Acunetix Web Vulnerability Scanner Command Line Operation

This post describes the command line options for the Acunetix WVS Scanner and the Acunetix WVS Reporter.

Acunetix WVS Scanner

Introduction

Acunetix WVS can be launched from command prompt, allowing you to automate specific scans. Command line operation is done via the Acunetix WVS Console Scanner.

The Acunetix WVS Console Scanner is installed with Acunetix WVS and can be accessed from the default installation directory of the application. The default location of the WVS Console scanner is:

C:\Program Files\Acunetix\Web Vulnerability Scanner 8\wvs_console.exe

If the executable is run without parameters, usage information is presented together with all the details of every parameter and option for quick reference.  For further help with using the Scanner console, use the /? switch.

Note: In 64 bit operating systems Acunetix WVS is installed in the ‘Program Files (x86)’ directory.

WVS Console Scanner Command Line Parameters

The Acunetix WVS Console Scanner supports most of the graphical user interface options.  It allows the same degree of customization and flexibility via a set of command line parameters:

ParameterDescription
/scanScans a single website.
Syntax:
/scan [url]
Example:
/scan //testphp.vulnweb.com
/crawlCrawls a single website.
Syntax:
/crawl [url]
Example:
/crawl //testphp.vulnweb.com
/scanfromcrawlStarts a scan from a saved crawl.
Syntax:
/scanfromcrawl [path and file name]
Example:
/scanfromcrawl c:\crawl\sitecrawl.cwl
/scanwsdlStarts a web services scan.
Syntax:
/scanwsdl [wsdlurl]
Example:
/scanwsdl //testaspnet.vulnweb.com/acuservice/service.asmx?WSDL
/profileUses specified scanning profile during the scan.
Syntax:
/profile [profile name]
Example:
/profile default
/SettingsUses specified scan settings template during the scan.
Syntax:
/settings [Template name]
Example:
/settings test
/loginseqUses specified login sequence during the scan.
Syntax:
/loginseq [filename]
Example:
/loginseq testphp_seq
/saveSaves scan once scan is finished. The file will be saved in the location specified by the “/savefolder” switch.
Syntax:
/save
/savefolderSpecify the folder were all the scans and other scan related files will be saved.
Syntax:
/savefolder [directory]
Example:
/savefolder C:\Acunetix\Scans
/GenerateZIPCompress all the saved scan data into a zip file.
Syntax:
/GenerateZIP
/exportxmlExports scan results to XML file. The file will be saved in the location specified by the “/savefolder” switch.
Syntax:
/exportxml
/exportavdlExports results as AVDL format. The file will be saved in the location specified by the “/savefolder” switch.
Syntax:
/exportavdl
/savetodatabaseSaves scan results to reporting database. If this option is not specified, reports cannot be generated after the scan unless scan results are manually imported to reporting database.
Syntax:
/savetodatabase
/savelogsSaves scan log files to the non-default location. The file will be saved in the location specified by the “/savefolder” switch.
Syntax:
/savelogs
/sendmailSends an email alert that the scan is finished to the user using the details configured in the scheduler settings.
Syntax:
/sendmail
/verboseEnables verbose mode; the log file entries will also be displayed in the command line window.
Syntax:
/verbose
/PasswordApplication password if user interface password is enabled. Password can be enabled from the Application settings > General node.
Syntax:
/Password [password string]
Example:
/Password TestPass123!

WVS Console Scanner Command Line Options

OptionDescription
--GetFirstOnlySpecifies to get the first URL only.
Syntax:
--GetFirstOnly=[true | false]
--RestrictToBaseFolderSpecifies if crawler should fetch anything above start directory.
Syntax:
--RestrictToBaseFolder=[true | false]
--FetchSubdirsSpecifies if the crawler should fetch files discovered in sub directories below base directory.
Syntax:
--FetchSubdirs=[true | false]
--ForceFetchDirindexSpecifies if the crawler should fetch directory indexes even if not linked.
Syntax:
--ForceFetchDirindex=[true | false]
--htmlauthuserSpecify the username to the used for Form-Based Authentication
(not suitable for HTTP Authentication)
Syntax:
--htmlauthuser=[USERNAME]

Notes:
The htmlauthuser and htmlauthpassword options can be used as an alternative to the login sequence files for sites using simple form based authentication. In this case, when a login form is found by DeepScan, Acunetix will use the credentials provided. The logout actions and session detection are also identified automatically.

