Create an Attack Surface Discovery Scan with Bit Discovery

Note: The Attack Surface Discovery scan template is only available in Nessus Expert.

You can use Nessus's integration with Bit Discovery to create an attack surface discovery scan. This scan type allows you to scan top-level domains and generate DNS records based on the scan findings. Nessus Expert allows you to scan up to five different licensed domains.

To create an attack surface discovery scan:

  1. In the top navigation bar, click Scans.

    The My Scans page appears.

  2. In the upper right corner, click the New Scan button.

    The Scan Templates page appears.

  3. Under Discovery, click the Attack Surface Discovery template.
  4. Configure the scan:
    1. For Basic, enter the scan name, description, schedule, and the folder to save the scan in.
    2. For Discovery, enter the top-level domains you want to scan. You can enter up to five domains.

      Note: You can only enter two-part domains (for example, you can enter tenable.com, but you cannot enter docs.tenable.com). If you need to scan multiple domains, list them in a comma-separated list (for example, tenable.com, test.com, example.com).
  5. Do one of the following:

    • To save the scan configuration for later, click Save. You can launch it from the folder you selected in step 4.

    • To launch the scan immediately, click the down button, and then click Launch.

      Nessus runs the attack surface discovery scan, and the My Scans page appears.

What to do next:

  • Once you create the attack surface discovery scan, you can launch the scan to gather data about your selected top-level domains.

  • View the scan results.

  • Modify the scan settings.

  • Create a scan report.

    Note: Nessus only offers two report templates for attack surface discovery scans: Complete List of Vulnerabilities by Host and Detailed Vulnerabilities By Host.
  • Export the scan results.

    Note: Only the Nessus DB export option is available for attack surface discovery scans.