Domain scan vs ip scan difference

Hi,
could anyone help please, If I want to scan multiple web-sites domains (for example^ domain-name1 com, domain-name2 com…) that are all based on one Ip-adress. Will there be a difference in the result of scanning if I will indicate
in the menu target-> hosts : domain-name1 com, domain-name2 com or target-> hosts : IP-adress. Are there any web-application nvt’s used that will result in different report results?

Or OpenVAS is not an application scanner and no matter how many web-sites with different domain names will be on the target - if they are all on one ip-address the result will be thesame if i just entered that one ip?

https://docs.greenbone.net/GSM-Manual/gos-6/en/scanning.html#scanning-vhosts should give some basic information around this topic / question.

1 Like

Thank you, “The scanner is able to find all relationships of host names and IP addresses without needing additional user input.” so if domain names have one ip it is better to write an ip adress and that will be enough ? otherwise the scanner will begin to perform the same checks for the host? or two diffenet web sites on one ip wil have different checks and result - that’s the main question…?

It really depends on the environment. If the scanner isn’t able to determine the targets hostname (e.g. via a Reverse-DNS lookup or other means) and the target is serving a different web-page when using the IP vs. when accessing it via the hostname you could miss various vulnerabilities in this case.

This should be already explained in the previous linked documentation:

In environments with virtual hosts, the scan reports will have less results because duplicates are avoided.

Some more technical details around this topic are available in the following discussion thread:

1 Like

Thank you!