• Auto-login can only be done on forms which have one username and one password field.
• The auto-login feature will fill all checkboxes on the form (they will be checked)
• If the login form includes drop down lists (comboboxes), the default value is used when submitting the form.
• Hidden values embedded in the form are submitted automatically, thus making it possible to login even when there is a CSRF token present.
• Currently, auto-login does not support login forms which are dynamically built using JavaScript. The login form must be present on the page in the HTML code for it to work.
--htmlauthpassSpecify the password to the used for Form-Based Authentication
(not suitable for HTTP Authentication)
Syntax:
--htmlauthpass=[PASSWORD]
--RobotsTxtRetrieves and processes robots.txt and sitemap.xml during crawl to discover more links.
Syntax:
--RobotsTxt=[true | false]
--CaseInsensitivePathsSpecifies if the crawler should cater for case insensitive / sensitive paths.
Syntax:
--CaseInsensitivePaths=[true | false]
--UseCSAEnable Client Script Analyzer engine to analyze JavaScript and other client side scripts during crawling. For all kind of web 2.0 applications this option should always be enabled.
Syntax:
--UseCSA=[true | false]
--scanningModeSpecify which scanning mode to use for this scan. Options available are Quick, Heuristic or extensive.
Syntax:
--scanningMode=[Quick | Heuristic | Extensive]
--TestWebAppsInAllDirsTests for well-known web applications vulnerabilities in all directories. Enable only if popular web applications are installed on the target website, such as Wordpress, Joomla etc.
Syntax:
--TestWebAppsInAllDirs=[True | False]
--ManipHTTPHeadersManipulate HTTP headers during scan.
Syntax:
--ManipHTTPHeaders=[True | False]
--UseAcuSensorEnable AcuSensor technology for this scan. AcuSensor Technology sensor files must be installed on the target website.
Syntax:
--UseAcuSensor=[True | False]
--EnablePortScanningPort scan target and run network alerts tests against target during web security scan.
Syntax:
--EnablePortScanning=[True | False]
--UseSensorDataFromCrawlYou can specify to use the AcuSensor data from a saved crawl to proceed with scan or to re-crawl the target.
Syntax:
--UseSensorDataFromCrawl=[Yes | No | Revalidate]

Note: The only mandatory parameter is the scan URL. If no parameter is specified, the default settings will be used for the scan.

If the target website uses HTTP authentication, HTTP credentials can also be specified in the Configuration > Settings > Application Settings > HTTP Authentication node in the Acunetix WVS user interface. Since with every set of HTTP credentials, you also have to specify the URL, such credentials will be used automatically during command line scans.

Acunetix WVS Reporter

The Acunetix WVS Console Reporter is installed with Acunetix WVS and can be accessed from the default installation directory of the application. The default location is:

C:\Program Files\Acunetix\Web Vulnerability Scanner 8\reporter_console.exe

For WVS console Reporter help, use the ‘/?’ switch.

Note: In 64 bit operating systems Acunetix WVS is installed in the ‘Program Files (x86)’ directory.

