Before You Scan
Confirm these items before scanning a production target:| Item | What to Confirm |
|---|---|
| Authorization | The organization owns the target or has explicit written permission to test it. |
| License scope | The target is covered by the active VulnScan license. |
| Network path | The VulnScan host can reach the target from the intended network location. |
| Target tolerance | The target owner understands that security testing can create traffic, logs, and alerts. |
| Authentication | A dedicated test account, cookie, token, header, or Basic Auth credential is ready if required. |
| Notification | Mail delivery is configured if the team expects scan-completed or report-ready emails. |
| Reporting | The team knows whether it needs CSV, JSON, PDF, or all three. |
Choose the Right Scope
| Scope | Use When | Watch For |
|---|---|---|
| Single URL | You want focused testing for one application entry point. | May miss sibling applications on other subdomains. |
| Root domain | You want discovery across a business domain such as acme.com. | Review discovered subdomains before broad testing. |
| Subdomain | You want repeatable testing for one application such as app.acme.com. | Use authenticated context if most functionality is behind login. |
| IP address | You want network service and exposed-component checks for one host. | Web applications behind virtual hosting may require hostname-based scans. |
| CIDR range | You want inventory and service exposure checks across a small owned network block. | Start with a small range and confirm rate limits. |
| Target file | You need repeatable CLI automation for many known targets. | Keep the file under change control and remove decommissioned targets. |
Web UI Workflow
- Open Assets.
- Add or select the asset you want to assess.
- Review the asset detail page for discovery signals.
- Choose Start scan.
- Confirm the scan name and target list.
- Enable subdomain coverage only when the domain and discovered hosts are in scope.
- Add authentication context if the application requires login.
- Start the scan and monitor progress on the scan detail page.
Authentication Options
| Option | Use Case | Example |
|---|---|---|
| Cookie | Browser application after login. | session=REDACTED; tenant=acme |
| Custom header | API token, bearer token, tenant routing, staging gateway, or internal routing header. | Authorization: Bearer REDACTED |
| Basic Auth | Staging site or internal application protected by HTTP Basic Authentication. | scanner:REDACTED |
CLI Equivalents
Use CLI when the scan needs to run from automation, a scheduled task, CI/CD, or a repeatable analyst workflow.| Goal | Command Pattern |
|---|---|
| Scan one application | vulnscan scan --target https://app.acme.com --output ./reports --format json,csv |
| Scan multiple targets | vulnscan scan --target https://app.acme.com --target https://api.acme.com --output ./reports --format json,csv |
| Scan from file | vulnscan scan --target-file ./targets.txt --output ./reports --format json,csv |
| Include subdomains | vulnscan scan --target acme.com --include-subdomains --output ./reports --format json,csv |
| Cookie scan | vulnscan scan --target https://portal.acme.com --cookie "session=REDACTED" --output ./reports --format json,csv |
| Header scan | vulnscan scan --target https://api.acme.com -H "Authorization: Bearer REDACTED" --output ./reports --format json,csv |
| Basic Auth scan | vulnscan scan --target https://staging.acme.com --basic-auth "scanner:REDACTED" --output ./reports --format json,csv |
| Vietnamese PDF | vulnscan scan --target https://app.acme.com --output ./reports --format pdf --lang vi |
Scan Output
VulnScan stores standard Web UI, CLI, and scheduled scans in the workspace database. The scan source remains visible for audit and troubleshooting. Supported export formats:| Format | Use For |
|---|---|
| CSV | Remediation tracking, spreadsheets, ticket import, and vulnerability registers. |
| JSON | SIEM, SOAR, custom integration, evidence processing, and data pipelines. |
| Executive summaries, customer-facing reports, audit packages, and management review. |
Scheduling Strategy
Use recurring scans when the target is important enough to monitor continuously. Recommended starting point:| Asset Type | Suggested Cadence |
|---|---|
| Internet-facing production application | Weekly or after major releases. |
| Critical customer portal | Weekly plus manual scan after high-risk changes. |
| Staging application in CI/CD | On demand during release validation. |
| Root domain discovery | Weekly or monthly, depending on asset change rate. |
| Small public CIDR range | Monthly, or after infrastructure changes. |
Configuration Checklist
Before clicking Start scan, verify:- The scan target exactly matches the intended hostname, URL, IP, or CIDR.
- The target is inside the active license scope.
- The asset detail page shows the expected discovery context.
- Authenticated applications have a valid test session or token.
- The scan source and output requirements are clear.
- The team knows who will triage Critical and High findings.
- PDF export notifications are configured if stakeholders need a downloadable report later.
Common Mistakes
| Mistake | Impact | Fix |
|---|---|---|
| Scanning only an IP for a virtual-hosted application | The scanner may miss hostname-specific web content. | Scan the real hostname or URL. |
| Using an expired cookie | Authenticated pages are missed. | Re-create the session before scanning. |
| Running a broad root-domain scan first | Too much data before owners understand scope. | Start with discovery, review assets, then expand. |
| Ignoring WAF/CDN signals | Findings may represent edge behavior rather than origin behavior. | Review WAF/CDN context in the asset detail page. |
| Exporting only PDF for remediation | Engineering teams lose structured fields. | Export CSV or JSON alongside PDF. |