Targets list — showing a mix of Infrastructure and Web Application targets in the Type column.

Infrastructure

Use for IP addresses, servers, hosts, and network-level assets.

Best for:

  • IPv4 addresses and IP ranges
  • Mail servers, DNS servers, VPN endpoints
  • Assets you know primarily by IP rather than URL

What Topscan checks:

  • Open ports and exposed services
  • Service versions and known vulnerabilities for those versions
  • Network-level misconfigurations

Web Application

Use for websites, web apps, APIs, and domains.

Best for:

  • Public-facing websites and SaaS products
  • Domains and subdomains (e.g. app.example.com)
  • REST APIs and CMS-based sites

What Topscan checks:

  • Full port scan + version detection
  • Deep vulnerability scanning
  • SSL/TLS certificate issues and exposed services
  • Web application security testing (OWASP-class checks)

Can the same host be both types?

Yes. If a domain is also a server you want to monitor at the network level, you can add it as both an Infrastructure target and a Web Application target. Each will consume a separate license and be scanned independently.

What's next