Selecting what to scan

New scan page — top section with Scan name, Select target, and Select tag fields.

You can scan by target or by tag:

  • Select target — pick one or more specific targets from your list.
  • Select tag — scan all targets that carry a given tag. Useful for scanning a whole environment (e.g. "production") in one click.

You can combine both: select individual targets and a tag in the same scan.

Optionally give the scan a name to make it easier to find in the Completed scans list later.

What will run

New scan page — the Summary block listing what will run for the selected targets, with the "Deep web application testing" toggle below it.

You don't pick a scan type manually — Topscan chooses the right checks from each selected target's type. The Summary block shows exactly what will run before you start:

  • Web Application targets → Port scan + Web application security testing
  • Infrastructure targets → Port scan + network-level vulnerability checks (open ports, service versions, known CVEs for the detected software)

Deep web application testing

For web targets you can turn on Deep web application testing — active OWASP Top 10 checks (SQL injection, XSS, SSRF, CSRF, and more).

  • It crawls the application and sends real attack payloads, so run it in off-hours or against a staging environment.
  • It can take up to 3 hours per target.
  • With the toggle off, the scan runs in its faster standard mode (shown as Fast in the Completed scans list).

Starting the scan

Click Run scan. The scan will appear immediately under Scans → In progress.

What's next