Step 1 — Add a target
- Go to Targets in the left navigation.
- Click + Add target in the top-right corner.
- Enter the domain, subdomain, or IP address you want to scan.
- Choose the target type:
- Infrastructure — use for IP addresses, mail servers, and network-level assets. Topscan checks open ports, services, and network-level vulnerabilities.
- Web Application — use for websites and web apps. Topscan performs web-specific checks: exposed paths, HTTP misconfigurations, outdated web software, and more.
- Optionally add tags to organize targets by team, environment, or project.
- Save the target.
Tip: Not sure which hosts you own? Use Discovery to automatically find subdomains and related assets from a root domain, then add them as targets in one click.
Step 2 — Run a scan
Once your target is saved, you're ready to scan.
- Click New scan — the button is always visible in the top-right corner of the app.
- Select the target(s) you want to scan.
- Choose the scan type:
- Fast — covers the most common and critical checks. Completes in minutes.
- Deep — comprehensive scan across all available checks. Takes longer but finds more.
- Click Run scan.
The scan will appear under Scans → In progress. You'll see a progress bar and estimated time remaining.
Step 3 — Review the results
When the scan completes, it moves to Completed scans on the Scans page.
- Go to Issues to see all findings across your workspace, ordered by severity.
- Click any issue to see:
- Severity and CVSS score
- Affected target and specific location
- CVE references (where applicable)
- Remediation advice
- Issues marked Overdue have exceeded their SLA deadline and are affecting your Security Score.