Scan Targets
In Tenable Vulnerability Management, you can use a number of different formats when specifying targets for a scan. The following tables contain target formats, examples, and a short explanation of what occurs when Tenable Vulnerability Management scans that target type.
Note: Tenable limits the number of targets that you can scan in a single scan. For more information, see Scan Limitations.
Note: For previously scanned assets, you can configure scan targets based on host attributes like operating system or installed software, instead of host identifiers like IP address.
Tip: If a hostname target looks like either a link6 target (start with the text "link6") or one of the two IPv6 range forms, put single quotes around the target to ensure that Tenable Vulnerability Management processes it as a hostname.
|
Target Description |
Example |
Explanation |
|---|---|---|
|
A single IPv4 address |
192.168.0.1 |
Scans the single IPv4 address. |
|
A single IPv6 address |
2001:db8::2120:17ff:fe56:333b |
Scans the single IPv6 address. |
|
A single link local IPv6 address with a scope identifier |
fe80:0:0:0:216:cbff:fe92:88d0%eth0 |
Scans the single IPv6 address. Note that you must use interface indexes, not interface names, for the scope identifier on Windows platforms. |
| A list of IPv4 addresses | 192.168.0.1, 192.168.0.32, 192.168.0.200, 192.168.0.255 | Scans a list of different IPv4 addresses. |
|
An IPv4 range with a start and end address |
192.168.0.1-192.168.0.255 |
Scans all IPv4 addresses between the start address and end address, including both addresses. |
|
An IPv4 address with the last octet range replaced with numeric ranges |
192.168.0-1.3-5 |
Scans all combinations of the values given in the octet ranges. In this example, scans: 192.168.0.3, 192.168.0.4, 192.168.0.5, 192.168.1.3, 192.168.1.4 and 192.168.1.5 |
|
An IPv4 subnet with CIDR notation |
192.168.0.0/24 |
Scans all addresses within the specified subnet. The address given is not the start address. Specifying any address within the subnet with the same CIDR scans the same set of hosts. |
|
An IPv4 subnet with netmask notation |
192.168.0.0/255.255.255.128 |
Scans all addresses within the specified subnet. The address is not a start address. Specifying any address within the subnet with the same netmask scans the same hosts. |
|
A host resolvable to either an IPv4 or an IPv6 address |
www.yourdomain.com |
Scans the single host. If Tenable Vulnerability Management can resolve the hostname to multiple addresses, Tenable Vulnerability Management scans the first resolved IPv4 address or, if Tenable Vulnerability Management cannot resolve an IPv4 address, the first resolved IPv6 address. |
|
A host resolvable to an IPv4 address with CIDR notation |
www.yourdomain.com/24 |
Resolves the hostname to an IPv4 address, then scans all addresses within the specified subnet. Tenable Vulnerability Management treats this format like any other IPv4 address with CIDR notation. |
|
A host resolvable to an IPv4 address with netmask notation |
www.yourdomain.com/255.255.252.0 |
Resolves the hostname to an IPv4 address, then scans all addresses within the specified subnet. Tenable Vulnerability Management treats this format like any other IPv4 address with netmask notation. |
|
The text 'link6' optionally followed by an IPv6 scope identifier |
link6 or link6%16 |
Scans all hosts that respond to multicast ICMPv6 echo requests sent out on the interface specified by the scope identifier to the ff02::1 address. If no IPv6 scope identifier is given, the requests are sent out on all interfaces. Note that you must use interface indexes, not interface names, for the scope identifier on Windows platforms. |
|
Some text with either a single IPv4 or IPv6 address within square brackets |
"Test Host 1[10.0.1.1]" or "Test Host 2[2001:db8::abcd]" |
Scans the IPv4 or IPv6 address within the brackets, like a normal single target. |