All Collections
How to interpret scan results
How to interpret scan results

Learn how to interpret scan results

Ana Pascoal avatar
Written by Ana Pascoal
Updated over a week ago

After setting up your target at Probely, you can start a scan and access its details (scan results). If you do, you’ll see there are 3 major components at play, each one with a specific job:

  • The fingerprinter identifies the technologies used on the target

  • The crawler goes through the target's URLs and interacts with every element found, clicking on buttons and filling in forms, among other things

  • The scanner finds vulnerabilities within the target's URLs

From this page, you can check each component’s progress, as well as the scan results being updated in real time, with any vulnerabilities that the scanner finds within the target’s URLs.


Depending on the type of vulnerability found, its exploitability, impact and scope, a CVSS score and risk/severity classification are attributed to the finding, helping you prioritize the vulnerabilities fixes: in general terms, vulnerabilities with bigger impact and that can be easily exploited with have a higher risk, while vulnerabilities that have a lower impact, are more complex to replicate and require several specific conditions in order to be exploited will likely represent a lower risk.

Learn more about findings and what you can do with them here.


As soon as your scan starts, you can download a provisory coverage report to get some sense of what is happening on your scan; once the scan is finished, you can export the coverage report’s final version, which allows you to check every endpoint the scanner reached during the whole scan.

Additionally, once the scan is finished, you can also export a scan report, which you can share within your company or with your auditors/customers. The report will list the vulnerabilities found, along with a detailed description, and ways of fixing them, as well as a list of all the tests performed during the scan.

Depending on the type of report, it may also list the results of the tests performed compared with a specific checklist of requirements needed for compliance purposes (e.g. OWASP Top10 or PCI-DSS).

Did this answer your question?