Go to Intruder
All Collections
Plans, features and licensing
Licensing
How does our licensing work?

How does our licensing work?

Understand what we offer, how to use them and when they're assigned
Naomi Purvis avatar
Written by Naomi Purvis. Updated over a week ago

What types of licenses do we have?

Infrastructure licenses

This license allows users to conduct external scanning on IP addresses, domains and subdomains; as well as internal scanning on devices supporting Windows, Linux or MacOS.

Authentication licenses

The Authentication License can be used to conduct infrastructure scanning and authenticated web-app scanning (where authentication has been provided); allowing us to scan your perimeter and those pages behind the login.

The license supports many authentications on one target, which is very useful if you want to scan:

  • An application with different user types

  • An application with different permission levels

  • An IP address or domain hosting multiple applications

Authenticated web-app scanning is an add-on feature, available across all plans. If you have more questions about authentication licenses, just head to the bottom of this page. 👇

When are licenses assigned?

Infrastructure and Authentication licenses are assigned to external targets as soon as a scan (scheduled, on-demand, or ETS) is kicked off and a target is found to be active. (If a target is found to be active, but you don't have enough licenses, it will be marked with an orange dot and we'll send you a message to let you know what to do next).

Licenses are ‘tentatively assigned’ to internal targets as soon as you link the agent and see it pop up on your target list. (For that reason, you can only add as many internal targets as you have licenses available). However the license is formally assigned as soon as the scan is started, regardless of whether the target is active or not.

How long are licenses locked to a target?

License are deemed ‘in use’ for 30 days, only once those 30 days have elapsed is the license released and available for use on another target.

Please note, deleting the target, cancelling the scan or removing the authentication does not release the license. You can re-scan the same target(s) as many times as you like without using any additional licenses – it just resets the 30 days.

Can I re-assign a license?

No, unfortunately not. Once a license has been assigned to a target, it will remain 'locked' to it for 30 days.

Can I transfer a license from the IP address to the domain?

No, unfortunately not. The portal has no way of knowing that the two are affiliated and so it treats them as independent targets, each requiring a license to scan them.

How do I know if my target is consuming a license / has authentication provided?

The first icon shows that the target is consuming a license, the second indicates that authentication has been added.

How do I know when my licenses are due for release?

Head to the targets page and click 'Licenses'. The ‘License release’ column is what you’re looking for.

How do I increase/decrease my license count?

We’ve written an article on exactly this – just click here.

Questions about Infrastructure licenses

I need to add my web server as a target – what should I do?

We have just the article for this, head here.

What about scanning the same target internally and externally?

To scan the same target from both perspectives, you would need two licences. The reason for this is because each scanning perspective provides your with different insights: 

  • The external scan reveals what is directly accessible from the internet right now – this could be web-layer security problems; infrastructure weaknesses or security misconfigurations.

  • Whereas, the internal scan is useful for viewing the device from the perspective of an attacker who has bypassed perimeter defences (perhaps in the form of an email), and is able to exploit internal configuration weaknesses; missing patches and encryption weaknesses.

Questions about Authentication licenses

How do I add authentication to a target?

You can only add authentications to a target if you have an Authentication license available; instructions on how to add them can be found here.

Can I change from an Infrastructure license to an Authentication license?

If an Infrastructure license has been assigned to the target, but you want to run an authenticated scan, then you’ll need to make sure you have an Authentication license available. Once you have added the authentication and kicked off a scan, the authentication license is assigned and the infrastructure license is released (so you can use it to scan other targets from an unauthenticated perspective).

What happens if I have purchase an authentication licence and run a scan before adding credentials?

The license will be assigned, but will only scan the infrastructure. As soon as you add the authentications, you can run another scan to cover the authenticated pages too.

What happens if I delete my authentication(s)?

👉 If you've scanned the target

The Authentication license will remain assigned to the target for 30 days and will reset with every subsequent scan, even if you have removed the credentials. Only once the 30 day consumption period has elapsed will the authentication license be released and available for use on another target.

If an authentication license is currently assigned to a target without credentials and you wish to continue with unauthenticated scanning only, please feel free to reach out via the chatbot and we can discuss options).

👉 If you haven't scanned the target

The authentication license won't have been assigned and so it's available for immediate use on another target.

Did this answer your question?