Acunetix Web Vulnerability Scanner Command Line Operation

This post describes the command line options for the Acunetix WVS Scanner and the Acunetix WVS Reporter.

Acunetix WVS Scanner

Introduction

Acunetix WVS can be launched from command prompt, allowing you to automate specific scans. Command line operation is done via the Acunetix WVS Console Scanner.

The Acunetix WVS Console Scanner is installed with Acunetix WVS and can be accessed from the default installation directory of the application. The default location of the WVS Console scanner is:

C:\Program Files\Acunetix\Web Vulnerability Scanner 9.5\wvs_console.exe

If the executable is run without parameters, usage information is presented together with all the details of every parameter and option for quick reference.  For further help with using the Scanner console, use the /? switch.

Note: In 64 bit operating systems Acunetix WVS is installed in the ‘Program Files (x86)’ directory.

WVS Console Scanner Command Line Parameters

The Acunetix WVS Console Scanner supports most of the graphical user interface options.  It allows the same degree of customization and flexibility via a set of command line parameters:

ParameterDescription
/scanScans a single website.
Syntax:
/scan [url]
Example:
/scan http://testphp.vulnweb.com
/crawlCrawls a single website.
Syntax:
/crawl [url]
Example:
/crawl http://testphp.vulnweb.com
/scanfromcrawlStarts a scan from a saved crawl.
Syntax:
/scanfromcrawl [path and file name]
Example:
/scanfromcrawl c:\crawl\sitecrawl.cwl
/scanwsdlStarts a web services scan.
Syntax:
/scanwsdl [wsdlurl]
Example:
/scanwsdl http://testaspnet.vulnweb.com/acuservice/service.asmx?WSDL
/profileUses specified scanning profile during the scan.
Syntax:
/profile [profile name]
Example:
/profile default
/SettingsUses specified scan settings template during the scan.
Syntax:
/settings [Template name]
Example:
/settings test
/loginseqUses specified login sequence during the scan.
Syntax:
/loginseq [filename]
Example:
/loginseq testphp_seq
/saveSaves scan once scan is finished. The file will be saved in the location specified by the “/savefolder” switch.
Syntax:
/save
/savefolderSpecify the folder were all the scans and other scan related files will be saved.
Syntax:
/savefolder [directory]
Example:
/savefolder C:\Acunetix\Scans
/GenerateZIPCompress all the saved scan data into a zip file.
Syntax:
/GenerateZIP
/exportxmlExports scan results to XML file. The file will be saved in the location specified by the “/savefolder” switch.
Syntax:
/exportxml
/exportavdlExports results as AVDL format. The file will be saved in the location specified by the “/savefolder” switch.
Syntax:
/exportavdl
/savetodatabaseSaves scan results to reporting database. If this option is not specified, reports cannot be generated after the scan unless scan results are manually imported to reporting database.
Syntax:
/savetodatabase
/savelogsSaves scan log files to the non-default location. The file will be saved in the location specified by the “/savefolder” switch.
Syntax:
/savelogs
/sendmailSends an email alert that the scan is finished to the user using the details configured in the scheduler settings.
Syntax:
/sendmail
/verboseEnables verbose mode; the log file entries will also be displayed in the command line window.
Syntax:
/verbose
/PasswordApplication password if user interface password is enabled. Password can be enabled from the Application settings > General node.
Syntax:
/Password [password string]
Example:
/Password TestPass123!

WVS Console Scanner Command Line Options

OptionDescription
--GetFirstOnlySpecifies to get the first URL only.
Syntax:
--GetFirstOnly=[true | false]
--RestrictToBaseFolderSpecifies if crawler should fetch anything above start directory.
Syntax:
--RestrictToBaseFolder=[true | false]
--FetchSubdirsSpecifies if the crawler should fetch files discovered in sub directories below base directory.
Syntax:
--FetchSubdirs=[true | false]
--ForceFetchDirindexSpecifies if the crawler should fetch directory indexes even if not linked.
Syntax:
--ForceFetchDirindex=[true | false]
--htmlauthuserSpecify the username to the used for Form-Based Authentication
(not suitable for HTTP Authentication)
Syntax:
--htmlauthuser=[USERNAME]

Notes:
The htmlauthuser and htmlauthpassword options can be used as an alternative to the login sequence files for sites using simple form based authentication. In this case, when a login form is found by DeepScan, Acunetix will use the credentials provided. The logout actions and session detection are also identified automatically.

