asset Inventory
The Asset Inventory is the foundation of ShadowMap's External Attack Surface Management (EASM) platform. It provides a continuously updated catalog of every externally visible digital asset belonging to your organization -- domains, subdomains, and IP addresses that collectively define your attack surface.
Why Complete Asset Inventory Matters
You cannot protect what you do not know exists. Organizations typically underestimate their external footprint by 30-40%. Shadow IT deployments, forgotten development servers, acquired company assets, and cloud sprawl create blind spots that attackers actively exploit. The Asset Inventory eliminates these blind spots by automatically discovering and tracking every asset tied to your organization, whether or not it was provisioned through official channels.
A complete inventory enables your security team to:
- Prioritize remediation by understanding which assets carry the most risk (open ports, expired certificates, known CVEs)
- Detect unauthorized assets such as rogue subdomains, shadow cloud instances, or unauthorized web applications
- Track asset lifecycle from first discovery through decommissioning, ensuring nothing falls through the cracks
- Measure attack surface growth over time and correlate it with organizational changes
How Asset Discovery Works
ShadowMap combines six complementary discovery techniques to build and maintain your asset inventory. Each method catches assets the others miss, producing a comprehensive view that no single technique could achieve alone.
| Discovery Method | What It Finds | How It Works |
|---|---|---|
| DNS Enumeration | Subdomains, mail servers, name servers | Passive DNS collection and targeted resolution against known wordlists and zone data |
| Certificate Transparency (CT) Logs | Subdomains with SSL certificates | Monitors public CT log streams for any certificate issued to your domains |
| Web Crawling | Linked applications, related domains | Follows links, form actions, and JavaScript references across your web properties |
| Cloud Source Import | Cloud-hosted IPs, services, buckets | Connects to AWS, Azure, and Cloudflare APIs to import infrastructure directly (see Cloud Sources) |
| Reverse DNS | IP-to-hostname mappings | Resolves PTR records to identify which hostnames point to your IP addresses |
| WHOIS Enrichment | Registration data, expiry dates, registrar | Queries WHOIS databases to enrich domain records with ownership and lifecycle data |
Discovery runs continuously. New assets typically appear within hours of creation.
Modules
| Module | What It Shows | Key Use Cases |
|---|---|---|
| Domains | Root domains registered to or associated with your organization | Domain expiry monitoring, WHOIS tracking, DNS record auditing |
| Subdomains | All discovered subdomains across your domain portfolio | Takeover detection, shadow IT discovery, stale asset cleanup |
| IP Addresses | IP addresses hosting your organization's services | Port exposure review, geolocation verification, ASN analysis |
Asset Status Tracking
Every asset in the inventory carries an Online or Offline status based on the most recent scan. Status changes are tracked over time, so you can identify assets that have recently gone offline (potential decommissioning) or come online (new deployments). Filtering by status across any module helps you maintain a clean inventory by surfacing assets that may need attention.
Data Export
All Asset Inventory views support CSV export for offline analysis, compliance reporting, or integration with third-party tools. Exports respect your current filter state, so you can export a targeted subset (e.g., only offline subdomains, or IPs in a specific country).
Common Workflows
- Onboarding audit -- after adding your domains, review the full inventory to establish your baseline attack surface
- Merger and acquisition -- add acquired company domains and let ShadowMap discover the inherited infrastructure
- Compliance reporting -- export filtered views to demonstrate asset coverage to auditors
- Incident response -- use the IP and subdomain detail views to quickly assess what a compromised asset exposes
- Periodic review -- filter for stale or offline assets to identify cleanup candidates
Related
- Web Applications -- applications discovered on your assets
- SSL Certificates -- certificates associated with your domains
- Cloud Sources -- configure AWS, Azure, and Cloudflare imports
- Alerts -- security findings tied to your assets
- IP Reputation -- reputation scoring for your IP addresses