How do I know if a target in a scan is unresponsive?
When the scan completes, you can take a look at the Scan Detail Page. At the top of this page, there is a section featuring three filters - Active, Unresponsive and Licences Exceeded. Clicking on one of these will filter the targets shown below to only the type selected e.g. only Unresponsive Targets.
Why does this happen?
Whenever you kick off a scan with Intruder, we run a discovery scan (using Smart Recon) to determine which of your targets are active and which are not.
If none of the target systems respond to our probes or ping (ICMP) then the scan will finish there – with nothing exposed, there's nothing for us to scan for vulnerabilities.
What should I do if this isn't what I expected?
...if it's the first scan on this target
The most common reasons are:
The scanner is being blocked by your firewall, IPS or WAF. To resolve this, consider adding our source scanner IPs to your allowlist(s).
The firewall is geofenced to block traffic from Europe (our scans originate from the UK and Germany).
The targets don't expose any ports or services to the internet, nor do they respond to ping.
The target was copied and pasted into the portal, bringing with it hidden artefacts; in this case, we'd recommend copy-pasting into a notepad first and then into the platform.
...if it's become unresponsive since the last scan
This means something changed since the target was last scanned; possible reasons include:
A firewall configuration, or IPS/IDS/WAF settings has changed.
The target is experiencing internet connectivity or stability issues which is preventing traffic from reaching the target. To fix this, we'd suggest reviewing the settings on the device, network and system environment.
If you don't think any of the above scenarios apply to you, please contact us via the chat bubble to let us know which targets you expect to be responsive and the ports/services you expect to be exposed and responding to discovery probes.