6. Asset Management
📖 Overview
The Asset Management section is where you can track, analyze, and evaluate the external surface of your digital infrastructure. ShieldsGuard actively scans your domains, subdomains, technologies, and open ports — building a complete picture of your environment and its exposure.
This section consists of three functional modules:
6.1 Asset Management – Centralized view of domains, ports, and technologies
6.2 Network Topology – Visual mapping of interconnected nodes and services
6.3 Vulnerability Scan – Detection and classification of security weaknesses
6.1 Asset Management6.2 Network Topology6.3 Vulnerability Scan🔎 This section allows you to monitor what you own — and ensure nothing is exposed without your awareness.
6.1 Asset Management
📖 Overview
The Asset Management module is the heart of your external surface visibility. It provides a centralized dashboard that continuously tracks, catalogs, and monitors the digital assets you own — including domains, subdomains, associated technologies, ports, IPs, and metadata.
Whether you're managing a single website or a complex infrastructure with dozens of services, this module gives you the visibility needed to secure your perimeter.
📊 What You Can See
Summary Cards:
Total Asset (Domain) – Number of discovered domains/subdomains.
Technologies – Total count of unique technologies detected across assets.
Critical Vulnerabilities – How many unresolved, high-risk findings exist.
Statistics Panels:
Asset Statistics – Radar chart showing distribution of technologies, ports, and asset counts.
Vulnerability Statistics – Visual classification of detected issues by severity (Critical, High, Medium, Low, Info).
🔍 Domain Detail Breakdown
Each domain entry provides a comprehensive technical and security profile. You can expand it to view:
1. 🌐 General Information
IP address & Port
Protocol used (HTTP/HTTPS)
ASN & ISP ownership
Abuse score
Country and geolocation
2. 🧩 Technologies
CMS platforms (e.g., WordPress, Plesk)
Libraries and frameworks (Bootstrap, Elementor, Google Fonts)
Server stack (PHP, MySQL, NGINX)
3. 🧾 HTTP Headers
Full response headers (security headers, cache controls, cookies)
4. 🔐 SSL Information
Certificate issuer, subject, expiration dates, cipher strength
SSL health based on scan engine (e.g., TLS 1.2, weak ciphers)
5. 📡 DNS Panel
A/AAAA/MX/CNAME/NS/TXT records
SPF, DKIM, DMARC validation
DNSSEC validation state and change logs
6. 🆔 WHOIS Information
Domain registrar
Expiration & creation dates
Raw WHOIS output
✅ This level of insight allows you to monitor your assets not just by IP or hostname, but by actual risk, technology, exposure, and ownership.
🔍 Search & Filter
You can search and filter assets by:
Domain name
Technology used (e.g., PHP, WordPress, React)
Open port (e.g., 80, 443)
This helps isolate vulnerable or misconfigured environments, or group assets by technology stack.
🔐 Why It Matters
Without visibility, you can't protect what you don't know you have.
The Asset Management module helps:
Detect shadow IT (unknown domains or services)
Prevent tech stack sprawl and unmanaged exposure
Monitor changes in infrastructure over time
Serve as a foundation for vulnerability assessment
🧠 Use Cases
Discover forgotten subdomains
Avoid exposure of legacy services
Track CMS & plugin usage
Identify outdated or risky versions
Watch SSL expiration dates
Avoid certificate downtime or MITM exposure
Validate security headers
Spot missing XSS/CORS/HSTS protections
Map IP and provider attribution
Detect hosting/ISP changes or anomalies
⚙️ Best Practices
Run asset discovery scans on a regular schedule (e.g., weekly).
Review port usage to detect unexpected exposures (e.g., non-standard ports).
Monitor for newly added technologies that increase your attack surface.
Combine with Vulnerability Scan (6.3) for actionable insights.
🎯 ShieldsGuard’s Asset Management doesn’t just give you a list — it builds a living, evolving picture of your digital perimeter. Know your assets. Reduce your risk. Secure with confidence.
6.2 Network Topology
📖 Overview
The Network Topology module offers a visual and interactive map of your entire internet-facing infrastructure. It illustrates the relationships between your domains, IP addresses, technologies, ports, and vulnerabilities in real-time — enabling you to understand your attack surface as a connected structure, not just a list.
🧠 Think of this as a cybersecurity radar that shows how all your digital assets are linked, and where your weaknesses may lie.
