Assets are your organisation’s external attack surface — the domains, subdomains, and IPs that are visible from the internet. Everything Odin discovers via Continuous Asset Discovery, Mjolnir’s reconnaissance phase, or that you add manually appears here.
Open the Assets page from Attack Surface > Assets in the sidebar.
Asset types
| Type | Description |
|---|
| Domain | A root domain (e.g. example.com) |
| Subdomain | A subdomain under a root domain (e.g. api.example.com) |
| IP | An IPv4 or IPv6 address associated with your infrastructure |
Sources
Each asset is tagged with how Odin learned about it:
- Manual: added by a member of your team
- Recon: discovered by Continuous Asset Discovery
- Import: added via CSV/JSON import
- Agent: discovered by Mjolnir during a pentest run
Adding assets
There are two ways to add assets manually:
- Add asset: click Add Asset in the page header, choose the type, and enter the value. You can also toggle Continuous Asset Discovery on at creation time.
- Import assets: click Import and upload a CSV or JSON file containing multiple assets
Activating Continuous Asset Discovery
If your organisation has CAD enabled but hasn’t yet activated a subscription, a banner on the Assets page prompts you to start. Once active, you can toggle CAD on a per-asset basis as you add or edit them. See Continuous Asset Discovery for what CAD does and how it’s billed.
Asset detail
Click any asset in the list to open the detail panel. The panel has five tabs:
Overview
Key metadata about the asset:
- Type, source, status, and creation date
- DNS data: A, AAAA, CNAME, and other resolved records (for domains and subdomains)
- HTTP data: response status, headers, redirects (for domains and subdomains)
- TLS data: certificate subject, issuer, expiry, and chain (for HTTPS endpoints)
- Open ports and services (for IPs)
- Notes: a free-text field your team can edit; useful for owner / on-call info
- Monitoring toggle: turn CAD on or off for this asset
Tech
Technologies detected on the asset — web frameworks, CMSes, JavaScript libraries, analytics tools, server software, and so on. Useful for understanding your supply chain and tracking inventory of risky dependencies.
Relation
A focused view of how this asset connects to other assets in your inventory:
- Domain hierarchy: parent and child relationships in your domain tree
- Certificate sharing: other assets that share the same TLS certificate
- IP co-resolution: domains and subdomains resolving to the same IP
See Asset Relations for more on how these connections are derived.
Routes
HTTP routes (paths and endpoints) Odin knows about for this asset. Click a route to open it, or use Add route to capture additional paths Odin hasn’t yet seen — useful when you know about an endpoint that’s not linked from any crawled page.
Findings
All findings that reference this asset, with the same filter, sort, and detail experience as the main Findings page.
Filtering and search
Use the filters at the top of the Assets page to narrow your view:
- Type: show only domains, subdomains, or IPs
- Status: filter by active, inactive, or unverified
- Source: filter by Manual, Recon, Import, or Agent
- Search: free-text search across asset names and metadata
- Sort: order by value, last seen, or date added
The URL updates as you filter, so any view can be bookmarked. Keyboard shortcuts: j/k navigate the list, Enter opens the focused asset, x toggles selection.
Exporting
Click Export in the page header to download your assets in CSV, Markdown, or JSON. The export respects your current filters, so narrow the list first if you want a focused report. 
