US 12,413,613 B2
System and method of discovering external attack surface based on identification data
Kunal Modasiya, Santa Clara, CA (US); Siddharth Bhatia, Santa Clara, CA (US); Milind Kapre, Pune (IN); and Pablo M. Quiroga, Saint Helena, CA (US)
Assigned to Qualys, Inc., Foster City, CA (US)
Filed by Qualys, Inc., Foster City, CA (US)
Filed on Oct. 31, 2023, as Appl. No. 18/385,892.
Prior Publication US 2025/0141907 A1, May 1, 2025
Int. Cl. H04L 9/40 (2022.01); H04L 61/4511 (2022.01)
CPC H04L 63/1433 (2013.01) [H04L 61/4511 (2022.05); H04L 63/107 (2013.01); H04L 63/1416 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for discovering one or more computing assets associated with primary identification data, the method comprising:
receiving, using one or more computing device processors, primary identification data or domain data associated with the primary identification data;
determining, using the one or more computing device processors, whether the primary identification data, or the domain data associated with the primary identification data, is present in a first database;
in response to determining if the primary identification data or the domain data exists in the first database, retrieving, using the one or more computing device processors, secondary identification data associated with the primary identification data or the domain data associated with the primary identification data;
querying, using the one or more computing device processors, a second database based on the primary identification data, the domain data associated with the primary identification data, or the secondary identification data;
obtaining, using the one or more computing device processors, based on querying the second database, one or more first domains;
querying, using the one or more computing device processors, at least one of the second database or a third database, based on the one or more first domains;
obtaining, using the one or more computing device processors, based on querying the second database or the third database, one or more second domains;
collating, using the one or more computing device processors, the one or more first domains and the one or more second domains;
accessing, using the one or more computing device processors, a first domain name system (DNS) service;
executing, using the one or more computing device processors, one or more DNS searches, using the first DNS service, using the one or more first domains and the one or more second domains;
determining, using the one or more computing device processors, based on the executing the one or more DNS searches, one or more Internet Protocol (IP) addresses;
assigning, using the one or more computing device processors, a first rating to the one or more IP addresses relative the primary identification data or the domain data associated with the primary identification data;
scanning, using the one or more computing device processors, at least one of the one or more IP addresses, the one or more first domains, or the one or more second domains to determine one or more vulnerabilities or threats associated with the one or more IP addresses, the one or more first domains, or the one or more second domains, thereby resulting in first enriching information;
querying, using the one or more computing device processors, one or more open-source tools, based on the one or more IP addresses, the one or more first domains, or the one or more second domains to determine the one or more vulnerabilities or threats associated with the one or more IP addresses, the one or more first domains, or the one or more second domains, thereby resulting in second enriching information; and
enriching, using the one or more computing device processors, the one or more IP addresses with the first enriching information and the second enriching information.