🧩 What It Displays
🧱 Nodes:
Each node represents an entity in your infrastructure:
Domain or subdomain (e.g.,
app.yourcompany.com)IP Address
Open port or protocol (e.g., 443/HTTPS, 21/FTP)
Technology in use (e.g., PHP, MySQL, WordPress)
Associated vulnerability (if found)
🔗 Connections:
Lines between nodes show direct associations such as:
Domains resolving to IPs
IPs running services on specific ports
Ports linked to technologies or risk factors
🎨 Node Indicators:
Each node is color-coded based on its type or threat level:
🔵 Domain
🟠 IP Address
🔴 Critical Vulnerability
🟡 High Risk
🟢 Safe
⚫ Unknown/Other
🖥️ Interactive Features
Zoom & Pan — Explore the map freely or fit to screen
Filter Nodes — Search by domain, IP, or vulnerability
Layout Options — Switch between graph models (e.g., CoSE, Circle, Grid)
Export — Download your topology as a PNG for reports or auditing
Node Detail Panel — Click any node to view:
Associated ports
Technologies
Resolved IP
Detected vulnerabilities
🛠️ Why It Matters
Traditional asset lists can’t show how things are connected — and attackers exploit relationships.
This view helps you:
Detect exposed nodes with shared risk
Identify forgotten or shadow systems still reachable
Spot single points of failure or shared infrastructure risk
Understand potential pivot paths in case of breach
🔍 Example Scenarios
A vulnerable service on shared IP
Multiple domains exposed through one IP
A forgotten subdomain still active
Visualized next to your main infrastructure
A non-SSL port open to internet
See it linked under an insecure protocol node
A legacy PHP app next to new stack
Legacy risk adjacent to modern services
⚙️ Best Practices
Review the topology weekly
Spot new or unauthorized connections
Export before change deployments
Compare before/after network footprint
Investigate isolated nodes
May indicate misconfigurations or forgotten assets
Monitor for red nodes
Indicates confirmed vulnerabilities
🎯 The Network Topology module turns your digital surface into a visual map of risk. Not only will you see what’s online — you’ll see what’s connected, and what needs to be secured.
6.3 Vulnerability Scan
📖 Overview
The Vulnerability Scan module provides real-time detection, classification, and visibility into the known and potential security weaknesses across your entire digital surface.
This system continuously analyzes exposed services, technologies, protocols, and configurations to identify vulnerabilities — then ranks them by severity so you know exactly what to fix, and where.
🚨 ShieldsGuard helps you stay ahead of attackers by showing what they see before they exploit it.
🔍 What It Scans
Web application stack (WordPress, PHP, Plesk, etc.)
SSL/TLS configuration and certificate health
HTTP headers and content security policies
Open ports and exposed services
Publicly accessible endpoints
CMS plugin versions
Protocol vulnerabilities and misconfigurations
Missing or misconfigured DNS and email security
🎯 Severity Levels
All findings are categorized using a clear, color-coded system:
🔴 Critical
Exploitable vulnerabilities with high impact
🟠 High
Major misconfigurations or outdated technologies
🟡 Medium
Weaknesses requiring mitigation
🔵 Low
Minor risks or hygiene issues
⚪ Info
Informational or best practice observations
Each severity level helps prioritize remediation based on real-world impact.
📋 Vulnerability Detail
Every finding includes:
Affected domain and URL
Risk level (color and label)
Vulnerability type or CVE (if applicable)
Description of the issue
Discovery method
Exact URL or port
Suggested resolution
Timestamp
Quick access to “View” for more details
🧠 Example Findings
CVE-2020-24778 (GSAP)
High
JavaScript library
Missing HSTS Header
Medium
HTTP response headers
Misconfigured CORS
Medium
API endpoints
SSL Certificate Near Expiry
Medium
TLS
Missing HttpOnly on Cookies
Low
Set-Cookie directive
No DKIM or SPF Records
Info
Email configuration
WordPress XML-RPC Brute Force Exposure
Medium
WP login subsystem
REST API Enumeration
Info
WP-JSON endpoint
📈 Dashboard Features
📊 Risk Score Gauge — Visual snapshot of risk posture
📑 Security Findings Table — Fully filterable by severity or domain
🧮 Vulnerability Histogram — Severity-wise chart
🔍 Domain Filter — Narrow scope by subdomain or asset
📤 Export Capabilities — Download reports for audits or incident response
⚙️ How to Use It Effectively
Patch critical exposures quickly
Sort by severity and act on 🔴/🟠 first
Track remediation over time
Re-scan after fixes and compare findings
Improve compliance posture
Export finding logs with timestamps
Investigate patterns
Correlate vulnerabilities across domains
Confirm system health after deploy
Run scan post-update to detect regressions
🔐 Best Practices
Integrate scans into your change and release cycle.
Treat HIGH and CRITICAL findings as blockers in CI/CD.
Review LOW/INFO items regularly for hygiene improvements.
Use scan results to update your WAF, IP filters, and rules.
🎯 ShieldsGuard Vulnerability Scan is your early warning system — detecting what could be exploited before attackers do, and giving you a prioritized, actionable plan to fix it.