• Auto-login can only be done on forms which have one username and one password field.
• The auto-login feature will fill all checkboxes on the form (they will be checked)
• If the login form includes drop down lists (comboboxes), the default value is used when submitting the form.
• Hidden values embedded in the form are submitted automatically, thus making it possible to login even when there is a CSRF token present.
• Currently, auto-login does not support login forms which are dynamically built using JavaScript. The login form must be present on the page in the HTML code for it to work.
--htmlauthpassSpecify the password to the used for Form-Based Authentication
(not suitable for HTTP Authentication)
Syntax:
--htmlauthpass=[PASSWORD]
--RobotsTxtRetrieves and processes robots.txt and sitemap.xml during crawl to discover more links.
Syntax:
--RobotsTxt=[true | false]
--CaseInsensitivePathsSpecifies if the crawler should cater for case insensitive / sensitive paths.
Syntax:
--CaseInsensitivePaths=[true | false]
--UseCSAEnable Client Script Analyzer engine to analyze JavaScript and other client side scripts during crawling. For all kind of web 2.0 applications this option should always be enabled.
Syntax:
--UseCSA=[true | false]
--scanningModeSpecify which scanning mode to use for this scan. Options available are Quick, Heuristic or extensive.
Syntax:
--scanningMode=[Quick | Heuristic | Extensive]
--TestWebAppsInAllDirsTests for well-known web applications vulnerabilities in all directories. Enable only if popular web applications are installed on the target website, such as Wordpress, Joomla etc.
Syntax:
--TestWebAppsInAllDirs=[True | False]
--ManipHTTPHeadersManipulate HTTP headers during scan.
Syntax:
--ManipHTTPHeaders=[True | False]
--UseAcuSensorEnable AcuSensor technology for this scan. AcuSensor Technology sensor files must be installed on the target website.
Syntax:
--UseAcuSensor=[True | False]
--EnablePortScanningPort scan target and run network alerts tests against target during web security scan.
Syntax:
--EnablePortScanning=[True | False]
--UseSensorDataFromCrawlYou can specify to use the AcuSensor data from a saved crawl to proceed with scan or to re-crawl the target.
Syntax:
--UseSensorDataFromCrawl=[Yes | No | Revalidate]

Note: The only mandatory parameter is the scan URL. If no parameter is specified, the default settings will be used for the scan.

If the target website uses HTTP authentication, HTTP credentials can also be specified in the Configuration > Settings > Application Settings > HTTP Authentication node in the Acunetix WVS user interface. Since with every set of HTTP credentials, you also have to specify the URL, such credentials will be used automatically during command line scans.

WVS Console Scanner Command Line Return Codes

Exit codes  are used to return the scan threat level following a scan, i.e. if the scan returned high, medium or low severity alerts.  If you scan a list of sites, the highest threat level from all scans is returned.

The last 2 exit codes are used to provide information when the scan fails.

Return CodeDescription
3At least one HIGH Severity Alert has been reported
2At least one MEDIUM Severity Alert has been reported
1At least one LOW Severity Alert has been reported
0No Alerts, or only INFORMATIONAL Alerts have been reported
666The WVS Scanner stopped unexpectedly
777Scan cannot start, since the number of licensed instances has been reached

Acunetix WVS Reporter

The Acunetix WVS Console Reporter is installed with Acunetix WVS and can be accessed from the default installation directory of the application. The default location is:

C:\Program Files\Acunetix\Web Vulnerability Scanner 9.5\reporter_console.exe

For WVS console Reporter help, use the ‘/?’ switch.

Note: In 64 bit operating systems Acunetix WVS is installed in the ‘Program Files (x86)’ directory.

