The Domain Whitelist feature allows you to explicitly specify which domains (including subdomains) are allowed for scanning. Only whitelisted domains will be included in vulnerability tests, even if additional domains are discovered during crawling.
Key Features:
Add specific domains to allow scanning
Support for wildcard patterns
Ensures scans stay within the authorised scope
Discovered domains outside the whitelist are automatically excluded
Wildcard Pattern Examples:
example.com - Matches exactly example.com
*.example.com - Matches all subdomains (api.example.com, app.example.com, etc.)
*.dev.example.com - Matches all sub-subdomains under dev (test.dev.example.com, staging.dev.example.com)The Domain Blacklist allows you to explicitly exclude specific domains from scanning. Any domains added to the blacklist will be completely ignored during assessments.
Key Features:
Explicitly exclude domains from scanning
Support for wildcard patterns
Overrides whitelist settings
Useful for excluding third-party services or sensitive areas
Wildcard Pattern Examples:
Important Notes:
Blacklist takes precedence over whitelist
Wildcards apply to all matching subdomains
Use carefully to avoid excluding critical test targets
Both whitelist and blacklist support complex wildcard patterns for flexible scope control
Last updated
analytics.example.com - Blocks only analytics.example.com
*.analytics.example.com - Blocks all subdomains under analytics
*.third-party.com - Blocks all subdomains of third-party services