Acunetix Web Vulnerability Scanner Command Line Operation

This post describes the command line options for the Acunetix WVS Scanner and the Acunetix WVS Reporter.

Acunetix WVS Scanner

Introduction

Acunetix WVS can be launched from command prompt, allowing you to automate specific scans. Command line operation is done via the Acunetix WVS Console Scanner.

The Acunetix WVS Console Scanner is installed with Acunetix WVS and can be accessed from the default installation directory of the application. The default location of the WVS Console scanner is

C:\Program Files\Acunetix\Web Vulnerability Scanner 9.5\wvs_console.exe

If the executable is run without parameters, usage information is presented together with all the details of every parameter and option for quick reference.  For further help with using the Scanner console, use the /? switch.

Note: In 64 bit operating systems Acunetix WVS is installed in the Program Files (x86) directory.

WVS Console Scanner Command Line Parameters

The Acunetix WVS Console Scanner supports most of the graphical user interface options.  It allows the same degree of customization and flexibility via a set of command line parameters:

Parameter Description
/Scan Scans a single website.

Syntax: /Scan [url]

Example: /Scan http://testphp.vulnweb.com

/Crawl Crawls a single website.

Syntax: /Crawl [url]

Example: /Crawl http://testphp.vulnweb.com

/ScanFromCrawl Starts a scan from a saved crawl.

Syntax: /ScanFromCrawl [path and file name]

Example: /ScanFromCrawl C:\Crawl\Sitecrawl.cwl

/ScanWSDL Starts a web services scan.

Syntax: /ScanWSDL [wsdlurl]

Example: /ScanWSDL http://testaspnet.vulnweb.com/acuservice/service.asmx?WSDL

/Profile Uses specified scanning profile during the scan.

Syntax: /Profile [profile name]

Example: /Profile default

/Settings Uses specified scan settings template during the scan.

Syntax: /Settings [template name]

Example: /Settings test

/LoginSeq Uses specified login sequence during the scan.

Syntax: /LoginSeq [filename]

Example: /LoginSeq testphp_seq

/Save Saves scan once scan is finished. The file will be saved in the location specified by the /SaveFolder switch.

Syntax: /Save

/SaveFolder Specify the folder were all the scans and other scan related files will be saved.

Syntax: /SaveFolder [directory]

Example: /SaveFolder C:\Acunetix\Scans

/GenerateZIP Compress all the saved scan data into a zip file.

Syntax: /GenerateZIP

/ExportXML Exports scan results to XML file. The file will be saved in the location specified by the /SaveFolder switch.

Syntax: /ExportXML

/ExportAVDL Exports results as AVDL format. The file will be saved in the location specified by the /SaveFolder switch.

Syntax: /ExportAVDL

/SavetoDatabase Saves scan results to reporting database. If this option is not specified, reports cannot be generated after the scan unless scan results are manually imported to reporting database.

Syntax: /SavetoDatabase

/SaveLogs Saves scan log files to the non-default location. The file will be saved in the location specified by the /SaveFolder switch.

Syntax: /SaveLogs

/SaveCrawlerData Saves crawler data. The file will be saved in the location specified by the /SaveFolder switch.

Syntax: /SaveCrawlerData

/GenerateReport Generates a report after the scan is complete. The file will be saved in the location specified by the /SaveFolder switch.

Syntax: /GenerateReport

/ReportFormat Specifies the report format when generating a report using the /GenerateReport switch. Available report formats:

  • REP
  • PDF
  • RTF
  • HTML

Syntax: /ReportFormat [format]

Example: /ReportFormat PDF

/ReportTemplate Specify the report template to use when generating a report using the /GenerateReport switch. Available report templates:

  • WVSAffectedItemsReport.rep: Affected Items report.
  • WVSComplianceReport.rep: Compliance report.
  • WVSDeveloperReport.rep: Developer report.
  • WVSSingleScanExecutive.rep: Executive Summary
  • WVSQuickReport.rep: Quick Report
  • WVSScanCompare.rep: Scan Comparison Report
  • WVSVulnGroupTrends.rep: Monthly Vulnerabilities report.

