{"info":{"_postman_id":"a51091b3-5553-4198-bbb4-f4c07d5a73ac","name":"HoundER Documentation","description":"

Attack Surface Management

Thank you so much for choosing HoundER!

HoundER is the perfect solution for your Attack Surface Management needs. With HoundER, you can quickly and easily identify and manage your organization's attack surface, reducing your risk of a cybersecurity breach.

To access HoundER simply log in to your account. Once you're logged in, you'll see the dashboard as the first default screen and a left-hand menu to navigate the web app. The left sidebar menu is divided into five sections: \"General\", \"Assets\", \"Findings\", \"Organization\", and \"About\". You can click on each of the section items to navigate through the different HoundER screens.

The header menu offers access to the profile page where you can update your account information and preferences. From here, you can change your password, contact information, and time zone settings. You can also manage your subscription and billing information.

\n\n

The light and dark modes are available in the header menu too. To toggle between the light mode and mode, just click on the \"Light Mode\" button at the top of the page. The logout button is also located in the header menu. To log out of your account, just click on the \"Log Out\" button and you will be redirected to the login page.

\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"16494231","collectionId":"a51091b3-5553-4198-bbb4-f4c07d5a73ac","publishedId":"2s93m7WgX7","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"2463eb"},"publishDate":"2023-05-27T12:05:46.000Z"},"item":[{"name":"General","item":[{"name":"Dashboard","item":[{"name":"Monitored Domains","item":[],"id":"d7bb5639-78c4-4bc3-a510-ae671486e8c4","description":"

This is the number of domains that HoundER is monitoring for your organization. Clicking this widget will take you to the **\"Domain\"**subsection under \"Assets\" to manage your domains.

\n $\"Monitored%20Domains%20Sample\"$ ","_postman_id":"d7bb5639-78c4-4bc3-a510-ae671486e8c4"},{"name":"Monitored IPs","item":[],"id":"1425c11a-c92d-4530-8449-f188795746d4","description":"

The number of IP addresses that HoundER is monitoring for your company is shown here. To manage the IP ranges under observation, go to the \"Netblocks\" section by clicking this widget.

\n $\"Monitored%20IPs%20Sample\"$ ","_postman_id":"1425c11a-c92d-4530-8449-f188795746d4"},{"name":"Found Vulnerabilities","item":[],"id":"c6d5ee8f-0b4a-46c6-9ee3-c6168aabce41","description":"

This is the number of vulnerabilities that have been identified by HoundER. Clicking on this number will take you to the **\"Vulnerabilities\"**subsection under \"Findings\" where you can view and manage all of the vulnerabilities. This view also offers the variability, in percentage, with regards to the last scan.

","_postman_id":"c6d5ee8f-0b4a-46c6-9ee3-c6168aabce41"},{"name":"Discovered Subdomains","item":[],"id":"92be0cd6-9ad2-401b-a8fb-e8641be41b01","description":"

HoundER discovers and monitors subdomains for your organization. The number of discovered subdomains and the variability, in percentage, with regards to the last scan, are shown in this widget. To view the list of all subdomains, click on this widget.

","_postman_id":"92be0cd6-9ad2-401b-a8fb-e8641be41b01"},{"name":"Exposed Ports","item":[],"id":"6d8dceec-cef2-4c82-a28a-b66cf59e3020","description":"

The number of open ports that have been found by HoundER is displayed here. Clicking on this widget will take you to the **\"Services\"**subsection under \"Findings\" where you can view and manage all of the exposed ports. The widgets also indicate the variation of exposed ports with regards to the last scan.

","_postman_id":"6d8dceec-cef2-4c82-a28a-b66cf59e3020"},{"name":"Exposed Web Services","item":[],"id":"cd6f085d-97ac-4fc1-bf20-502d180072a8","description":"

This is the number of web services that have been found by HoundER. Clicking on this widget will take you to the \"Webs\" subsection under \"Findings\" where you can view and manage all of the exposed web services. The widgets also display the difference in exposed web services over the previous scan.

","_postman_id":"cd6f085d-97ac-4fc1-bf20-502d180072a8"},{"name":"Vulnerabilities by Severity","item":[],"id":"afb682b4-8b10-40f0-9fec-387241e0bc33","description":"

This widget shows the distribution of vulnerabilities by severity (Critical, High, Medium, and Low). You can see the number of high, medium, and low impact vulnerabilities.

