ASM Map
The ASM Map (Attack Surface Map) is an interactive network graph that visualizes the relationships between all the assets in your attack surface. It turns your reconnaissance data into a visual map, making it easy to understand how your domains, subdomains, IPs, and cloud resources are connected.
Accessing the ASM Map
Click ASM Map in the sidebar.
Selecting a Domain
Use the dropdown at the top to select which domain's attack surface you want to visualize. The dropdown shows each domain along with its subdomain count.
If you only have one domain, it will be selected automatically.
Understanding the Graph
The graph displays your assets as nodes (icons) connected by edges (lines). Each node type has a distinct visual representation:
Node Types
Domain (globe icon, green) — Your root domain, positioned at the center of the graph
Subdomain / Server (server icon) — Discovered subdomains. Green means the subdomain is live (responding to HTTP requests), gray means inactive.
Live Host (server icon, green) — Confirmed live web servers
IP Address (network icon, purple) — IP addresses discovered through internet-wide service indexing with exposed services
Resolved IP (network icon, cyan) — IP addresses that subdomains resolve to. The node size increases when multiple subdomains share the same IP, making shared hosting easy to spot.
Cloud Asset (cloud icon) — Cloud resources like S3 or GCP buckets. Red indicates public access, orange indicates private. See Cloud Modules for details.
Node Colors
Green — Live/active asset
Gray — Inactive or unresponsive
Red — Has vulnerabilities or is publicly exposed (for cloud assets)
Purple — Indexed IP from internet-wide scanning
Cyan — Resolved IP address
Orange — Private cloud asset
Edges
Lines between nodes represent relationships:
Domain → Subdomain (parent relationship)
Subdomain → IP (DNS resolution)
Subdomain → Live Host (HTTP response)
Domain → Cloud Asset (associated cloud resources)
Interacting with the Graph
Click a node — Opens a detail panel showing the asset's information (type, status, IP, vulnerabilities)
Hover over a node — Shows a tooltip with key details
Drag nodes — Reposition nodes manually
Scroll to zoom — Zoom in and out of the graph
Drag the background — Pan around the graph
Toolbar Controls
Zoom In / Zoom Out — Adjust the zoom level
Center — Reset the view to fit all nodes on screen
Filters — Toggle the filter panel
Export — Export the graph data
Filters
Click the filter icon to open the filter panel. You can toggle visibility for each asset type:
Domains
Subdomains
Live Hosts
IP Addresses
Cloud Assets
Additional filters:
Live Assets Only (recommended) — Shows only responsive assets for better performance and clarity. Disable this to see all discovered assets including inactive ones.
Risk Level — Filter by risk level (Critical, High, Medium, Low, Info, or All)
Graph Statistics
The top-right area shows summary statistics:
Total number of nodes in the graph
Total number of connections (edges)
Tips for Using the ASM Map
Start with Live Assets Only enabled for a cleaner view, especially on domains with many subdomains.
Look for clusters of subdomains resolving to the same IP — this indicates shared hosting.
Red cloud nodes indicate publicly accessible cloud resources that may need attention.
Large resolved IP nodes (bigger circles) mean many subdomains share that IP.
Use the risk level filter to focus on assets with known vulnerabilities.
For detailed data on any asset, visit the Results Dashboard for that domain.
Last updated