Quick answer: It's usually best to use the hostname (e.g. www.intruder.io).

The reason for this is because if the IP address points to multiple websites, then there is no guarantee that our scanners will detect and scan the intended target; adding the hostname ensures that everything linked to the hostname (including the IP address) gets scanned.

Would I ever need to add both?

If any of the following are true for your website then yes, you need to add both the hostname and the IP address as targets in the portal:

  • The website is hosted on a content delivery network (CDN) such as CloudFlare or AWS CloudFront. In this case you should add the hostname and the IP addresses of any servers behind CloudFlare.

  • A DNS lookup of the hostname gives multiple IP addresses in its results (In this case it's best to add the hostname and all of the IPs).

How many licenses do I need?

I've got ten websites on one IP

👉 You'll need 10 licenses.

Enter the ten website hostnames, but don't worry about adding the IP address separately as the scanner will automatically resolve the hostname to the IP address and so it's already in scope.

I've got one hostname pointing to ten IPs

👉 You'll need 11 licenses

Sometimes configuration drift between IPs can introduce weaknesses on individual systems and so you may want to add each IP individually. Then, to ensure that the website is being properly scanned, it would be advisable to add the hostname too.

My website points to one IP

👉 You'll need 1 license

As we mentioned above, so long as the IP address is linked to the hostname, then if you add the hostname, the IP will also be scanned for vulnerabilities.

I'm scanning my web server and the site hosted on it

👉 You'll need 2 licenses

One for the agent scanning the internal system

One for the cloud-based SaaS scanner covering the external system.

Did this answer your question?