Configuring Advanced Settings in Acunetix

By default, Acunetix comes built-in with settings that are designed to work in the vast majority of websites and web applications. Of course, you can customize a Target’s settings, but there might be cases where you need very fine-grain control on your Target settings.

Fine-grain scan controls can be customized from the Acunetix Settings.xml file which is stored in C:\ProgramData\Acunetix 11\shared\General\Settings.xml

Open the XML file using a text editor of your choice. You will need Administrator privileges on the machine Acunetix is installed on, in order to modify the XML file.

While modifying settings, please take care to stop the Acunetix and Acunetix Database services (using the Task Manager, or command-line).

The following options are some of the most useful settings you may wish to modify. While there are many more configuration options exposed by the XML file, the following are the most common and the most useful advanced settings you may wish to modify.

XML XPath Setting Name Descriptions
/Settings/ScanSettings/Scanning/AbortScanOnNetworkErrorsCount Network errors before aborting a scan Define the number of network errors to tolerate before aborting a scan
/Settings/ScanSettings/Extensions File Extension Filters Specify the type of files (by file extension) to be included/ignored by the crawler. Please note that binary files such as images, movies and archives are excluded by default to avoid unnecessary
/Settings/ScanSettings/Parameters/ParameterManipulation/HTTPHeaders/Headers Custom HTTP Headers Specify custom HTTP Headers that the crawler and scanner should include with the other standard HTTP headers
/Settings/ScanSettings/Crawler/LinkDepth Link Depth Limitation Configure the maximum number of links to crawl from the root URL
/Settings/ScanSettings/Crawler/DirDepth Structure Depth Limitation Configure the maximum number of directories to crawl from the root URL
/Settings/ScanSettings/Crawler/FileLimit Maximum number of files in a directory Configure the maximum number of files in a directory
/Settings/ScanSettings/Crawler/MaxVariations Maximum number of variations Configure the maximum number of variations for a file. For example, if index.asp has a GET parameter ID of which the crawler discovered 10 possible values from links requesting the page, each of these links is considered a variation
/Settings/ScanSettings/Crawler/MaximumNumberOfPathSchemes Maximum number of path schemes Configure the maximum number of path schemes that should be detected by the crawler. Path schemes are input types determined by a heuristic algorithm whose inputs are parts of a URI. You should only tweak this setting if you are crawling very large websites or web applications and notice that some path schemes are not being crawled
/Settings/ScanSettings/Crawler/MaximumNumberOfPagesToCrawl Crawler file limit Configure the maximum number of files the crawler should crawl
/Settings/ScanSettings/HTMLForms Input Fields Define a list of field values to be set automatically when submitting HTML forms ow web services. Wildcards may be used to define a range of URLs for each input value.
/Settings/ScanSettings/HTTPGeneral/RequestTimeout HTTP Request Timeout Define the time in milliseconds that Acunetix should wait before considering an HTTP request timed-out.
Share this post
Ian Muscat

Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.

Leave a Reply

Your email address will not be published.