What is a license?

When signing up for the Intruder service, you're asked to choose the number of targets (internal/external/cloud) you'd like scan. Since each active target requires a license to scan it, the number of targets you choose is to the number of licenses you'll need.

How are licenses assigned?

When you start a scan (on-demand or scheduled) it kicks off two scans in tandem: Discovery Scan and Network Scan. If the Discovery Scan finds active targets then it will initiate the Vulnerability Scan on as many targets as you have available licenses. Once scanned, the active targets will be marked with a green dot.


Any outstanding active targets will be marked with an orange dot and we'll send you an email to let you know which ones were not scanned for vulnerabilities. In that case, you'll need to add more licenses.


When can I use the license on another target?

Every time you scan an active target it consumes one of your licenses for 30 days (even if you delete the target, or cancel the scan). With the Pro Plan, you can re-scan the same target(s) as many times as you like without using any additional licenses – iy just resets the 30 days. Only once 30 days have elapsed is the license released and available for use on another target.

Where can I read more about my licenses?

To check how many you have left just click on the targets page and scroll across to the last icon and hover over it:

To find out which targets are consuming licenses, click on the icon:

How many licenses do I need to scan a target internally and externally?

You would need two. The reason for this is because they scan from different perspectives: The external scan reveals what is directly accessible from the internet right now – this could be web-layer security problems; infrastructure weaknesses or security misconfigurations. Whereas, the internal scan is useful for viewing the device from the perspective of an attacker who has bypassed perimeter defences (perhaps in the form of an email), and is able to exploit internal configuration weaknesses; missing patches and encryption weaknesses.

Should I enter the hostname or IP address?

Many customers want to know if they have a domain name and an underlying IP, which one to enter. Each target entered will consume a license, so in general you should always put the least amount in to cover all bases. However, as with anything to do with technology, this can get complicated fast, which is why we have put together a few examples.


Did this answer your question?