Why does this happen?

Whenever you kick-off a scan with Intruder, we run a discovery scan (using Smart Recon) to determine which of your targets are active and which are not.

If none of the target systems respond to our probes or ping (ICMP) then the scan will finish there – with nothing exposed, there's nothing for us to scan for vulnerabilities.

What should I do if this isn't what I expected?

...if it's the first scan on this target

The most common reasons are:

  • The scanner is being blocked by your firewall, IPS or WAF. To resolve this, consider adding our source scanner IPs to your allowlist(s).

  • The firewall is geofenced to block traffic from Europe (our scans originate from UK and Germany).

  • The targets don't expose any ports or services to the internet, nor do they respond to ping.

  • The target was copy and pasted into the portal, bringing with it hidden artefacts; in this case, we'd recommend copy-pasting into a notepad first and then into the platform.

...if it's become unresponsive since the last scan

This means something changed since the target was last scanned; possible reasons include:

  • A firewall configuration, or IPS/IDS/WAF settings has changed.

  • The target is experiencing internet connectivity or stability issues which is preventing traffic from reaching the target. To fix this, we'd suggest reviewing the settings on the device, network and system environment.

If you don't think any of the above scenarios above apply to you, please contact us via the chat bubble to let us know which targets you expect to be responsive and the ports/services you expect to be exposed and responding to discovery probes.

Did this answer your question?