The short answer is: Yes! Intruder can scan single-page applications (SPAs) for weaknesses. But here's the more detailed answer:
Intruder's checks which work on an infrastructure level will not be affected whether an application is single-page or not.
For example, our checks for whether you've: accidentally exposed your application's database to the internet; forgotten to apply security patches to your web server; or uploaded your code repository to your website root directory, will all get carried out just fine.
However, some of our web-application checks (such as checks for SQL injection, or cross-site scripting) may be less effective when scanning SPAs compared to more traditional HTML form & page based applications. This is the same issue as with most automated scanning engines on the market today, and is due to the fact that automated scanners find it difficult to navigate and understand how to operate an SPA.
Rest assured that we're working on better ways to test these applications, but for now, regardless of whether your web applications are single-page or not, we recommend trying out a free trial (if you haven't already), you may still be surprised at what we will find!