How to Trigger an External Scan

1. Navigate to Target Asset Page

• Go to Attack Surface → Target Asset.

2. Add an Asset

• Choose the asset type based on the scan:

  • Domain → for web applications.

  • APKFile → for Android applications.

• Enter the domain name (e.g., example.com).

• (Optional) IIf you have specific starting URLs for authenticated and unauthenticated sessions, such as /login for unauthenticated sessions and /dashboard for authenticated sessions, please add them in the fields for Starting Path for authenticated sessions and Starting Path for unauthenticated sessions.

3. Verify Sandbox Agent Connection

• Ensure that the Sandbox Agent is connected and ready.

4. Open Discovery Module

• Navigate to Modules → External Assessment → Discovery.

5. Select the Target

• Choose the Target Domain you just added.

6. Configure Scan Settings

Configure scan settings for External Assessment to control how scans run, including authentication, browser sessions, rate limits, and manual crawling. Click the Settings icon (on the right side of the asset) to configure.

7. Schedule the Scan

• Click Schedule Scan.

• Two options will appear:

  1. Run Discovery first, then the main module (manually start second step).

  2. Trigger External Scan automatically after Discovery (recommended).

  

8. Select Scan Categories

• If you chose Trigger External Scan, a list of Scan Categories will appear.

• Select specific categories or choose Select All.

• Save the configuration.

9. Run the Assessment

• Click Run Assessment to begin the scan.

• Track scan status / activity on the Activity page