There are situations where you may need to configure Acunetix to exclude a portion of web application from crawling and scanning. This might be required if the web application being scanned is too large, or if scanning part of the site might trigger unwanted actions such as submitting data. There are two ways to instruct Acunetix to omit scanning part of your web application.
Starting a Scan from a Directory
The simpler method, is to directly scan a directory on the site – for example, http://testphp.vulnweb.com/AJAX/. Acunetix will only scan the /AJAX directory of the site and the files and directories below it. Acunetix will not scan any URLs which are above the /AJAX path.
Exclude Paths in a Target’s Settings
The second method is to make use of the the Excluded Paths option, which enables you to specify a list of directories and files to be excluded from a crawl. Multiple paths may be excluded for each Target.
Adding an Excluded Path can be accomplished as follows.
- Navigate to the Target to which you wish to add an Excluded Path.
- Click on the Crawl tab of the Target’s settings
- From the Crawling/Navigation Options section, under Excluded Paths, add the path of the directory or file you wish to exclude, starting after the Target URL
- Click on Add to include that path in the exclusion list
- If you wish you can remove excluded paths by clicking on the Remove link next to each exclusion
The format in which the exclusions should be created is with a forward slash (/) at the front and the path that should be after the Target URL. For example if you wish to exclude /dir2 which is in directory /dir1 from www.testsite.com, the exclusion should be created as such — /dir1/dir2/ where /dir2 will be ignored by the Crawler. /dir1 and everything under it, (with the exception of /dir2) will still be crawled and scanned.