Attaxion has two different scanning modes that employ different sets of asset discovery methods. Active allows you to find more, while passive is the more stealthy option.
Attaxion scanner supports two scan modes: Active and Passive. The scan mode determines which analysis utilities Attaxion scanner will use. You can switch between different scan modes to optimize the scanner for your needs.
The default scan mode is active.
Different Types of Scanning Profiles
Passive Scanning
Passive scanning includes 7 different scanning methods:
- WHOIS Lookup
- Passive Subdomains Lookup
- Reverse DNS Lookup
- Reverse WHOIS Lookup
- IP Geolocation Lookup
- IP Netblocks Lookup
- Cloud Providers Scanner
- DNS Lookup
- Screenshot Lookup
In passive mode, Attaxion scanner doesn’t discover open ports or vulnerabilities, limiting the discovered asset types to domains and subdomains. This method is extremely unlikely to trigger intrusion detection systems or other defensive means of an organization.
Also, because no vulnerability data is retrieved, the Total score on the Dashboard menu will be 0 (i.e., information unknown).
Active Scanning
In addition to all methods employed in the passive scanning, Active scanning relies on the following discovery tools:
- Vulnerability Scanner
- Web Crawler
- Active Subdomains Scanner
- SSL Lookup
- Port Scanner
This type of scanning allows to discover ports and scan for vulnerabilities, as well as adds additional methods for subdomain enumeration. Active scanning is much easier to detect by an intrusion detection system.
How to Switch Between Scanning Modes in Attaxion
If you want to switch from one scanning mode to another, in the Attaxion app interface, go to “Account” in the bottom of the menu on the left.
There, under the “General” tab you will find “Scanner settings” with a 2-position switch, allowing you to choose between Active and Passive scanning. The setting is applied immediately, no need to save anything.
