Scan Types

Previous Next

S4E Cloud offers four scan types designed for different scenarios -- from targeted single-tool checks to comprehensive assessments. Choosing the right scan type ensures you get the coverage you need within your time and resource constraints.

Overview

Scan Type Coverage Best For
Single Scan One specific tool against a URL, IP, or domain Targeted vulnerability check
Full Scan All applicable tools including OWASP Top 10 Comprehensive security assessment
Light Scan Limited set of high-priority tools Quick security health check
Crawl Only AI-powered web crawling, no vulnerability detection Attack surface mapping

Single Scan

The Single Scan lets you run a targeted scan for a specific URL, IP, or domain using a single tool from the S4E library. This is useful when you want to check for a specific vulnerability or run a particular detection tool.

How it works:

  1. Enter or select the target (URL, IP, or domain).
  2. Choose a scan tool from the tool library.
  3. Start the scan.

When to use: Testing a specific vulnerability, verifying a fix for a known issue, quick one-off checks against a particular target.

Note

Single Scan does not require a verified asset. You can provide any URL, IP, or domain directly.

Full Scan

The Full Scan conducts a comprehensive security check on your verified assets. It thoroughly examines all aspects of your systems to identify and report any potential security vulnerabilities including OWASP Top 10 at one time.

How it works:

  1. Select Full Scan as the scan type.
  2. Select your verified asset from the dropdown.
  3. Complete the Service Checker step (see below). It confirms which open ports and services will drive service-based checks before the full scan runs.
  4. Choose the scan categories you want to include from the category list.
  5. Click Next to start the scan.

Service Checker

After you pick an asset, the wizard runs Service Checker to see whether any services are already known or visible for that asset.

  • No services found — You see a warning that no open ports or services were detected. To include real services in the Full Scan, pick one of the port-discovery options below (or defaults), then continue through category selection and start the Full Scan:

    • Top 10 Port Scan (~5 minutes) — Checks the most common ports (for example 22, 80, 443, 3306, 8080). Fast and a good first step for new assets.
    • Full Port Scan (~20 minutes) — Scans all 65,535 TCP ports for maximum coverage; takes longer.
    • Default Ports Only (immediate) — Continue with HTTP/HTTPS only (80 and 443); no extra discovery scan.

  • Services found — The step shows active services in a summary (for example port, protocol such as http / https, and transport such as TCP). The UI explains that these open ports are what service-based scans will target for comprehensive coverage. You continue through category selection and then start the Full Scan.

What it covers:

  • Known CVE detection across web servers, frameworks, and libraries.
  • OWASP Top 10 vulnerability checks (SQL injection, XSS, SSRF, etc.).
  • SSL/TLS configuration analysis.
  • Security header validation.
  • Open port and service enumeration.
  • Directory and file discovery.
  • Subdomain enumeration (for domain assets).
  • Technology stack fingerprinting.

Note

Full Scans take longer to complete. Schedule them during off-peak hours for production assets to minimize any potential performance impact.

When to use: Initial assessment of new assets, periodic comprehensive reviews, compliance audits.

Light Scan

The Light Scan performs a quick and limited security check on your verified assets. It provides rapid insights into any immediate security issues without the depth of a full scan.

How it works:

  1. Select Light Scan as the scan type.
  2. Select your verified asset from the dropdown.
  3. Click Next to start.

When to use: Daily health checks, post-deployment verification, quick validation after remediation.

Crawl Only

The Crawl Only scan uses AI-powered web crawlers to find and list all visible URLs and user input fields on your website. This scan does not identify vulnerabilities but maps out your web structure.

How it works:

  1. Select Crawl Only as the scan type.
  2. Select your verified asset from the dropdown.
  3. Click Next to start.

What it discovers:

  • Page and URL discovery through link following.
  • JavaScript rendering and SPA crawling.
  • Form discovery and parameter enumeration.
  • Hidden directory and file detection.
  • API endpoint discovery from JavaScript source code.

When to use: Attack surface mapping, discovering forgotten endpoints, pre-scan reconnaissance.

Guided Scan Flow

All scans are launched from Scans > Start > Guided in the left sidebar. The guided wizard walks you through the scan setup in steps:

For Full Scan:

  1. Select Scan Type -- Choose Full Scan.
  2. Select Asset -- Pick a verified asset from your inventory.
  3. Service Checker -- Review detected services. If none are found, run a Top 10 or full TCP port discovery, or choose default ports only (80 and 443). If services are listed, those ports are the targets for service-based scanning in the upcoming Full Scan.
  4. Select Categories -- Choose which scan categories to include (the wizard lists categories, not individual tools).

For Light Scan and Crawl Only:

  1. Select Scan Type -- Choose the scan type.
  2. Select Asset -- Pick a verified asset from your inventory.

For Single Scan:

  1. Select Scan Type -- Choose Single Scan.
  2. Enter Target -- Provide the URL, IP, or domain directly.
  3. Select Tool -- Choose the specific scan tool to run.

Choosing the Right Scan Type

Do you need comprehensive coverage?
  Yes --> Full Scan
  No  --> Do you need a quick health check?
            Yes --> Light Scan
            No  --> Do you just want to map the attack surface?
                      Yes --> Crawl Only
                      No  --> Single Scan (targeted check)

What's Next?

Dashboard Overview Creating Scans