Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.oasm.dev/llms.txt

Use this file to discover all available pages before exploring further.

An Asset represents any discovered resource that belongs to a target. It is the result of asset discovery and scanning processes, forming a continuously updated inventory of your attack surface. Assets provide visibility into what is actually exposed on the internet, allowing security teams to monitor, analyze, and secure their infrastructure effectively. In OASM, assets are automatically discovered from targets and may include:
  • IP addresses
  • Open ports
  • Services (HTTP, HTTPS, etc.)
  • Hosts and subdomains
  • Technologies (e.g., Cloudflare, Nginx, frameworks)
  • TLS/SSL certificate information
  • HTTP status codes and response metadata
Assets can be considered as a live inventory of everything the system has identified from your defined targets.
Assets are automatically generated from scanning jobs and cannot be created manually.
Dashboard

Explore assets

To view and explore assets:
  1. Navigate to Assets
  2. Browse the asset list with detailed information such as:
    • Service (host + port)
    • Status code
    • Detected technologies
    • TLS/SSL certificate
    • Last seen time
  3. Use the screenshot preview to quickly understand web-based services
The system continuously updates assets based on discovery and scanning results.
OASM provides flexible filtering to help you quickly find relevant assets. You can filter assets by:
  • IP
  • Port
  • Technology
  • Status Code
  • Host
  • TLS Host
Use the search bar and filter tags to narrow down results and focus on specific parts of your attack surface.

Asset views

Assets are organized into multiple views to support different analysis perspectives:
  • All Services: Combined view of all discovered services
  • Technologies: Grouped by detected technologies
  • IP Addresses: Assets grouped by IP
  • Ports: Services grouped by open ports
  • Hosts: Grouped by domain or hostname
  • Status Code: Grouped by HTTP response codes
  • TLS: TLS/SSL-related assets and certificates
These views allow you to pivot and analyze your attack surface from different angles.

Export assets

To export asset data:
  1. Navigate to Assets
  2. Click the Export button
  3. Download the asset dataset for external analysis or reporting

Notes

  • Assets are continuously updated as new scans are executed
  • Historical changes (e.g., status code, technology) may evolve over time
  • Assets reflect the current observed state of your attack surface, not just configured targets