Tools and Scans
Technical documentation, guides and FAQs related to our tools and scanners.Frequently Asked Questions
Can’t find a scan
The scan is there. Just allow yourself to see it.
Stop scan doesn’t work
Never let a frozen scan get in your way! Contact Support right away!
Will the tests overload my server?
Calibrate your expectations the way we calibrated our scanners
How long does a scan take?
Don't endlessly watch the clock while a particular scan is running.
Managing your scans
Scans may be the center of all the other features we offer. Knowing how to handle them is a must.
Reconnaissance
Can you find all subdomains?
We don't make impossible promises. Unless they are not impossible anymore. It depends on your accessibility level to the DNS server.
Google Hacking isn’t working
Analyzing parameters is the key.
Web Application Testing
How to configure the Website Scanner
Looking for vulnerabilities in your web application? Let Website Scanner do that for you! In this article, we explain all the features and options available to help you make the finest vulnerability reports.
What tests are performed by Website Scanner?
The complete list of tests performed by the website vulnerability scanner with details on how each test works.
SAST vs DAST
Static Application Security Testing (SAST) vs Dynamic Application Security Testing (DAST)
Target URL is not accessible. Please try a different URL.
Pay attention to URL's, as they might trick you!
Can’t perform authenticated website scan
Authenticated website scanner can fail if you are not using the right method for your specific target login method.
Network Infrastructure Testing
Scanner didn’t find any open ports
Things are not always what they seem - The host may have open ports, even if the scanner does not see it that way. Expanding the search or whitelisting our scanner IPs might solve the problem.
Which ports are included in the default TCP and UDP port lists?
Our TCP Port Scanner, UDP Port scanner, and Network Vulnerability Scanner let you select between several common port lists, a specific port range, or a custom port list. See here what ports are actually being scanned, depending on which option you select.
How to set up the Network Scan port range?
Go default, specify the range or provide a list? - You choose.
Offensive Tools
How to use XSS Exploiter
A fast and easy way to obtain Proof of Concept for your detected XSS.
Authenticated Scanning
How to perform Automatic Authentication with Website Scanner
The Automatic Authentication Method allows the user to make an authenticated scan by having a valid pair of credentials in the target application.
How to setup Recorded Authentication with Selenium
Recorded or Recording-Based Authentication is a newly added method that can help you when scanning websites with a non-standard authentication.
How to perform Cookie Authentication with Website Scanner
The Cookies Authentication Method allows the user to make an authenticated scan by having a valid cookie header in the target application.
How to get the Session Cookie
In order to perform an authenticated scan with the Cookies or Headers methods, you will need to obtain the session cookie.
How to perform Headers Authentication with Website Scanner
The Headers option allows the user to make an authenticated scan by having valid headers in the target application.