# Target Groups

A Target Group is one or more targets on which a pentest can be applied. These can be concrete IP addresses, the detected Asset Discovery of a Watchdog or Endpoints. After you have defined a Target Group, you can create an [Audit Definition](/docs/manual/english/operation/platform/penetration-testing/templates.md)[ ](/docs/manual/english/operation/platform/penetration-testing/templates.md)and start the penetration test.

Use the search bar to display the desired entries.

<figure><img src="/files/XjcMopxBku9S7WeZTruJ" alt=""><figcaption></figcaption></figure>

## Create Target System

To create a Target Group, click 'Add Target Group' in the top right corner. Select a meaningful name and a description that sufficiently describes the targets. After that you can either **manually add IP addresses**, specify targets from one of your **Watchdogs** or select created **endpoints**. Then click on 'Add Target Group' to define a target for the Hacktor.

{% hint style="danger" %}
A **maximum of 2048 targets (IP addresses)** can be scanned in a single audit, regardless of whether the targets are reachable or not. If you start an audit on a target system that contains more than 2048 IP addresses, the remaining IP addresses are discarded and only the first 2048 are processed.
{% endhint %}

## Specify IP ranges

In principle, you can also specify IP ranges.

{% hint style="danger" %}
Check first whether it does not make more sense to use the watchdog's [inventory](/docs/manual/english/operation/platform/discoveries.md) as the basis for the pentest. A pentest over an IP range takes much longer, since the hacktor pings every IP address. You will also get many offline targets in the results, since in most cases only small parts of the network are used.

Also, note that a maximum of 2048 IP addresses are scanned in a common audit, regardless of whether the targets are reachable or not. If you start an audit on a target system that contains more than 2048 IP addresses, the remaining IP addresses are discarded and only the first 2048 are processed.
{% endhint %}

| Syntax                            | Example           | Description                  |
| --------------------------------- | ----------------- | ---------------------------- |
| \[] . \[] . \[] . \[] / \[]       | 192.168.178.0/30  | Specify a subnet mask.       |
| \[] . \[] . \[] . \[] - \[]       | 192.168.178.12-16 | Specify a sequence.          |
| \[] . \[] . \[] . \[] , \[]       | 192.168.178.30,45 | Specify a series.            |
| \[] . \[] . \[] , \[] . \[] - \[] | 192.168.5,8.10-12 | Combine series and sequence. |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enginsight.com/docs/manual/english/operation/platform/penetration-testing/target-groups.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.