DVWA is an intentionally vulnerable web application that you can install on your server to test vulnerability scanners or to practice penetration testing. You may want to use DVWA to test the capabilities of the Acunetix vulnerability scanner and compare it to similar tools. This article explains how to set up Acunetix to scan the DVWA application.

Download and Install DVWA

  1. Download DVWA from https://github.com/digininja/DVWA
  2. Install DVWA on your test server according to the instructions in the DVWA GitHub repository. Ensure that the server is not accessible from the Internet.
  3. Test if the DVWA application works correctly by going to the URL and logging in using the username admin and the password password.
  4. We have to change the security level before the scan. To do that, navigate to “DVWA Security”, then select “Low” as a security level and submit it.

Configure Acunetix to Scan DVWA

  1. To add DVWA as a target in Acunetix, select Targets from the left-side menu, then click Add Target
  2. Enter your DVWA URL in the Address field and click Save. 

  3. After clicking save, you are taken to the Target settings page. Amend any necessary information.
  4. Set the scan speed from Fast to Moderate. 

  5. Enable the Site login toggle and create a new LSR. 
  6. Save it after entering the username and password. 


  7. You can add URLs to Record Restrictions to restrict the scanner from visiting these URLs. Exclusions in the LSR are used to specify what should not be scanned.
  8. Add them to there.

    • /logout.php
    • /security.php
    • captcha
    • csrf 


     

  9. To improve the scan quality, we need to add the following paths to the Excluded Paths section. Please make sure to include the paths listed below.

    /phpinfo.php
    /setup.php
    /instructions.php
    ^\/vulnerabilities/csrf/.*$
    ^\/vulnerabilities/captcha/.*$
    view_source\.php
    view_help\.php
    about*.php
    brute
    weak_id
    view_source_all\.php

  10. Click “Scan” at the top right. A pop-up dialog will appear. Leave all the settings as default and click “Create Scan”.
  11. Wait for the scan to start successfully and complete.
SHARE THIS POST
THE AUTHOR
Bernhard Abele
Bernhard Abele
Technical Support Engineer Acunetix.
Bernhard Abele is an Operations Engineer working for Acunetix. He's a Bachelor of Science (Hons.) in Computer Systems and Networking and has a technical background with over 3 years of technical support experience.