Syntax: /ReportTemplate [report template]

Example: /ReportTemplate WVSDeveloperReport.rep

/Timestamps Print current timestamp with each line.

Syntax: /Timestamps

/SendEmail Sends an email alert that the scan is finished to the user using the details configured in the scheduler settings.

Syntax: /SendEmail

/EmailAddress Sends an email alert that the scan is finished to the user. This overrides the details configured in the scheduler settings and sends the email to the provided email address instead.

Syntax: /EmailAddress [email address]

Example: /EmailAddress test@test.com

/Verbose Enables verbose mode; the log file entries will also be displayed in the command line window.

Syntax: /Verbose

/Password Application password if user interface password is enabled. Password can be enabled from the Application settings > General node.

Syntax: /Password [password string]

Example: /Password TestPass123!

WVS Console Scanner Command Line Options

Option Description
--GetFirstOnly Specifies to get the first URL only.

Syntax: --GetFirstOnly=[true | false]

--RestrictToBaseFolder Specifies if crawler should fetch anything above start directory.

Syntax: --RestrictToBaseFolder=[true | false]

--FetchSubdirs Specifies if the crawler should fetch files discovered in sub directories below base directory.

Syntax: --FetchSubdirs=[true | false]

--ForceFetchDirindex Specifies if the crawler should fetch directory indexes even if not linked.

Syntax: --ForceFetchDirindex=[true | false]

--RobotsTxt Retrieves and processes robots.txt and sitemap.xml during crawl to discover more links.

Syntax: --RobotsTxt=[true | false]

--CaseInsensitivePaths Specifies if the crawler should cater for case insensitive / sensitive paths.

Syntax: --CaseInsensitivePaths=[true | false]

--UseWebKit Use WebKit based browser for discovery. For all kind of web 2.0 applications this option should always be enabled.

Syntax: --UseWebKit=[true | false]

--ScanningMode Specify which scanning mode to use for this scan. Options available are Quick, Heuristic or Extensive.

Syntax: --ScanningMode=[Quick | Heuristic | Extensive]

--ManipHTTPHeaders Manipulate HTTP headers during scan.

Syntax: --ManipHTTPHeaders=[True | False]

--UseAcuSensor Enable AcuSensor technology for this scan. AcuSensor Technology sensor files must be installed on the target website.

Syntax: --UseAcuSensor=[True | False]

--EnablePortScanning Port scan target and run network alerts tests against target during web security scan.

Syntax: --EnablePortScanning=[True | False]

--UseSensorDataFromCrawl You can specify to use the AcuSensor data from a saved crawl to proceed with scan or to re-crawl the target.

Syntax: --UseSensorDataFromCrawl=[Yes | No | Revalidate]

--HtmlAuthUser Specify the username to the used for Form-Based Authentication (not suitable for HTTP Authentication).

Syntax: --HtmlAuthUser=[USERNAME]

Notes
The HtmlAuthUser and HtmlAuthPassword options can be used as an alternative to the login sequence files for sites using simple form based authentication. In this case, when a login form is found by DeepScan, Acunetix will use the credentials provided. The logout actions and session detection are also identified automatically.

  • Auto-login can only be done on forms which have one username and one password field.
  • The auto-login feature will fill all checkboxes on the form (they will be checked)
  • If the login form includes drop down lists (comboboxes), the default value is used when submitting the form.
  • Hidden values embedded in the form are submitted automatically, thus making it possible to login even when there is a CSRF token present.
  • Currently, auto-login does not support login forms which are dynamically built using JavaScript. The login form must be present on the page in the HTML code for it to work.
--HtmlAuthPass Specify the password to the used for Form-Based Authentication(not suitable for HTTP Authentication)

Syntax: --HtmlAuthPass=[PASSWORD]

Note: The only mandatory parameter is the scan URL. If no parameter is specified, the default settings will be used for the scan.

If the target website uses HTTP authentication, HTTP credentials can also be specified in the Configuration > Settings > Application Settings > HTTP Authentication node in the Acunetix WVS user interface. Since with every set of HTTP credentials, you also have to specify the URL, such credentials will be used automatically during command line scans.

WVS Console Scanner Command Line Return Codes

Exit codes  are used to return the scan threat level following a scan, i.e. if the scan returned high, medium or low severity alerts.  If you scan a list of sites, the highest threat level from all scans is returned.

