This stage of an infrastructure scan usually indicates that the scanner is searching for web applications on your infrastructure, in order to automatically perform passive web application scans.
This functionality is controlled in the scan settings in the following location:
- Infrastructure Scanner Settings
- Vulnerability Scanner
- Options
- Advanced Settings
- Automatically perform a passive web app scan against any discovered web applications
- Advanced Settings
- Options
- Vulnerability Scanner
This option instructs the scanner to scan each target looking for the presence of a web applications, and then performs a passive scan of an application found. Since it has to scan hosts in order to know if a web application is there or not this adds a small amount of time for each target if no web application scan is found. This can add up to a long time when scanning a large range.
It's recommended to disable this option when scanning anything larger than a /24.
Comments
0 comments
Article is closed for comments.