Attaxion & WhoisXML API: Building a High-Coverage Attack Surface Discovery Engine
About
Attaxion is a U.S.-based cybersecurity platform focused on exposure management and external attack surface management (EASM). Using Attaxion, small and medium-sized organizations can uncover and protect their internet-facing assets. Attaxion’s mission is to democratize attack surface visibility, bringing enterprise-grade discovery to smaller teams without enterprise-size budgets, starting with a 30-day self-serve free trial.
Highlights
-
Built an asset discovery engine with high coverage across domains, subdomains, and IPs using WhoisXML API’s data.
-
Reduced false positives by relying on clean, structured DNS and WHOIS data, improving the accuracy of the platform
-
Simplified system architecture by sourcing multiple data types from a single provider, lowering engineering overhead.
Discovering External Assets for Clients
Effective EASM and exposure management require seeing what an attacker sees. That means identifying domains, IPs, and other digital infrastructure through a variety of cyber reconnaissance techniques — mapping the attack surface from the outside in.
Most EASM providers build internal discovery engines for this, but success depends on two things: connecting multiple reconnaissance techniques to validate the findings and accessing clean, high-quality data. For Attaxion’s compact team, the challenge was to develop a platform that could rival or outperform tools built by much larger vendors — without compromising on coverage or accuracy.
To do that, they needed trusted sources of data to power cyber reconnaissance. They chose WhoisXML API as their main provider, integrating its APIs to power each layer of their asset discovery process.
Combining Multiple APIs to Build a Powerful Discovery Engine
Attaxion combined multiple WhoisXML API services to build an efficient and scalable discovery engine that could map digital assets with high precision. Their integration strategy included:
-
WHOIS and Reverse WHOIS APIs: To uncover domains tied to a specific organization or registrant contact.
-
DNS Database Download and Reverse IP API: To identify connected IP addresses and domains resolving to them.
-
Reverse DNS API: To surface hidden or indirect associations through other types of DNS records.
-
IP Netblocks API: To explore IP ownership and identify wider network allocations.
-
IP Geolocation API: To understand where assets are physically located or hosted.
This layered approach gave Attaxion the visibility needed to identify the entirety of each of their clients’ external attack surfaces, including shadow IT and forgotten assets.
The cleanliness of WhoisXML API’s data, particularly its DNS datasets, was one of the main arguments in their favor. The absence of noise brought by wildcard records meant fewer false positives — a key factor in building a platform that prioritizes accuracy over noise. And by sourcing multiple data points from a single provider, Attaxion simplified their system architecture and avoided the friction of normalizing and managing disparate data sources.
In addition to that, using NetFlow data from The Internet Abuse Signal Collective (IASC), Attaxion was able to build their unique Agentless Traffic Monitoring. This feature allows their customers to analyze inbound and outbound traffic and detect communications between their infrastructure and malicious IP addresses.
“WhoisXML API’s datasets are clean, reliable, and broad enough that we could build nearly our entire discovery engine on top of them, providing our customers with broad coverage and low false positives at the same time.”
Offering the Top Asset Coverage in the Industry
Using WhoisXML API as its core data provider, Attaxion built a high-coverage discovery engine that powers its EASM platform today. The benefits of relying on these data sources include:
-
Broad asset visibility across domains, subdomains, IPs, and other infrastructure components.
-
High signal-to-noise ratio, leading to more precise and trustworthy discoveries.
-
Reduced engineering overhead, thanks to unified data formats and API access.
This foundation enables Attaxion to make exposure management and EASM both efficient and accessible, allowing them to cater to small security teams with budget limitations who still want advanced security solutions to protect their organizations.