Scan Targets

In Tenable Vulnerability Management, you can use a number of different formats when specifying targets for a scan. The following tables contain target formats, examples, and a short explanation of what occurs when Tenable Vulnerability Management scans that target type.

Note: Tenable limits the number of targets that you can scan in a single scan. For more information, see Scan Limitations.

Note: For previously scanned assets, you can configure scan targets based on host attributes like operating system or installed software, instead of host identifiers like IP address.

Tip: If a hostname target looks like either a link6 target (start with the text "link6") or one of the two IPv6 range forms, put single quotes around the target to ensure that Tenable Vulnerability Management processes it as a hostname.

Target Description

Example

Explanation

A single IPv4 address

192.168.0.1

Scans the single IPv4 address.

A single IPv6 address

2001:db8::2120:17ff:fe56:333b

Scans the single IPv6 address.

A single link local IPv6 address with a scope identifier

fe80:0:0:0:216:cbff:fe92:88d0%eth0

Scans the single IPv6 address. Use interface indexes, not interface names, for the scope identifier on Windows platforms.

A list of IPv4 addresses 192.168.0.1, 192.168.0.32, 192.168.0.200, 192.168.0.255 Scans a list of different IPv4 addresses.

An IPv4 range with a start and end address

192.168.0.1-192.168.0.255

Scans all IPv4 addresses between the start address and end address, including both addresses.

Caution: When entering a target range, do not enter a space before or after the hyphen (for example, 192.168.0.1 - 192.168.0.255). Tenable Vulnerability Management does not accept ranges in this format.

An IPv4 address with the last octet range replaced with numeric ranges

192.168.0-1.3-5

Scans all combinations of the values given in the octet ranges. In this example, scans: 192.168.0.3, 192.168.0.4, 192.168.0.5, 192.168.1.3, 192.168.1.4 and 192.168.1.5

Caution: When entering a target range, do not enter a space before or after the hyphen (for example, 192.168.0 - 1.3 - 5). Tenable Vulnerability Management does not accept ranges in this format.

An IPv4 subnet with CIDR notation

192.168.0.0/24

Scans all addresses within the specified subnet. The address given is not the start address. Specifying any address within the subnet with the same CIDR scans the same set of hosts.

An IPv4 subnet with netmask notation

192.168.0.0/255.255.255.128

Scans all addresses within the specified subnet. The address is not a start address. Specifying any address within the subnet with the same netmask scans the same hosts.

A host resolvable to either an IPv4 or an IPv6 address

www.yourdomain.com

Scans the single host.

If Tenable Vulnerability Management can resolve the hostname to multiple addresses, Tenable Vulnerability Management scans the first resolved IPv4 address or, if Tenable Vulnerability Management cannot resolve an IPv4 address, the first resolved IPv6 address.

A host resolvable to an IPv4 address with CIDR notation

www.yourdomain.com/24

Resolves the hostname to an IPv4 address, then scans all addresses within the specified subnet.

Tenable Vulnerability Management treats this format like any other IPv4 address with CIDR notation.

A host resolvable to an IPv4 address with netmask notation

www.yourdomain.com/255.255.252.0

Resolves the hostname to an IPv4 address, then scans all addresses within the specified subnet.

Tenable Vulnerability Management treats this format like any other IPv4 address with netmask notation.

The text link6 optionally followed by an IPv6 scope identifier

link6
or
link6%16

Scans all hosts that respond to multicast ICMPv6 echo requests sent out on the interface specified by the scope identifier to the ff02::1 address. If no IPv6 scope identifier is given, the requests are sent out on all interfaces. Use interface indexes, not interface names, for the scope identifier on Windows platforms.

Some text with either a single IPv4 or IPv6 address within square brackets

Test Host 1[10.0.1.1]
or
Test Host 2[2001:db8::abcd]

Scans the IPv4 or IPv6 address within the brackets, like a normal single target.