WVS Reporter Command Line Options

OptionDescription
/v or /ViewView a *.pre format report in the Acunetix reporter.
Syntax:
/v [report]
Example:
/v c:\report.pre
/o or /OutputThe destination path where the generated report should be saved and the filename of the report.
Syntax:
/o [report name]
Example:
/o c:\reports\report
/r or /ReportSpecify the report template to use for generating the report. Available report templates:
WVSComplianceReport.rep: Compliance report.
WVSDeveloperReport.rep: Developer report.
WVSScanCompare.rep: Scan comparison report.
WVSSingleScan.rep: Detailed Scan report.
WVSSingleScanExecutive.rep: Executive Summary
WVSVulnGroupTrends.rep: Monthly Vulnerabilities report.
Syntax:
/r [report template]
Example:
/r WVSDeveloperReport.rep
Note: For Compliance reports, one must use the /r option in conjunction with the /k option described below.
/k or /KindThis parameter may be used only for compliance type reports. In fact, such parameter should only be used when the /r or /Report switches are set to WVSComplianceReport.rep.
CWE.xml
HIPAA.xml
NIST_SP800_53.xml
OWASP_Top_10_2004.xml
OWASP_Top_10_2007.xml
OWASP_Top_10_2010.xml
PCI.xml
PCI12.xml
PCI20.xml
Sarbanes_Oxley.xml
STIG_DISA.xml
WASC_Threat_Classification.xml
To see a list of compliance templates available, run the following command ‘reporter_console.exe /?’ in the command prompt.
Syntax:
/r WVSComplianceReport.rep /k [compliance type template]
Example:
/r WVSComplianceReport.rep /k PCI12.xml
/p or /PasswordApplication password if user interface password is enabled. Password can be enabled from the Application settings > General node.
Syntax:
/p [password]
/c or /ConsoleDo not load Acunetix Reporter user interface. If this option is not specified, by default the user interface of the Acunetix Reporter will automatically pop up.
Syntax:
/c
/a or /ActionSpecify the file type in which the generated report should be exported to. File types available:
PDF, RTF, HTML, REP (Acunetix WVS proprietary format).
Syntax:
/a [format type]
Example:
/a PDF
/p or /ParametersFor each type or report template, there are different parameters. If no parameters are specified, the default parameter settings will be used. To specify the parameters to be passed to the reporter, us the “name=value” format delimited by “;”. To find out what parameters are available for each type report template, use the following syntax:
Reporter_console.exe /r [ReportTemplate] /?
Syntax:
/r [report template] /p [parameter=True/False]
Usage Example:
/r WVSSingleScan.rep /p "ShowHTTP=False "
/t or /TargetScan identifiers from the database to use as a report source. From the Acunetix WVS reporter, in the Configuration > WVS Database node, you can find the ID for each scan stored in the reporting database. The identifier can be one integer for single target template, two integers for comparison templates delimited by “;”. Can also be omitted for reports without specific scan target. For single scan templates, you can use “last” as target to indicate the last saved scan from the database.
Syntax:
/t [report ID]
Example:
/t 24

ShareShare on FacebookTweet about this on TwitterShare on Google+

Leave a Reply


*

  1. Pingback: Acunetix Web Vulnerability Scanner Command Line Operation | Site Shielder

  2. Emilio

    Hi, I have tryed to use the command line version of Acunetix but it didnt respect my profile parameter.
    I used this command wvs_console.exe /Savefolder c:\log /exportxml /profile Custom /scan http://www.aaa.com
    and the output is
    Acunetix WVS v7 console application
    ————————————
    Scanning “http://www.aaa.com” …
    Profile : Default

    It uses the Default profile every time. I would like to know if my command line parameter is wrong.

    Regards,
    Emilio

    July 8, 2013 at 1:29 pm Reply
    • Hi,

      The command you using seems to be valid. Are you able to upgrade to the latest version of Acunetix WVS? It would be difficult to provide further information on an older version.

      July 8, 2013 at 4:40 pm Reply
    • Chrysostomos Daniel

      Hi there

      In order to restrict the scan on a particular directory, for instance,

      http://testphp.vulnweb.com/hpp/,

      then you should add a forward slash (‘/’) at the end of the URL path.

      Please elaborate further on your query if the above is not what you were asking.

