Defining Target Scope¶
New in v0.9.0: In the event you’re scanning a single ip address or host, simply use --target
. It accepts a single target and works in conjunction with --exempt-list
if specified.
[db-1] recon-pipeline> scan HTBScan --target 10.10.10.183 --top-ports 1000
...
In order to scan more than one host at a time, the pipeline needs a file that describes the target’s scope to be provided as an argument to the –target-file option. The target file can consist of domains, ip addresses, and ip ranges, one per line.
In order to scan more than one host at a time, the pipeline expects a file that describes the target’s scope to be provided as an argument to the --target-file
option. The target file can consist of domains, ip addresses, and ip ranges, one per line. Domains, ip addresses and ip ranges can be mixed/matched within the scope file.
tesla.com
tesla.cn
teslamotors.com
...
Some bug bounty scopes have expressly verboten subdomains and/or top-level domains, for that there is the
--exempt-list
option. The exempt list follows the same rules as the target file.
shop.eu.teslamotors.com
energysupport.tesla.com
feedback.tesla.com
...