FAQs
      Back to home
      1. Knowledge Base
      2. FAQs

      Attaxion Scanning modes: Passive and Active

      Attaxion has two different scanning modes—Active and Passive. Active scanning allows you to find more assets as well as vulnerabilities while passive scanning is stealthier but only limited to asset discovery.

      The Attaxion scanner supports two scan modes—Active and Passive. The scan mode determines which discovery utilities the Attaxion scanner will use. 

      The default scan mode is active, but you can switch between the different modes to optimize the scanning to your needs. You may also turn off the scanner if you need to pause scanning for all your assets or for certain assets only.

      Different Types of Scanning Profiles

      active-and-passive-modes-info

      Passive Scanning

      Passive scanning includes the following scanning methods:

      • WHOIS Lookup
      • Passive Subdomains Lookup
      • Reverse DNS Lookup
      • Reverse WHOIS Lookup
      • IP Geolocation Lookup
      • IP Netblocks Lookup
      • Cloud Providers Scanner
      • DNS Lookup

      In passive mode, the Attaxion scanner doesn't discover open ports, SSL certificates, or vulnerabilities, limiting the discovered asset types to subdomains, IPs, CIDRs, and emails. This method is unlikely to trigger an organization's intrusion detection system and other defensive solutions.

      However, because no vulnerability data is retrieved in passive mode, the Total score on the Dashboard menu will be 0 (i.e., information unknown).

      In addition to all methods employed in passive scanning, active scanning relies on the following discovery tools:

      • Vulnerability Scanner
      • Web Crawler
      • Active Subdomains Scanner
      • SSL Lookup
      • Port Scanner
      • Screenshot Lookup

      This type of scanning discovers ports and scans for vulnerabilities, as well as adds additional methods for subdomain enumeration. Intrusion detection systems are much more likely to easily detect active scanning.

      How to Switch Between Scanning Modes in Attaxion

      To switch from one scanning mode to another, click your account name in the upper-right window. On the General tab, scroll down until you find the Global scanner settings.


      From there, you can choose between Active and Passive mode by clicking the respective buttons.

      Global scanner settings (1)

      The setting will be applied immediately to all your assets without having to save or confirm anything.

      Choosing the Scanning Mode for Assets Individually

      Attaxion allows you to set scanning modes on a per-asset basis. That means that the scanner can have one global mode, but some assets may have different scanning modes.

      To change the scanning mode for an asset, open its Asset details window by clicking the asset name. Click Actions from the top-right corner and select Update scanner settings from the drop-down menu.

      1 (2)

      There are four options—Disabled, Inherit, Passive, and Active. Inherit is the default mode, meaning the asset’s scanning mode will be the same as its root asset. Disabled will exclude the asset from scanning.

      Click your preferred mode to instantly change the scanning mode for the specific asset.