how tointermediateReviewed May 18, 2026

Internal CIDR targets

Add private subnets or internal hosts for private-runner assessment.

What to add

If you want the pentester to assess internal network machines, add the subnet or host CIDR to the scope. The private runner can only assess internal systems that are in scope and reachable from where the runner is deployed.

Examples

10.0.0.0/24
10.20.30.15/32
172.16.5.0/24
192.168.10.0/24

Requirements

A private runner is deployed inside a network that can reach the CIDR.
The runner is online.
The runner is attached to the scope.
The run uses private runner execution.
Rules of engagement include rate limits, windows, exclusions, and impact limits.

Cloud execution does not scan private ranges

Private and reserved network ranges are intended for private-runner execution. Add the CIDR and attach an online runner before starting internal network testing.

Internal network and machine pentesting
Deploy a private runner

What to add

Examples

Requirements

Cloud execution does not scan private ranges

Related articles