How to scan for specific vulnerabilities

Both Acunetix Web Vulnerability Scanner and Acunetix Online Vulnerability Scanner provide options for selecting specific types of vulnerability checks to run against your site, such as SQL injection or Cross-Site Scripting checks. This can be done by selecting one of a number of predefined Scanning Profiles. Each Scanning Profile is a logical grouping of scripts that complete a certain task, and therefore each profile checks for specific vulnerabilities.

Acunetix WVS

In Acunetix WVS, Scanning Profiles can be selected from the “Options” stage of the Scan Wizard. You can also create your own customized Scanning Profile, which would include the vulnerability checks of your choice. These Scanning Profiles can then be used to scan multiple websites or web applications. The below procedure explains how you can create different Scanning Profiles:

  1. Navigate to the Configuration > Scanning Profiles.
  2. Click the “Create a new profile” button next to the Profile drop down menu and enter a name for the new scanning profile.
  3. Make sure that the scanning profile is selected in the Profile drop down menu and enable the checks that you want to perform, or disable the ones that you do not want to be done when this profile is used
  4. Click “Save” next to the “Create a new profile” button to save the changes to the selected scanning profile.

You can remove a scanning profile by simply selecting it and clicking the “Delete current profile” button.

Acunetix OVS

In Acunetix OVS you can select one of a number of predefined Scanning Profiles to run a web scan with. These can be selected when launching or scheduling a scan and include Scanning Profiles for a:

  • Full web scan
  • CSRF web scan
  • High Risk Alerts web scan
  • SQL Injection web scan
  • Weak Passwords web scan
  • Cross Site Scripting (XSS) web scan

A further two options are also provided for network scans. These include options to run a:

  • Full network scan using safe checks
  • Full network scan that includes invasive checks

View all the Acunetix FAQs here.

  • Your product was just used aggressively yesterday by Anonymous hackers to probe my website for attack vulnerabilities. I don’t know if you can control this in any way, but please think about it. Thank you for designing it to leave a record of its identity in the process.

  • Hi Christiaan X

    I am sorry about that. Unfortunately this is an issue which unfortunately cannot be controlled, since certain individuals are using cracked versions of Acunetix WVS and scanning sites without permission.

    Version 7 scanner is sending these headers with every request:

    Acunetix-Product: WVS/7 (Acunetix Web Vulnerability Scanner – NORMAL)
    Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
    Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm

    and Version 8 scanner is sending these headers with every request:

    Acunetix-Product: WVS/8 (Acunetix Web Vulnerability Scanner – NORMAL)
    Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
    Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm

    You can change the version (WVS/*) in the Acunetix-Product header to the version of Acunetix you wish to block, such as WVS/6 or WVS/7 or WVS/8.

    If you have an application firewall like mod_security
    (http://www.modsecurity.org/) you are able to block these requests by defining some custom rules.

    Otherwise, you may block attacker’s IP address.

    Here is the Apache documentation about access control (in case your web server is Apache):
    http://httpd.apache.org/docs/2.2/howto/access.html

    If you are using IIS, this document may help you to control access:
    http://www.hostmysite.com/support/dedicated/IIS/blockip/

    If you are using another web server software, consult its documentation for information on access control.

    Thank You

  • I’m using it only on my sites, not to attack someone else’s.

  • Leave a Reply

    Your email address will not be published.


    *