The last 2 exit codes are used to provide information when the scan fails.

Return Code Description
3 At least one HIGH Severity Alert has been reported
2 At least one MEDIUM Severity Alert has been reported
1 At least one LOW Severity Alert has been reported
0 No Alerts, or only INFORMATIONAL Alerts have been reported
666 The WVS Scanner stopped unexpectedly
777 Scan cannot start, since the number of licensed instances has been reached

Acunetix WVS Reporter

The Acunetix WVS Console Reporter is installed with Acunetix WVS and can be accessed from the default installation directory of the application. The default location is:

C:\Program Files\Acunetix\Web Vulnerability Scanner 9.5\reporter_console.exe

For WVS console Reporter help, use the /? switch.

Note: In 64 bit operating systems Acunetix WVS is installed in the Program Files (x86) directory.

WVS Reporter Command Line Options

Option Description
/v or /View View a *.pre format report in the Acunetix reporter.

Syntax: /v[report]

Example: /v c:\report.pre

/o or /Output The destination path where the generated report should be saved and the file name of the report.

Syntax: /o [report name]

Example: /o c:\reports\report

/r or /Report Specify the report template to use for generating the report. Available report templates:

  • WVSAffectedItemsReport.rep: Affected Items report.
  • WVSComplianceReport.rep: Compliance report.
  • WVSDeveloperReport.rep: Developer report.
  • WVSSingleScanExecutive.rep: Executive Summary
  • WVSQuickReport.rep: Quick Report
  • WVSScanCompare.rep: Scan Comparison Report
  • WVSVulnGroupTrends.rep: Monthly Vulnerabilities report.

Syntax: /r [report template]

Example: /r WVSDeveloperReport.rep

Note: For Compliance reports, one must use the /r option in conjunction with the /k option described below.

/k or /Kind This parameter may be used only for compliance type reports. In fact, such parameter should only be used when the /r or /Report switches are set to WVSComplianceReport.rep.

  • CWE.xml
  • HIPAA.xml
  • NIST_SP800_53.xml
  • OWASP_Top_10_2004.xml
  • OWASP_Top_10_2007.xml
  • OWASP_Top_10_2010.xml
  • PCI.xml
  • PCI12.xml
  • PCI20.xml
  • Sarbanes_Oxley.xml
  • STIG_DISA.xml
  • WASC_Threat_Classification.xml

To see a list of compliance templates available, run the following command reporter_console.exe /? in the command prompt.

Syntax: /r WVSComplianceReport.rep /k [compliance type template]

Example: /r WVSComplianceReport.rep /k PCI12.xml

/p or /Password Application password if user interface password is enabled. Password can be enabled from the Application settings > General node.Syntax: /p [password]
/c or /Console Do not load Acunetix Reporter user interface. If this option is not specified, by default the user interface of the Acunetix Reporter will automatically pop up.Syntax: /c
/a or /Action Specify the file type in which the generated report should be exported to. File types available:PDF, RTF, HTML, REP (Acunetix WVS proprietary format).

Syntax: /a [format type]

Example: /a PDF

/p or /Parameters For each type or report template, there are different parameters. If no parameters are specified, the default parameter settings will be used. To specify the parameters to be passed to the reporter, us the name=value format delimited by ;. To find out what parameters are available for each type report template, use the following syntax:Reporter_console.exe /r [ReportTemplate] /?

Syntax: /r [report template] /p [parameter=True/False]

Usage Example: /r WVSSingleScan.rep /p "ShowHTTP=False "

/t or /Target Scan identifiers from the database to use as a report source. From the Acunetix WVS reporter, in the Configuration > WVS Database node, you can find the ID for each scan stored in the reporting database. The identifier can be one integer for single target template, two integers for comparison templates delimited by “;”. Can also be omitted for reports without specific scan target. For single scan templates, you can use “last” as target to indicate the last saved scan from the database.