WVS Reporter Command Line Options

OptionDescription
/v or /ViewView a *.pre format report in the Acunetix reporter.
Syntax:
/v [report]
Example:
/v c:\report.pre
/o or /OutputThe destination path where the generated report should be saved and the filename of the report.
Syntax:
/o [report name]
Example:
/o c:\reports\report
/r or /ReportSpecify the report template to use for generating the report. Available report templates:
WVSComplianceReport.rep: Compliance report.
WVSDeveloperReport.rep: Developer report.
WVSScanCompare.rep: Scan comparison report.
WVSSingleScan.rep: Detailed Scan report.
WVSSingleScanExecutive.rep: Executive Summary
WVSVulnGroupTrends.rep: Monthly Vulnerabilities report.
Syntax:
/r [report template]
Example:
/r WVSDeveloperReport.rep
Note: For Compliance reports, one must use the /r option in conjunction with the /k option described below.
/k or /KindThis parameter may be used only for compliance type reports. In fact, such parameter should only be used when the /r or /Report switches are set to WVSComplianceReport.rep.
CWE.xml
HIPAA.xml
NIST_SP800_53.xml
OWASP_Top_10_2004.xml
OWASP_Top_10_2007.xml
OWASP_Top_10_2010.xml
PCI.xml
PCI12.xml
PCI20.xml
Sarbanes_Oxley.xml
STIG_DISA.xml
WASC_Threat_Classification.xml
To see a list of compliance templates available, run the following command ‘reporter_console.exe /?’ in the command prompt.
Syntax:
/r WVSComplianceReport.rep /k [compliance type template]
Example:
/r WVSComplianceReport.rep /k PCI12.xml
/p or /PasswordApplication password if user interface password is enabled. Password can be enabled from the Application settings > General node.
Syntax:
/p [password]
/c or /ConsoleDo not load Acunetix Reporter user interface. If this option is not specified, by default the user interface of the Acunetix Reporter will automatically pop up.
Syntax:
/c
/a or /ActionSpecify the file type in which the generated report should be exported to. File types available:
PDF, RTF, HTML, REP (Acunetix WVS proprietary format).
Syntax:
/a [format type]
Example:
/a PDF
/p or /ParametersFor each type or report template, there are different parameters. If no parameters are specified, the default parameter settings will be used. To specify the parameters to be passed to the reporter, us the “name=value” format delimited by “;”. To find out what parameters are available for each type report template, use the following syntax:
Reporter_console.exe /r [ReportTemplate] /?
Syntax:
/r [report template] /p [parameter=True/False]
Usage Example:
/r WVSSingleScan.rep /p "ShowHTTP=False "
/t or /TargetScan identifiers from the database to use as a report source. From the Acunetix WVS reporter, in the Configuration > WVS Database node, you can find the ID for each scan stored in the reporting database. The identifier can be one integer for single target template, two integers for comparison templates delimited by “;”. Can also be omitted for reports without specific scan target. For single scan templates, you can use “last” as target to indicate the last saved scan from the database.
Syntax:
/t [report ID]
Example:
/t 24

Leave a Reply


*

  1. Pingback: Acunetix Web Vulnerability Scanner Command Line Operation | Site Shielder

  2. Emilio

    Hi, I have tryed to use the command line version of Acunetix but it didnt respect my profile parameter.
    I used this command wvs_console.exe /Savefolder c:\log /exportxml /profile Custom /scan //www.aaa.com
    and the output is
    Acunetix WVS v7 console application
    ————————————
    Scanning “//www.aaa.com” …
    Profile : Default

    It uses the Default profile every time. I would like to know if my command line parameter is wrong.

    Regards,
    Emilio

    July 8, 2013 at 1:29 pm Reply
    • Hi,

      The command you using seems to be valid. Are you able to upgrade to the latest version of Acunetix WVS? It would be difficult to provide further information on an older version.

      July 8, 2013 at 4:40 pm Reply
  3. vinil

    i have my pages generated based on the details of previous page details .
    how the page that precede previous page can be scanned without having the details of it.
    example:-
    //www.example.com/passenger details
    //www.example.com/passenger detils/creditcarddetails–how this can e scanned without previous one

    July 31, 2013 at 5:24 am Reply
    • Chrysostomos Daniel

      Hi there

      In order to restrict the scan on a particular directory, for instance,

      //testphp.vulnweb.com/hpp/,

      then you should add a forward slash (‘/’) at the end of the URL path.

      Please elaborate further on your query if the above is not what you were asking.

      July 31, 2013 at 1:49 pm Reply
  4. Atul

    Hi can u tell me how to execute loginseq command on cmd i tried but not getting they specified loginseq filename so will i need to put the path of file in which i stored my user name and password please help me………………………….

    December 17, 2013 at 11:26 am Reply
    • Hi,

      You cannot create a login sequence file from command line. This will need to be created beforehand and specified using the /loginseq parameter.

      For simple sites, you can try using the –htmlauthuser and –htmlauthpass command line options. Acunetix will detect the login form and use the credentials supplied. It will also try to auto-manage the session.

      December 19, 2013 at 11:19 am Reply