Getting Started

It is easy to get started with Scanner.

Open the tool and enter a target URL. Configure the Scope and testing Engine options. Visit the Scheduler tab for additional configuration options.

Once you are happy with the setup, click "Lock target" and then "Start" to start the scanning process. The current task can be paused, resumed and stopped from the progress bar.

Both "Report" and "Table" tab contain information about the currently discovered vulnerabilities. Technical details such as the attack and the actual request used to detect the vulnerability are provided. Some types of vulnerabilities such as SQL Injection, Cross-site Scripting and many others can be manually re-tested with Rest and Fuzzer. Expand the variants section and click the app menu to access options.

In the "Transactions" view you can see exactly what the tool is doing. All requests and responses are listed and available for preview, filtering and further exploration. Each item in the transaction viewer contains test information such as the payload used for the test and the exact location where the payload was used. Individual transactions can be opened in other tools such as Rest and Fuzzer.

If you need to repeat the test using the current configuration option, use the Fork feature. You can also use the Projects feature to save your progress.