Syntax: /t [report ID]

Example: /t 24

  • Hi, I have tryed to use the command line version of Acunetix but it didnt respect my profile parameter.
    I used this command wvs_console.exe /Savefolder c:log /exportxml /profile Custom /scan http://www.aaa.com
    and the output is
    Acunetix WVS v7 console application
    ————————————
    Scanning “http://www.aaa.com” …
    Profile : Default

    It uses the Default profile every time. I would like to know if my command line parameter is wrong.

    Regards,
    Emilio

    • Hi,

      The command you using seems to be valid. Are you able to upgrade to the latest version of Acunetix WVS? It would be difficult to provide further information on an older version.

    • Hi there

      In order to restrict the scan on a particular directory, for instance,

      http://testphp.vulnweb.com/hpp/,

      then you should add a forward slash (‘/’) at the end of the URL path.

      Please elaborate further on your query if the above is not what you were asking.

  • Hi can u tell me how to execute loginseq command on cmd i tried but not getting they specified loginseq filename so will i need to put the path of file in which i stored my user name and password please help me………………………….

    • Hi,

      You cannot create a login sequence file from command line. This will need to be created beforehand and specified using the /loginseq parameter.

      For simple sites, you can try using the –htmlauthuser and –htmlauthpass command line options. Acunetix will detect the login form and use the credentials supplied. It will also try to auto-manage the session.

  • Hi, May I set up my own crawl settings while I’m using /crawl command ?
    For example, File Limit or Link Depth.
    Thanks !!

    • Hi Aaron,

      The Crawling options are specified in the Scan Settings.

      You can create multiple Scan Settings templates (from the UI). When running WVS from command line, you can specify your custom Scan Settings template using the /Settings switch.

      • Thanks for your support.
        Now I encounter another problem and wondering if you could help me.
        It’s about crawl result.It always show all sites including 404 pages, is there any solution that can make crawl result “exclude” 404 sites? Thanks!

        • Hi Aaron,

          In Configuration > Scan Settings > Custom 404, you can define the page that is displayed for requests that generate a 404 response. This will allow the Crawler to correctly identify broken links.

          Acunetix WVS will report the broken links. You can use the information provided by Acunetix WVS to solve these broken links. Check this article for more info: http://www.acunetix.com/blog/docs/finding-broken-links/


          • Thank you for your reply!
            But if I want to crawl and exclude 404 pages by command line operation and export.xml parsing. Is that possible ?


          • That is not possible form command line. You can however pre-configure exclusions from Acunetix WVS UI > Configuration > Scan Settings > Crawl Options > Directory and File Filters.

  • Hi, Everytime I run the scan on any website, scan ends with Exit Code =3. It should successfully exit with Exit Code =0 as the Scan is successful.

    For following command line operation:
    C:Program Files (x86)AcunetixWeb Vulnerability Scanner 9>wvs_console.exe /Sca
    n http://www.edifecs.com /Profile default /Settings TestMDevScanSettings /SaveToDatabas
    e –ScanningMode=Heuristic –UseAcuSensor=FALSE –EnablePortScanning=TRUE /savef
    older C:TestMDevAcunetix

    Following is the Scan Summary:

    Scan http://www.edifecs.com
    Number of alerts : 65
    Number of KB items : 8
    Number of requests : 124096
    Number of iterations : 2
    Start time : 21/5/2014, 06:05:33
    Finish time : 21/5/2014, 15:32:59
    Scan time : 9 hours, 27 minutes
    Average response time : 334.44
    Scan was responsive : YES
    Scan was aborted : NO
    Number of files : 2112
    Number of directories : 633
    Number of variations : 118
    ———————————————————————–
    ExitCode = 3

    I am not able to get which path is missing (Exit Code=3).

    Regards,

    Aman

    • Hi,

      Exit codes are used to return the scan threat level, i.e. if the scan returned high, medium or low severity alerts. The exit codes can be found below:

      3 – at least one HIGH severity alert was reported
      2 – at least one MEDIUM severity alert was reported
      1 – at least one LOW severity alert was reported
      0 – otherwise

    • Hi,
      Can I Start/Stop sniffer and save the .slg file to a particular location and run the crawler using that .slg file, all using command line?

      • The Acunetix WVS CLI allows you to crawl and scan a site, however the HTTP Sniffer needs to be operated from the GUI.

  • Leave a Reply

    Your email address will not be published.


    *