{% if domain_list %}

Initiating multiple scan for {{ domain_list|length }} targets:

{% for domain in domain_list %} {{domain}} {% endfor %}

{% endif %}

{% csrf_token %}

Choose Scan Engine

Select Scan Engine

{% if custom_engines_count == 0 %}

Tips! You do not have any custom scan engines. Would you like to create your own scan engine? Create Custom Scan Engine

{% endif %} {% include "startScan/_items/scanengine_accordion.html" %}

Import/Ignore Subdomains

Import Subdomains(Optional)

You can import subdomains for {{domain.name}} discovered through your private reconnaissance tools.

Enter one subdomain per line. Subdomains not belonging to {{domain.name}} will be automatically skipped.

Subdomains List {% if subdomains_in %} {% else %} {% endif %}

Out of Scope Subdomains (Optional)

Specify subdomains of {{domain.name}} to exclude from scanning. These subdomains will be omitted from all subsequent scans, including URL discovery and vulnerability assessments.

Enter one subdomain or pattern per line. Both plain text and regex patterns are supported. New

For plain text: admin.example.com

For regex: ^.*outofscope.*\.com$, admin.* etc

Out of Scope Subdomains List {% if subdomains_out %} {% else %} {% endif %}

URL Scope and Exclusions

Starting Point Path (Optional)

{% if starting_point_path %} {% else %} {% endif %} Defines where the scan should begin. Leave blank to scan from the root (/) and include all subdomains.
If a path is provided (e.g., /home), the scan will focus only on that path and its subpaths, skipping subdomain scanning. For example, entering '/home' for {{domain.name}} will scan https://{{domain.name}}/home, but not other parts of {{domain.name}} or its subdomains.

Excluded Paths (Optional)

Enter paths or regex patterns to exclude from the scan. Type a path or pattern and press Enter to add it. Supports both exact path matching and regex patterns. Examples:
• /admin excludes paths starting with '/admin'
• /images/.*\.jpg excludes all .jpg files in the images directory
• /static/(?:css|js)/ excludes all contents of /static/css/ and /static/js/
Common exclusions:
• Static assets: /images/.*, /css/.*

Note: Use regex patterns carefully. While exclusions can speed up scans, be cautious not to exclude critical areas that may contain vulnerabilities. Test your patterns to ensure they match as intended.

{% if domain_ids %} {% endif %}