File¶
The File asset type in the OWASP Open Asset Model (OAM) represents a file that is publicly accessible from the internet—typically retrieved via HTTP, HTTPS, or other remote protocols. This includes web-accessible files such as JavaScript libraries, PDF documents, configuration exports, or exposed archives.
-
Definition: A
Fileasset consists of a direct URL reference to a downloadable or inspectable file, with optional metadata such as file name and type. It serves as an abstraction for discrete, remotely hosted resources. -
Purpose: Exposed files often contain valuable signals for OSINT and security teams. Public-facing files may reveal application behavior (e.g., JavaScript logic), data leakage (e.g., exports, backups), infrastructure clues (e.g.,
.env,.git/config), or user-generated content (e.g., uploaded resumes, invoices). Modeling these files as assets enables targeted analysis, attribution, and monitoring. -
Design Choice: The
Filetype is intentionally simple—centered on its URL—to support lightweight ingestion from crawlers, link resolvers, or passive intelligence feeds. Optionalnameandtypefields allow for basic classification without requiring full content analysis or mime-type parsing during collection.
File Attributes¶
| Attributes | Type | Required | Description |
|---|---|---|---|
url |
string | Fully qualified URL to the file (e.g., https://example.com/.git/config) |
|
name |
string | Optional file name or basename extracted from the URL | |
type |
string | Optional file type or format hint (e.g., pdf, js, zip) |
File Properties¶
| Property Type | Property Name | Description |
|---|---|---|
SimpleProperty |
last_monitored |
Tracks when a data source was last queried regarding this File |
SourceProperty |
Source Plugin Name | Indicates that the specified data source discovered this File |
File Outgoing Relations¶
graph TD
file["File (https://example.com/.git/config)"]
url["URL"]
urlRel@{ shape: braces, label: "url" }
file --o urlRel
urlRel --> url
contactrec["ContactRecord"]
contains@{ shape: braces, label: "contains" }
file --o contains
contains --> contactrec
contains --> url| Relation Type | Relation Label | Target Assets | Description |
|---|---|---|---|
SimpleRelation |
url |
URL |
Links the location of the File into the greater graph |
SimpleRelation |
contains |
ContactRecord, URL |
Links content discovered in the File into the greater graph |
© 2025 Jeff Foley — Licensed under Apache 2.0.