HackerOne

Asset Discovery identifies externally accessible infrastructure and enriches it with metadata. You can use Asset Discovery to maintain a more complete and up-to-date inventory without relying on manual tracking.

Subdomains, including multi-level subdomains

Detected technologies such as servers, frameworks, and cloud providers

HTTP and HTTPS service details, including SSL/TLS metadata

- Subdomains, including multi-level subdomains
- Open ports and associated protocols
- Detected technologies such as servers, frameworks, and cloud providers
- HTTP and HTTPS service details, including SSL/TLS metadata

Scans run on a fixed weekly schedule. After each scan, results are validated, deduplicated, and used to create or update assets in your inventory.

Asset Discovery is available to customers with CTEM platform entitlement.

To check permissions, go to Organization settings → Members → Your account.

Click Add Asset → Create new → Domain.

Enter a root domain (for example, example.com).

- Use root domains only.
- Do not enter subdomains such as api.example.com.

Complete the required fields, then click Save.

1. Go to Assets → Inventory.
2. Click Add Asset → Create new → Domain.
 
 
3. Enter a root domain (for example, example.com).
 - Use root domains only.
 - Do not enter subdomains such as api.example.com.
4. Complete the required fields, then click Save.

1. Go to Assets → Discovery.
2. Find your domain in the list.
3. Turn on Scanner enabled.

Scanning runs automatically on a weekly schedule and adds any discovered assets to your asset inventory.

The Discovery table shows one row per root domain.

Domain: The root domain being scanned

Assets discovered (cumulative): Total number of assets created or updated by the scanner

Last scan: When the scanner last ran

Last scan status: Success, Failed, or Pending

- Tip: Use Last scan status to quickly identify failed or incomplete scans.

Scanner enabled: Whether scanning is active

- Domain: The root domain being scanned
- Assets discovered (cumulative): Total number of assets created or updated by the scanner
- Last scan: When the scanner last ran
- Last scan status: Success, Failed, or Pending
 - Tip: Use Last scan status to quickly identify failed or incomplete scans.
- Scanner enabled: Whether scanning is active

Find the domain in Assets → Discovery.

1. Find the domain in Assets → Discovery.
2. Turn on Scanner enabled.

1. Find the domain.
2. Turn off Scanner enabled.

When scanning is disabled, no new data is collected. Existing assets remain in your inventory.

- discovery_source: asset_discovery
- scanner_domain: &lt;your domain&gt;

Select an asset to view details such as ports, technologies, and timestamps.

1. Go to Assets → Inventory.
2. Apply the following filters:
 - discovery_source: asset_discovery
 - scanner_domain: &lt;your domain&gt;
3. Select an asset to view details such as ports, technologies, and timestamps.

technology_fingerprintHow Asset Discovery Works

- scanner_ports or protocol
- technology_fingerprintHow Asset Discovery Works

Add a domain as a Domain-type asset in Assets → Inventory.

Verify that you have Assets Manager permissions.

Confirm that scanning is enabled and wait for the next weekly run. Check the status page if needed.

Verify that the domain is publicly accessible and not blocked by DNS or firewall restrictions.

If issues persist, submit a ticket at support.hackerone.com.

No. Asset Discovery uses passive techniques and light port scanning. It does not attempt exploitation.

Data is stored within HackerOne infrastructure and is visible only to your organization.

Yes. You can export data from Asset Inventory as CSV or via the HackerOne API.

Assets cannot be deleted, but you can archive them.

Organizations: Automatically discover and track your external assets with Asset Discovery

Asset Discovery

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Empty Help Center

Uh oh. That page doesn’t exist.

Home

Search results

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Action	Permission
View Discovery	Any organization member
Enable or disable scanners	Assets Manager (organization-level)

Asset Discovery

Permissions

Get Started

Add a Root Domain

Enable Asset Discovery

Use Asset Discovery

View Domains and Scan Status

Enable or Disable Scanning

View Discovered Assets

Troubleshooting

Common Issues

FAQs