Acunetix includes advanced tools for penetration testers to further automated testing, integration with external tools, as well as tools to aid in testing business-logic web applications.
Eaisly Extend Automated Testing With In-built Manual Penetration Testing Tools & Other Advanced Features
Take Automated Scanning Further
- Use the integrated HTTP Editor to export HTTP requests from an automated crawl or scan, modify or craft HTTP requests and analyze the web server’s response.
- Intercept, log and modify HTTP traffic sent to and from a web application on the fly using Traps with support for regular expressions using the integrated HTTP Sniffer. Extend manual HTTP traffic inspection by using captured traffic to build a custom crawl structure that can be used as part of an automated scan.
- Fuzz HTTP requests to test validation and handling of invalid or random data using a variety of built-in fuzzers. Filter fuzzed HTTP requests with HTTP Fuzzer filters with support for regular expressions.
- Export Blind SQL Injection vulnerabilities from automated scans, and perform automated database data extractions using the Blind SQL Injector.
- Import manual crawl data from the built-in HTTP Editor, third-party tools such as Telerik Fiddler, Portswigger BurpSuite, and HAR (HTTP Archive) files.
Automatic Web Application Firewall (WAF) configuration
Sometimes, it’s not possible to roll-out a fix to a high-severity vulnerability there-and-then. Acunetix integrates with Imperva SecureSphere, F5 BIG-IP Application Security Manager and FortiWeb WAF and can automatically create the appropriate Web Application Firewall rules to protect web applications against attacks targeting vulnerabilities that the scanner finds. This allows you to temporarily prevent exploitation of high-severity vulnerabilities until you are able to fix them.
Integration and Extensibility
Acunetix features a powerful Command Line Interface (CLI) and RESTful Application Programming Interface (REST API). The REST API allows access and management of Scan Targets, Scans, Vulnerabilities, Reports and other resources within an Acunetix in a simple, programmatic manner using conventional HTTP requests. The API’s endpoints are intuitive and powerful, allowing you to easily retrieve information and execute actions.