","_postman_id":"afb682b4-8b10-40f0-9fec-387241e0bc33"},{"name":"Hosts by Last Detection Date","item":[],"id":"8084fe70-f497-4e76-b4f8-b6c8387d404a","description":"

This widget shows the distribution of hosts by the date of the last detection. You can see how many hosts were detected in the last day, week, month, or year.

","_postman_id":"8084fe70-f497-4e76-b4f8-b6c8387d404a"}],"id":"64315a16-e446-4669-acaf-e44e76f18956","description":"

The dashboard is the first screen you'll see when you log in to HoundER. This page gives you a high-level summary of your organization's attack surface. You can see the total number of assets, vulnerabilities, and findings as well as some general statistics.

\n","_postman_id":"64315a16-e446-4669-acaf-e44e76f18956"},{"name":"Map","item":[],"id":"a4cb6545-9763-442e-a622-18afe8a4ae5f","description":"

The map is a global view of your organization's geographical dispersion around the world. Clicking on each red dot will show more detail of the asset on that location with the following information:

Hostname
Ip Address
ASN
ISP/Org
Country
City

\n\n

","_postman_id":"a4cb6545-9763-442e-a622-18afe8a4ae5f"}],"id":"d5cebd1b-49ab-4cf2-92ff-50decbecea22","description":"

The \"General\" section includes the dashboard and map which gives you an overview of your organization's attack surface as well as some general statistics. You can also access the \"Profile\" page from this section where you can update your account information and preferences.

\n","_postman_id":"d5cebd1b-49ab-4cf2-92ff-50decbecea22"},{"name":"Assets","item":[{"name":"Domains","item":[],"id":"9fa25894-9a4a-47f3-b83e-ae169ab0738a","description":"

The \"Domain\" subsection under \"Assets\" is where you can manage all of the domains that HoundER is monitoring for your organization. Here, you can see a list of all domains as well as some general information about each one. You can also edit, delete, or search for a particular domain.

To add a domain manually, click on the \"Add\" button and fill out the form. The domain severity can be classified as one of the following: Critical, High, Medium, or Low. The domain is coupled with a brief description of the asset as well as a set of tags to help with the organization. The final checkboxes allow the user to decide what on the scan settings for that particular domain.

If you have a large number of domains, it might be easier to upload them via CSV. Click on the \"Import\" button and select the CSV file that you would like to upload. The CSV should have the following headers: Domain, Severity, Description, and Tags.

After you have completed the relevant fields, click \"Create\" to proceed. They will be added to our collection and scanning work queues according to the selected settings and asset's importance. Results of your research would be displayed in the Findings section. This procedure might take up to a few hours depending on how many results there are.

\n","_postman_id":"9fa25894-9a4a-47f3-b83e-ae169ab0738a"},{"name":"Netblocks","item":[],"id":"dbeaf8c3-7a38-40cf-9953-ae4a77fff468","description":"

The \"Netblocks\" subsection under \"Assets\" is where you can manage all of the netblocks that HoundER is monitoring for your organization. Here, you can see a list of all netblocks as well as some general information about each one. You can also edit, delete, or search for a particular CIDR.

To add a netblock manually, click on the \"Add\" button and fill out the form. The netblock severity can be classified as one of the following: Critical, High, Medium, or Low. The netblock is coupled with a brief description of the asset as well as a set of tags to help with the organization. The final checkboxes allow the user to decide what on the scan settings for that particular netblock.

If you have a large number of netblocks, it might be easier to upload them via CSV. Click on the \"Import\" button and select the CSV file that you would like to upload. The CSV should have the following headers: Netblock, Severity, Description, and Tags.

\n","_postman_id":"dbeaf8c3-7a38-40cf-9953-ae4a77fff468"}],"id":"c1106dbe-bb2b-46eb-b8f7-be060c71f23b","description":"

The \"Assets\" section is where you can add and manage all of the assets in your organization. This is important because HoundER uses these assets to create a visualization of your organization's attack surface. You can also use this section to perform vulnerability scans on specific assets, add assets manually or via CSV upload as well as export your current collection.

\n","_postman_id":"c1106dbe-bb2b-46eb-b8f7-be060c71f23b"},{"name":"Findings","item":[{"name":"Subdomains","item":[],"id":"34d8b8b9-5c05-4198-90c3-d4d799cd4da0","description":"

Subdivisions of your organization's high-level domains that have public DNS records set will be displayed here. General information including the IP Address, source, ISP/organization, Country, and the detection times for each hostname con be found here. You can expand each subdomain to see the specific records associated with it.

Besides a standard search box, subdomains can be also filtered by their time of detection by using the date input widget.

