The scan results of a web scan includes the Site Structure identified and scanned by Acunetix. This can be accessed from the Scan Results page > Site Structure tab. Click on the folder icons to expand the site structure. Acunetix will show the vulnerabilities identified on the file or folder selected.
10 thoughts on “How can I be sure that Acunetix has crawled my entire website?”
George –
1. is the deepscan available in the online or trial version for scanning and crawling single page apps? If yes, how do I enable it?
2. assuming that the REST URLs are detected by the deepscan, is the crawler smart enough to understand and capture the request that include JSONs?
Ian Muscat –
Hi George,
Yes, of course, DeepScan is also available in Acunetix Online. There is no need to enable anything, it works straight ‘out of the box’.
Regarding your question about RESTful web applications, if you are scanning a Single Page Application, Acunetix will automatically pick up REST calls and interpret any JSON, XML or GWT and convert them into input schemes and automatically test these inputs individually.
Should you have further questions on this, please do not hesitate to get in touch with our Support Team at support@acunetix.com
Ajay –
Does Acunetix scan go with OWASP top 10 practices? If yes, then how do I ensure and find in the report.
Nicholas Sciberras –
Acunetix does scan for the OWASP Top 10. Check https://www.acunetix.com/blog/articles/owasp-top-10-2017/ for more information.
Ajay –
1. Is Tomcat server vulnerable to Slowloris, HTTP DoS (Denial of Service) attacks?
2. Is Nginx server vulnerable to Slow HTTP DoS (Denial of Service) attacks?
Nicholas Sciberras –
1. Tomcat can be vulnerable to slowloris – check https://tomcat.apache.org/security-7.html#Not_a_vulnerability_in_Tomcat
2. Nginx can also be vulnerable to slow loris – check https://hexadix.com/slowloris-dos-attack-mitigation-nginx-web-server/ for more information.
This link provides additional ways on how to mitigate slowloris – https://www.acunetix.com/blog/articles/slow-http-dos-attacks-mitigate-apache-http-server/
Zubair –
Can we have dynamic exclusion of the crawled data post crawling and before scanning, like we had it in the older version and also dynamic change of the scan settings while the scan is in progress? Since Nov 2017, there seems to be no build update?
Nicholas Sciberras –
Hi Zubair,
That is possible in the most recent version of Acunetix. You can pause the scan, change the settings and resume the scan with the new settings.
You can also crawl a site, or use the crawl data from a previous scan, to exclude the scanning of parts of the site. This can be done from the Site Structure. Hover the mouse on the directories or files, and use the Exclude option as needed.
Jamie –
Using 12.0 with AcuSensor enabled. Full scans do not appear to be scanning the entire site. The Site Structure shown is incomplete with several folders & pages missing. Where can I investigate the cause of this?
The desktop version 9.5 did not have this issue.
Nicholas Sciberras –
Hi Jamie,
That should not be the case, since AcuSensor would ensure full coverage of the site. Maybe something happened to cause the AcuSensor to not be properly installed. Did you already try to re-install it?
Should the problem persist, please contact our support team so we can check your issue further.