During a scan, there are 3 major components at play, each one with a specific job:

  • The fingerprinter identifies the technologies used on the target
  • The crawler goes through the target's URLs and interacts with every element found, clicking on buttons and filling in forms, among other things
  • The scanner finds vulnerabilities within the target's URLs

A scan has several possible states:

  • As soon as a scan is requested, it gets Queued; most of the time, it will start immediately
  • Once a queued scan begins, its state is changed to Started
  • After the fingerprinter, the crawler, and the scanner have completed their jobs, the scan ends and its state is set to Completed

There are some extra states:

  • If an ongoing scan is stopped by a user, the scan state is changed to Canceled
  • If the target is unreachable or there is a connection timeout, the scan ends with Failed, with a message indicating the error; the same state is used if a scan fails during its execution
  • If a scanning module encounters errors during its execution, the scan is updated to Completed with errors
  • If some vulnerabilities need to be manually confirmed by Probely's team, the scan is set to Under Review; after this manual review, the scan changes to Completed

Once a scan is successfully finished, its scan reports and coverage reports can be generated.

Did this answer your question?