      July 31, 2013 at 1:49 pm Reply
  3. Atul

    Hi can u tell me how to execute loginseq command on cmd i tried but not getting they specified loginseq filename so will i need to put the path of file in which i stored my user name and password please help me………………………….

    December 17, 2013 at 11:26 am Reply
    • Hi,

      You cannot create a login sequence file from command line. This will need to be created beforehand and specified using the /loginseq parameter.

      For simple sites, you can try using the –htmlauthuser and –htmlauthpass command line options. Acunetix will detect the login form and use the credentials supplied. It will also try to auto-manage the session.

      December 19, 2013 at 11:19 am Reply
  4. Aaron

    Hi, May I set up my own crawl settings while I’m using /crawl command ?
    For example, File Limit or Link Depth.
    Thanks !!

    April 30, 2014 at 6:52 am Reply
    • Hi Aaron,

      The Crawling options are specified in the Scan Settings.

      You can create multiple Scan Settings templates (from the UI). When running WVS from command line, you can specify your custom Scan Settings template using the /Settings switch.

      April 30, 2014 at 7:52 am Reply
      • Aaron

        Thanks for your support.
        Now I encounter another problem and wondering if you could help me.
        It’s about crawl result.It always show all sites including 404 pages, is there any solution that can make crawl result “exclude” 404 sites? Thanks!

        June 18, 2014 at 3:49 am Reply
        • Hi Aaron,

          In Configuration > Scan Settings > Custom 404, you can define the page that is displayed for requests that generate a 404 response. This will allow the Crawler to correctly identify broken links.

          Acunetix WVS will report the broken links. You can use the information provided by Acunetix WVS to solve these broken links. Check this article for more info: http://www.acunetix.com/blog/docs/finding-broken-links/

          June 18, 2014 at 10:13 am Reply
          • Aaron

            Thank you for your reply!
            But if I want to crawl and exclude 404 pages by command line operation and export.xml parsing. Is that possible ?

            June 19, 2014 at 2:22 am
          • That is not possible form command line. You can however pre-configure exclusions from Acunetix WVS UI > Configuration > Scan Settings > Crawl Options > Directory and File Filters.

            June 19, 2014 at 7:30 am
  5. Aman Verma

    Hi, Everytime I run the scan on any website, scan ends with Exit Code =3. It should successfully exit with Exit Code =0 as the Scan is successful.

    For following command line operation:
    C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 9>wvs_console.exe /Sca
    n http://www.edifecs.com /Profile default /Settings TestMDevScanSettings /SaveToDatabas
    e –ScanningMode=Heuristic –UseAcuSensor=FALSE –EnablePortScanning=TRUE /savef
    older C:\TestMDevAcunetix

    Following is the Scan Summary:

    Scan http://www.edifecs.com
    Number of alerts : 65
    Number of KB items : 8
    Number of requests : 124096
    Number of iterations : 2
    Start time : 21/5/2014, 06:05:33
    Finish time : 21/5/2014, 15:32:59
    Scan time : 9 hours, 27 minutes
    Average response time : 334.44
    Scan was responsive : YES
    Scan was aborted : NO
    Number of files : 2112
    Number of directories : 633
    Number of variations : 118
    ———————————————————————–
    ExitCode = 3

    I am not able to get which path is missing (Exit Code=3).

    Regards,

    Aman

    May 23, 2014 at 6:38 am Reply
    • Hi,

      Exit codes are used to return the scan threat level, i.e. if the scan returned high, medium or low severity alerts. The exit codes can be found below:

      3 – at least one HIGH severity alert was reported
      2 – at least one MEDIUM severity alert was reported
      1 – at least one LOW severity alert was reported
      0 – otherwise

      May 23, 2014 at 7:20 am Reply
  6. Rohit

    How to start/stop Sniffer from command line?

    August 1, 2014 at 8:31 am Reply
    • Rohit

      Hi,
      Can I Start/Stop sniffer and save the .slg file to a particular location and run the crawler using that .slg file, all using command line?

      August 1, 2014 at 8:50 am Reply
      • Bernardette Azzopardi

        The Acunetix WVS CLI allows you to crawl and scan a site, however the HTTP Sniffer needs to be operated from the GUI.

        August 5, 2014 at 7:08 am Reply