\n","_postman_id":"34d8b8b9-5c05-4198-90c3-d4d799cd4da0"},{"name":"Services","item":[],"id":"5273d7a5-0ada-4eff-baa2-8d28a7e62b95","description":"

Both subdomains derived from domain assets and network ranges created in Netblocks will be checked for available services. This section will list the open ports on your organization's public infrastructure. Open services will be discovered on both subdomains derived from domain assets and network ranges set in Netblocks. You may obtain basic information such as the IP Address, source, ISP/organization, country, and detection times for each hostname from here. You can expand each hostname to see the specific records associated with it.

Besides a standard search box, open ports can be also filtered by their time of detection by using the date input widget.

\n","_postman_id":"5273d7a5-0ada-4eff-baa2-8d28a7e62b95"},{"name":"Vulnerabilities","item":[],"id":"961bf995-c8ca-4042-b3f6-19846eb22ba6","description":"

This section will display the vulnerabilities and misconfigurations discovered. We utilize our own unique hand-picked set of vulnerability and configuration testing to minimize false positives.

Vulnerabilities show basic information such as the severity, affected host, ISP/organization, country, and detection times for each hostname from here. You can expand each hostname to see the specific records associated with it.

\n","_postman_id":"961bf995-c8ca-4042-b3f6-19846eb22ba6"},{"name":"Webs","item":[],"id":"fed0c3b8-ac72-46bb-9d28-33bbb34420f9","description":"

Your organization's publicly accessible web services will be listed here. Open web services on both subdomains created from domain assets and network ranges set in Netblocks will be examined for open web services. Furthermore, screen captures of discovered internet sites will be taken.

Two views are available for this section:

A list mode showing the server, technology, SP/organization, country, and detection times for each URL
The Preview mode allows users to see a screenshot of the content hosted on the discovered assets

\n","_postman_id":"fed0c3b8-ac72-46bb-9d28-33bbb34420f9"}],"id":"a74c8166-aa52-4b45-a3e5-fc1e15fb37f6","description":"

The \"Findings\" section is where you'll see all of the vulnerabilities that have been identified by HoundER. From here, you can view details about each finding, assign them to specific users, and mark them as resolved.

It groups the objects subdomains, services, vulnerabilities and webs that are enumerated and discovered from the Assets monitored by your HoundER ASM account.

\n","_postman_id":"a74c8166-aa52-4b45-a3e5-fc1e15fb37f6"},{"name":"Organization","item":[{"name":"Settings","item":[],"id":"e5621662-a0b4-4ac3-bcc4-d5ef7e533281","description":"

Under \"Settings\" you can view your Organization Details, Subscription Usage as well as manage the your Third-Party Integrations.

\n","_postman_id":"e5621662-a0b4-4ac3-bcc4-d5ef7e533281"},{"name":"Users","item":[],"id":"25093496-33e2-4e15-8cae-740e50ecd979","_postman_id":"25093496-33e2-4e15-8cae-740e50ecd979","description":""},{"name":"API Keys","item":[{"name":"Get subdomains","id":"0fab027e-cb14-4c71-8c49-e4fca31eadcc","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"{{URL}}/v1/subdomains?q=qatar&page=1&limit=10&sort=createdAt&order=desc","description":"

This is an object representing your Subdomain. You can retrieve it to see the enumerated and active subdomain from the Domains monitored by your HoundER account.

Parameters

q (optional)

You can use the q parameter to search Hostname, IP Address, Source, ISP/Org or Country

page (optional)

By default, you cannot retrieve more than 1,000 results in a single API call. Use the page parameter to determine the number of pages to retrieve.

limit (optional)

A limit on the number of objects to be returned. Limit can range between 1 and 1,000, and the default is 1,000.

General query parameter to search across all fields

\n","type":"text/plain"},"key":"q","value":"qatar"},{"description":{"content":"

Number of page

\n","type":"text/plain"},"key":"page","value":"1"},{"description":{"content":"

Limit the total number of results

\n","type":"text/plain"},"key":"limit","value":"10"},{"description":{"content":"

Sort results based on specific field

\n","type":"text/plain"},"key":"sort","value":"createdAt"},{"description":{"content":"

Order results [asc or desc]

\n","type":"text/plain"},"key":"order","value":"desc"}],"variable":[]}},"response":[],"_postman_id":"0fab027e-cb14-4c71-8c49-e4fca31eadcc"},{"name":"Get services","id":"50175c53-8147-4a01-8b65-ea2b1a933d9d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"{{URL}}/v1/services?page=1&limit=10","description":"

This is an object representing your Services. You can retrieve it to see the exposed services (opened ports) from Netblocks monitored by your HoundER account.

