Skip to main content
All CollectionsPlans, features and licensing
What checks does Intruder run?
What checks does Intruder run?

And how can you find them in the portal.

Naomi Purvis avatar
Written by Naomi Purvis
Updated over a week ago

Number of checks included with each license + plan


License + underlying scanning engine

Number of checks

What's covered


The Infrastructure license includes OpenVAS checks


  • External infrastructure only

Pro, Premium, Vanguard

The Infrastructure license includes Tenable checks

>15,590 external checks

>151,248 internal checks

  • External infrastructure

  • Internal endpoints: Windows, Linux + MacOS

Premium + Vanguard

The Infrastructure license also includes Nuclei checks

>4,358 external checks

  • External infrastructure

Available for purchase on any plan

Application license includes OWASP ZAP checks and plan-specific external checks

89 ZAP checks

+ relevant external checks

  • As above +

  • Vulnerabilities that affect web apps and the servers that host them.

  • Can also be used to scan APIs.

Types of checks:

Essential, Pro, Premium Vanguard:

  • Unintentionally exposed systems
    Checks for software and services which are not recommended to be exposed to the internet

  • Information Leakage
    Checks for information leakage which could be used by hackers to mount further attacks

  • Encryption weaknesses
    Checks for weaknesses in SSL/TLS implementations

  • Misconfigurations & common mistakes
    Checks for misconfigurations, security best practices, and common mistakes such as exposing code repositories

  • Remote vulnerable Software and missing patches
    Checks (from an external perspective) for software with publicly known vulnerabilities

Pro, Premium, Vanguard

These plans also include internal scanning (via an agent) for Linux, Windows and macOS devices. Which offers more comprehensive checks as it has more privileged access to the machine. Some of the things we check you for include:

  • Local misconfigurations & common mistakes

    No matter how secure the software package is, it can still be configured insecurely - for example leaving default passwords set up; inadvertently leaving admin pages exposed; and not enabling encryption.

  • Vulnerable software packages & missing patches
    Check your internal targets for vulnerable versions of software packages, frameworks and components, including OS patches, software updates and missing server packages.

Premium and Vanguard

The checks included in these two plans are enhanced further – courtesy of a second scanner. Nuclei covers some of the same vulnerabilities outlined above, but also checks for:

  • Out-of-band vulnerabilities

    These are weaknesses that can't be exploited in standard HTTP request/response communication; instead, they leverage non-standard forms of communication such as blind XSS or email header injection to retrieve/obtain information of a sensitive nature.

Application licenses (on all plans) cover:

  • OS command injection

  • Cross-site scripting (XSS); persistent/stored, reflected and DOM-based XSS

  • SQL injection; against multiple types of databases

  • NoSQL injection; specifically against MongoDB

  • LDAP injection

  • XPath injection

  • Server-side includes

  • Server-side code injection

  • Java serialisation weaknesses

  • Buffer and integer overflows

For a more detailed explanation of the features included in each plan head to this article: Which service is right for me?

Where can I see the full list of checks you run?

If you have access to the portal, you can see exactly what we test you for. Just head to the dashboard and click Checks available (middle at the top). You will also be able to see the number of checks we have added to your checks repertoire in the last 90 days:

Here you can see all the checks your targets will be evaluated against; with the option to filter by CVSS Rating, Check Type (internal, external, application), or search by CVE or Check Name. You can also see the scan priority setting applicable for each check as an icon next to the check name:

Essential Plan (OpenVAS Checks)

Pro, Premium, Vanguard (Tenable Checks)

Premium and Vanguard (Nuclei & Tenable Checks)

Clicking on any check will take you to the Check Detail page, where you can see the targets that were scanned for this vulnerability, when they were last scanned for this, and whether or not they passed.


Do all checks get executed all the time?

All checks are enabled, but this does not mean that all checks will be executed against every service that your systems have running. Instead, vulnerability scanners will 'fingerprint' the service running on that port and execute checks for that service only (there’s little value in executing a check for a service not running on the target).

Can I export a list of all the checks?

Yes, absolutely! Just head to the Checks page and hit 'Export to CSV':

Did this answer your question?