If you're worried about our scanning bringing a system offline or causing heavy traffic to a production system, rest assured that Intruder's scanning engines are configured to be safe to use.
What about authenticated web-app scanning?
We always err on the side of caution and recommend scanning test environments, or those connected to a test harness. Though we don't recommend it, if you're wanting to add admin credentials, then please read this first.
For full transparency, it's worth understanding exactly what happens when you kick off an authenticated scan:
Our scanner crawls all pages within your application
Identifies different points where data can be sent to your application
Sends data (and crafted requests) to the application
Checks responses to see if there has been any successful exploitation or any vulnerabilities exist
Since the scanner will attempt to send different types of data to pages behind the login page, it's worth considering what kind of functionality the scanner will be able to interact with and what processes might be triggered. For example:
Creating an entry in our IT help desk ticketing system
Sending Slack/Teams messages
Sending requests to third-party organisations
If you choose to scan an application that has this sort of functionality you may see an increase in submissions as the scanner attempts to send multiple requests in a short timeframe.
What about API Scanning?
When you upload an API and kick off a scan, the scanner will parse the schema to build a list of endpoints and requests.
If your schema contains endpoints that can modify or delete data (for example a DELETE endpoint) and you provide credentials that permit this behaviour, the scanner has the potential to modify that data. It is therefore recommended to review the endpoints in the schema in the context of the account you're giving the scanner access to and either modify the schema or revoke account permissions.
What about Internal Scanning?
Our internal vulnerability scanner uses an agent installed onto the local machine. This agent is designed not to cause any damage to the machine on which it is installed. It does not require access to documents on the machine and will be predominantly checking system directories (e.g. C:/WINDOWS) and Application/Program Files.
The minimum requirements for the agent is a CPU Speed >= 1GHz and 1GB or more of RAM - provided these resource requirements are met (or exceeded) then the scanner will not experience any issues such as running out of memory or CPU capacity.
What about DoS?
We test for denial of service (DoS) vulnerabilities, but don’t exploit them so no need to worry about your systems being taken offline.
What about cost of scanning in AWS/GCP/Azure?
There are a lot of variables when it comes to services that can increase costs in cloud environments, that being scanned scans shouldn't inherently cause notable increases in your service costs, however, if auto-scaling is enabled on your services our scans may trigger this and so can incur increases in cost.
FAQs
How do I cancel a scan
If you ever need to cancel a scan, just head to Scans > click the x > click OK:
Can I throttle a scan?
Yes! If you know of any significant resource constraints on a certain system or reasons why your system may not respond well to a peak in traffic, Intruder does offer a throttled scan setting that can be used to scan at slower speeds. This only applies to the infrastructure portion of the scan (and not any application scans that might be carried out if you add a target as a web application).
This shouldn't be required normally but may be helpful when scanning certain problematic hosts.
⚠️ This feature is only available on the Pro, Premium and Vanguard plans
Can I limit the ports that get scanned?
Yes, absolutely. This would be especially helpful for those users with Application licenses, that want to limit scanning to just the application (and not the broader infrastructure).
If you have any further questions around how Intruder's scans might affect your systems, please contact us in the in-app chat box.