Parameters

page (optional)

By default, you cannot retrieve more than 1,000 results in a single API call. Use the page parameter to determine the number of pages to retrieve.

limit (optional)

A limit on the number of objects to be returned. Limit can range between 1 and 1,000, and the default is 1,000.

\n","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-API-Key"},{"key":"value","value":"{{SECRET_API_KEY}}"}]},"isInherited":true,"source":{"_postman_id":"2305a633-4461-4a25-975d-31fff1bda412","id":"2305a633-4461-4a25-975d-31fff1bda412","name":"API Keys","type":"folder"}},"urlObject":{"path":["v1","services"],"host":["{{URL}}"],"query":[{"key":"page","value":"1"},{"key":"limit","value":"10"}],"variable":[]}},"response":[],"_postman_id":"50175c53-8147-4a01-8b65-ea2b1a933d9d"},{"name":"Get vulnerabilities","id":"e9dde862-d771-4488-af3e-090bc10b0e95","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"{{URL}}/v1/vulnerabilities?page=1&limit=10","description":"

This is an object representing your Vulnerabilities. You can retrieve it to see the discovered vulnerabilities from Assets monitored by your HoundER account.

Parameters

page (optional)

By default, you cannot retrieve more than 1,000 results in a single API call. Use the page parameter to determine the number of pages to retrieve.

limit (optional)

A limit on the number of objects to be returned. Limit can range between 1 and 1,000, and the default is 1,000.

\n","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-API-Key"},{"key":"value","value":"{{SECRET_API_KEY}}"}]},"isInherited":true,"source":{"_postman_id":"2305a633-4461-4a25-975d-31fff1bda412","id":"2305a633-4461-4a25-975d-31fff1bda412","name":"API Keys","type":"folder"}},"urlObject":{"path":["v1","vulnerabilities"],"host":["{{URL}}"],"query":[{"key":"page","value":"1"},{"key":"limit","value":"10"}],"variable":[]}},"response":[],"_postman_id":"e9dde862-d771-4488-af3e-090bc10b0e95"},{"name":"Get webs","id":"c837f0a5-5182-4c63-983e-60aad459679e","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[],"body":{"mode":"raw","raw":"","options":{"raw":{"language":"json"}}},"url":"{{URL}}/v1/webs?page=1&limit=10","description":"

This is an object representing your Web Technologies. You can retrieve it to see the discovered web technologies from Assets monitored by your HoundER account.

Parameters

page (optional)

By default, you cannot retrieve more than 1,000 results in a single API call. Use the page parameter to determine the number of pages to retrieve.

limit (optional)

A limit on the number of objects to be returned. Limit can range between 1 and 1,000, and the default is 1,000.

Under the \"API Keys\" section administrators can create and manage the API Keys required to integrate third-party application.

The HoundER API is organized around REST. Our API has predictable resource-oriented URLs, accepts form-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.

Authentication to the API is performed via HTTP Basic Auth. Provide your API key as the basic auth username value. You do not need to provide a password.

Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

\n","auth":{"type":"apikey","apikey":{"basicConfig":[{"key":"key","value":"X-API-Key"},{"key":"value","value":"{{SECRET_API_KEY}}"}]},"isInherited":false},"event":[{"listen":"prerequest","script":{"id":"8790df28-0650-4fb1-bad6-36eab36fdd39","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"4e5763fa-6248-45c4-a4e9-cc6acb5b221a","type":"text/javascript","exec":[""]}}],"_postman_id":"2305a633-4461-4a25-975d-31fff1bda412"}],"id":"dabb0dfc-4b98-4d2b-aa70-d66433726e18","description":"

The \"Organization\" section is where you can create and manage your organization's security policies. You can also use this section to view and compare different policy sets.

\n","_postman_id":"dabb0dfc-4b98-4d2b-aa70-d66433726e18"},{"name":"About","item":[],"id":"bdbb918f-56dc-42ce-be2d-6beaea761700","description":"

The \"About\" section includes contact information, license agreement, and release notes.

\n","_postman_id":"bdbb918f-56dc-42ce-be2d-6beaea761700"}],"event":[{"listen":"prerequest","script":{"id":"fa1638e4-8e3c-411c-8855-6f41a9126f45","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"74c60d52-a94f-4202-a4d7-cfc659b55930","type":"text/javascript","exec":[""]}}]}