If you have run a scan and suspect that our scanners have missed something, then it may be worth eliminating the following before reaching out to the team:

Is the target online?

Sometimes it can help to double-check that the target is online and reachable from the internet. It must be able to reach out to the internet on Port 443.

Could something be blocking our scans?

This might be a Web Application Firewall (WAF), or an Intrusion Prevention System (IPS), such as sshguard or fail2ban.

If any of these are enabled, then you will need to add our source scanner IPs to your Firewall/WAF allowlist. This is common practice when building a robust security strategy as it allows the scanner to bypass the first layer of security (which might be misconfigured or exploitable by an attacker) and identifies weaknesses on the next layer. This defence-in-depth approach provides additional security, without exposing your systems to any unintended traffic.

Were the issues 'filtered as noise'?

If an issue is deemed to be 'informational' rather than a 'vulnerability', we deliberately omit it from the report and issues page. The reason for this is because we are committed to only reporting issues that if exploited, could pose a threat to your security.

That said, you can still review any issues filtered as noise on the Noise page (accessible from the Issues Page). For more information on why we filter as noise, head over to the website or help centre.

Did this answer your question?