Scope limitations are primarily determined by the number of Agent Ops available in your account.
Agent Ops define how much testing effort can be applied to a given scope, and larger or more complex scopes naturally require more Agent Ops to test thoroughly.
π‘ Helpful to know
While RedVeil can handle large scopes, we generally recommend splitting extremely large scopes into multiple tests for the best experience and most reliable results.
For web application testing
Testing a large number of web applications - especially with authentication - within a single test may take longer to complete and can make results harder to interpret, even though it may still complete faster than traditional manual testing.
Breaking large application scopes into smaller, focused tests helps ensure:
Clearer results
Better coverage per application
Easier validation and remediation
For external network testing
If you are testing a large network range, we recommend avoiding very large CIDR scopes where possible.
For example, if your scope is larger than a /24, consider:
Providing a list of known active IPs, or
Splitting the larger range into smaller CIDR blocks (for example, splitting a
/23into two/24ranges)
RedVeil only consumes Agent Ops for active IPs detected during testing. However, discovery and enumeration across very large network ranges can take significant time, as RedVeil performs thorough reconnaissance similar to how a real threat actor would approach target discovery.
Need help scoping your test?
If you have a large or complex scope and are unsure how to structure your testing, we encourage you to reach out. Our team is happy to help tailor your testing approach to ensure effective coverage and a smooth testing experience.