Skip to main content

Scan Modes

AIPTx offers different scan modes optimized for various use cases. Choose the right mode based on your time constraints and depth requirements.

Available Modes

ModeDurationCoverageBest For
Quick15-30 minSurface-levelPre-deployment checks, CI/CD
Standard1-4 hoursComprehensiveRegular security assessments
Deep4-24 hoursExhaustiveCompliance audits, annual pentests

Quick Mode

Quick mode performs a rapid assessment focusing on critical vulnerabilities. 
aiptx scan https://example.com --mode quick

What’s Tested

  • OWASP Top 10 vulnerabilities
  • Known CVEs in detected technologies
  • Basic authentication flaws
  • Common misconfigurations
  • SSL/TLS issues

When to Use

CI/CD Pipeline

Run on every pull request to catch obvious issues before merge

Pre-Deployment

Quick sanity check before pushing to production

Limitations

  • Does not test complex business logic
  • Limited fuzzing iterations
  • May miss deeply nested vulnerabilities

Standard Mode

Standard mode provides comprehensive coverage suitable for most use cases. 
aiptx scan https://example.com --mode standard

What’s Tested

Everything in Quick mode, plus:
  • Full OWASP testing methodology
  • Business logic vulnerabilities
  • Authentication and session management
  • Access control testing (IDOR, privilege escalation)
  • API security testing
  • File upload vulnerabilities
  • Server-side request forgery (SSRF)

When to Use

Regular Assessments

Monthly or quarterly security testing

New Feature Releases

Before launching significant new functionality

Configuration

aiptx scan https://example.com \
  --mode standard \
  --type web \
  --auth-type bearer \
  --auth-token "your_token"

Deep Mode

Deep mode performs exhaustive testing suitable for compliance requirements. 
aiptx scan https://example.com --mode deep

What’s Tested

Everything in Standard mode, plus:
  • Extended fuzzing with thousands of payloads
  • Race condition testing
  • Complex multi-step attack chains
  • Advanced injection techniques
  • Cryptographic weakness analysis
  • Source code pattern matching (if available)
  • Full API endpoint enumeration

When to Use

Compliance Audits

SOC 2, ISO 27001, PCI-DSS assessments

Annual Pentests

Comprehensive yearly security review

Resource Considerations

Deep mode generates significantly more traffic to your target application. Ensure your infrastructure can handle the load, or consider running during off-peak hours.
# Schedule deep scan for off-peak hours
aiptx scan https://example.com \
  --mode deep \
  --schedule "2024-01-15T02:00:00Z"

Scan Types

In addition to modes, you can specify the type of scan:

Web Application Scan

aiptx scan https://example.com --type web
Tests browser-based applications including:
  • Frontend vulnerabilities (XSS, DOM manipulation)
  • Form submissions
  • Client-side validation bypass
  • Cookie security

API Scan

aiptx scan https://api.example.com --type api --openapi ./spec.yaml
Tests API endpoints including:
  • REST, GraphQL, gRPC protocols
  • Input validation
  • Authentication/Authorization
  • Rate limiting
  • Data exposure

Network Scan

aiptx scan 192.168.1.0/24 --type network
Tests network infrastructure including:
  • Open ports and services
  • Service version vulnerabilities
  • Network misconfigurations
  • Internal service exposure

Full Scan

aiptx scan https://example.com --type full
Combines web, API, and network scanning for complete coverage.

Comparison Matrix

FeatureQuickStandardDeep
OWASP Top 10FullFullFull
Business LogicBasicFullExhaustive
Authentication TestingBasicFullAdvanced
Fuzzing Iterations1001,00010,000+
Race ConditionsNoBasicFull
Attack ChainsNoBasicAdvanced
Compliance ReportsBasicFullFull
Estimated Duration15-30m1-4h4-24h

Choosing the Right Mode

Start with Standard mode for your first scan to establish a baseline, then use Quick mode for ongoing CI/CD integration and Deep mode for periodic comprehensive assessments.