Usually our scans on unauthenticated targets can take anything from 15 minutes up to 24 hours to complete. For authenticated targets, the scans can sometimes take 48 hours to complete. For internal targets, scan times rarely exceed 12 hours.

That said, there are a few factors that can influence the scan run time, some of the most common ones are listed below:

The scanner uses links on each page to crawl the application, starting from the root directory (navigating to the sitemap, if linked) so if there are lots of linked pages, it could take the scanner some time to get through them all.

Scan run time is less about the number of targets and more about the type of targets being scanned. That's not to say that the number of targets doesn't influence the scan run time, because it certainly scan – 100 small targets would take longer than one small target – but it also stands to reason that one large target could take longer to scan than twenty small ones. It really does depend on what you're scanning.

For each discovered service, a number of checks need to be carried out by our scanners; so if you've entered targets with hundreds or thousands of open ports running services exposed to the internet, then our scans will take longer.

In some rare cases, IPS can aim to confuse scanners by making ports which are closed appear to be open, which for the reasons mentioned above can cause extended scan times. Some firewalls and modern edge routers even have IDS technology built-in, so it may be worth double-checking if your scan is taking a long time to complete.

In cases where a scan contains multiple targets that all resolve to the same hosting server, the scan run time will increase. This is because our underlying scanner will evaluate each target and if it is determined that multiple targets in the scan resolve to the same destination, then the vulnerability scans for these targets will run consecutively rather than in parallel therefore causing the scan time to increase as the scanner will need to wait for one vulnerability scan to complete before initiating the next.

Some customers have unusual networking or server configurations that can lead to long running scans. For example, in one case a reverse proxy was set up to serve a single website from a large number of non-standard ports. This caused our scanner to scan the same website thousands of times. If this is happening on your targets, we'll do our best to let you know about it!

Scans that run on targets with an authentication method configured will take longer to scan than unauthenticated external targets because of the increased number of comprehensive checks.

There are other factors that can increase scan time, including a large number of parameter URLs, convoluted path structure or nested pages just to mention a few.

Some of the same factors as for External Targets apply: Intrusion Prevention Systems (IPSs), Web Application Firewalls (WAFs), large websites and unusual configurations can increase scan run time.

Some internal checks involve scanning certain files for weaknesses; if those files are very large or the system has a very big filesystem in place, it can increase scan run times.

If the machine is switched off; there is a problem with the network connection; or the agent is not installed correctly – the scanner will attempt to connect with agent periodically for 12 hours. (This is designed to catch systems that are switched off or otherwise unavailable, giving the system a window within which to start scanning.) If the scanner doesn't hear back once those 12 hours have elapsed, the target will be marked as unresponsive and the scan will end.

It's worth noting, if you're scanning multiple machines at once and just one of them is unresponsive, it will delay the results for all.

Note: Advanced Scanning options and Internal Target scanning are features only available to users on the Pro, Premium and Vanguard plans.