Workflow: Running a Scan#
Goal#
Execute a security scan against a verified and authorized domain to discover its attack surface and detect vulnerabilities.
Prerequisites#
- A domain that has been onboarded, verified, and authorized.
- Remaining monthly scan quota (check with your admin if unsure).
Steps#
1. Navigate to Scans#
Click Scans in the main navigation bar.
2. Click "New Scan"#
Click the New Scan button.
3. Select the Target Domain#
Choose the domain you want to scan from the dropdown. Only verified and authorized domains are listed.
4. (Optional) Select a Scan Template#
If you want to associate a scan template:
- Browse the available templates (8 built-in system templates + any custom templates).
- Select the template that matches your assessment type (e.g., "Web App Security", "API Security").
- The template is linked to the scan for tracking purposes.
You can also click Get AI Suggestions to let the AI recommend the most relevant templates based on the domain name.
5. Start the Scan#
Click Start Scan. The scan is created with status queued and enters the processing queue.
6. Monitor Progress#
Navigate to the scan detail page (click the scan row in the list). Monitor:
- Status bar — shows the current pipeline phase (Discovery, Surface Mapping, Vulnerability Scanning, etc.).
- Event Timeline — real-time feed of events as the scan progresses:
- "Discovery started — enumerating subdomains"
- "15 subdomains discovered"
- "WAF detected — switching to stealth profile"
- "Surface mapping started — probing 15 targets"
- "42 live endpoints mapped"
- "Vulnerability scan started"
- "23 findings detected"
- "Scan completed"
7. Review Results#
Once the scan status transitions to done:
- Hosts tab — review discovered hosts (hostname, IP, port, TLS status, HTTP status).
- Endpoints tab — review discovered HTTP paths (with risk scores and forgotten-endpoint flags).
- Findings tab — review security vulnerabilities sorted by severity.
- Reports section — download PDF or JSON reports.
8. (Optional) Cancel a Running Scan#
If you need to stop a scan mid-execution:
- Open the scan detail page.
- Click Cancel Scan.
- The scan transitions to
canceled. Partial results from completed phases are retained.
Expected Outcome#
A completed scan with:
- Full host and endpoint inventory.
- Security findings with severity, risk scores, and drift labels.
- PDF and JSON reports ready for download.
- Integration events dispatched (if configured).
- Risk summary contributed to dashboard trends.
Common Issues#
| Issue | Cause | Resolution |
|---|---|---|
Scan stays in queued |
Another scan is currently running | Wait for the current scan to complete; scans process one at a time |
| Scan fails during Discovery | Target domain doesn't resolve | Verify the domain is live and DNS is configured |
| Scan fails during Surface Mapping | Target is unreachable from SilentBolt | Check that the domain is publicly accessible |
| WAF blocks scan | WAF detected aggressive scanning | SilentBolt auto-downgrades to stealth; if still blocked, contact support |
| No findings detected | Target has no detectable vulnerabilities | This is a valid result — no issues found |
| Scan quota exceeded | Monthly scan limit reached | Contact admin or upgrade subscription |
| Scan times out | Very large domain with many subdomains | Consider contacting support for optimization guidance |