Skip to main content

Target definition

A target in Invicti Platform refers to any web asset you want to scan for security vulnerabilities—this includes websites, APIs, web applications, servers, and network devices. To perform a security scan, you must first add the asset as a target. Typically, one target license is required per domain or web application.

Configure target settings page.

Licensing rules for targets

When determining how targets are counted for licensing, the following rules apply:

tip

For more information about managing your license usage and viewing FQDN consumption, refer to License management.

  • localhost and 127.0.0.1 consume 1 licensed target
  • example.com and www.example.com together consume 1 licensed target
  • The protocol (http vs. https) does not affect target count and consumes 1 licensed target
  • Subdomains are considered separate targets: for example, www.example.com and api.example.com consume 2 licensed targets
  • Different paths within the same domain consume 1 licensed target: for example, example.com and example.com/blog/
  • Different ports for the same domain consume 1 licensed target: for example, example.com:8080 and example.com:8888
  • Invicti test sites with Demo status (visible in Settings > License > Licensed FQDNs used drawer) don't consume any target licenses; for example, vulnweb.com

Target variations and licensing

Target variations refer to different configurations of the same FQDN. You can create multiple variations such as:

  • http://example.com
  • https://example.com
  • http://www.example.com
  • https://www.example.com
  • http://example.com/blog
  • http://example.com:888
  • http://example.com:777

All these variations are going to use only one licensed FQDN.

Important licensing behavior:

  • Invicti doesn't immediately count targets against your license when you add them
  • You can remove a target without penalty if you make a mistake in the address
  • Invicti counts a target as licensed only after you scan it

Subdomain licensing rules

Invicti counts each subdomain as a separate FQDN, with the exception of www:

  • http://www.example.com and http://api.example.com use 2 licensed targets
  • invicti.com:80 and invicti.com:443 count as 1 licensed target
  • invicti.com/home and invicti.com/site count as 1 licensed target

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?