Tips on reducing Acunetix scan time

Select or create your own scan types

To create your own custom scan type you will need to:

  • Navigate to ‘Settings’ from the navigation menu
  • Navigate to the ‘Scan Types’ tab
  • Click on the ‘New’ button
  • Specify a name for your scanning profile in the ‘Name’ field
  • Disable or enable any checks that you want to exclude or include in this profile by toggling the checkbox next to each check. Clicking on the folder icons will expand that specific group of checks.
  • When done, click the ‘Save’ button to create your scan type

select scanning profile

To select a different scan type to use for a scan you will need to:

  • Navigate to ‘Targets’ from the navigation menu
  • Select your scan target (by clicking on the check box next to the target address on the left hand side)
  • Click the ‘Scan’ button
  • From the ‘Scan Type’ drop-down menu select your scan type
  • Input other settings and click on the ‘Create Scan’ button

custom profile

Monitor the average response time

To see the average response time being returned from the server during a scan you will need to:

  • Navigate to ‘Scans’ from the navigation menu
  • Click on your scan
  • From the ‘Scan Stats & Info’ tab check the ‘Avg. Response Time’ value:

Monitor the average response time

Use the ‘Excluded Hours’ setting to scan during off-peak hours (in the new build released 15th Feb 2017)

To create your own custom excluded hours profile you will need to:

  • Navigate to ‘Settings’ from the navigation menu
  • Navigate to the ‘Excluded Hours’ tab
  • Click on the ‘Create Profile’ button
  • Specify a name for your scanning profile in the ‘Name’ field
  • Click on the boxes from the graph to exclude certain hours within certain days of the week
  • When done, click the ‘Create Profile’ button to create your excluded hours profile

Excluded Hours

To set exclusion hours for a specific target you will need to:

  • Navigate to ‘Targets’ from the navigation menu
  • Click on your target to edit it
  • Navigate to the ‘Advanced’ tab
  • Under the ‘Excluded Hours’ section, select a profile from the drop-down list.
  • Click ‘Save’ to apply these changes to that target

excluded hours drop-down

Set excluded paths for your targets

If there are any paths or files that you do not wish to scan, you can set exclusions by following these steps:

  • Navigate to ‘Targets’ from the navigation menu
  • Click on your target to edit it
  • Navigate to the ‘Crawl’ tab
  • From the ‘Excluded Paths’ field, enter exclusions for any paths or files and click ‘Add’. The exclusions can be set using regular expressions, wildcards, and also normal strings
  • Click the ‘Save’ button when done

excluded paths

Paths can also be excluded from the Site Structure identified during a previous scan. This can be done as follows:

  • Navigate to ‘Scans’ from the navigation menu
  • Click on a scan for the Target for which you want to configure exclusions
  • Navigate to the ‘Site Structure’ tab
  • Hover the mouse over the Site Strcutre, and click on the ‘Exclude’ option to automatically configure exclusion for the specific path.
  • The exclusions will be configured in the Target’s settings

Parallel Connections

If the server is able to handle the load, you can increase the scan speed by following these steps:

  • Navigate to ‘Targets’ from the navigation menu
  • Click on your target to edit it
  • From the ‘General’ tab set the ‘Scan speed’ slider to the ‘Fast’ setting
  • Click ‘Save’

Parallel Connections

For a more advanced use case you can:

  • Navigate to the following directory – C:\ProgramData\Acunetix 11\shared\General\
  • Open the ‘Settings.xml’ file using your favourite text editor
  • Search for the ‘<LimitConcurentRequests>’ tag, and this should be similar to the below:
<LimitConcurentRequests>10</LimitConcurentRequests>
  • Replace the ‘10’ with a value up to ‘25’. Note that this will override the ‘Fast’ setting set on your scan target and will be applied globally for all scan targets.

LimitCurrentRequests

  • Save the changes to the ‘Settings.xml’ file
  • Press the Windows + R keys on your keyboard to launch the Windows Run prompt
  • Input – services.msc – and click OK
  • From the Windows Services window, find the ‘Acunetix’ service and right-click on it and select ‘Restart’ to restart this service

restart

Don’t rescan the entire application, retest specific vulnerabilities that have been fixed

To retest specific vulnerabilities you will need to:

  • Navigate to ‘Vulnerabilities’ from the navigation menu
  • Select a vulnerability that you want to retest (by clicking on the check box next to the vulnerability name on the left hand side)
  • Click on the ‘Retest’ button to retest this vulnerability

retest

Share this post
Acunetix

Acunetix developers and tech agents regularly contribute to the blog. All the Acunetix developers come with years of experience in the web security sphere.

  • Is there any way also to configure de advanced settings we had on version 10.5 for the crawler also (they were also lost in this version)? Can they at least configured at least from an XML file? We need all the advanced settings we had before and that are hidden now.


    • Hi,

      Some advanced options have moved to the Target configuration, and the article discusses some other options which can be configured globally in Settings.xml. There were other options such as the custom 404 page detection which has been automated.

      Which advanced options are you missing?


  • Hi,
    the Rescan button isn’t available in the current version.
    Do I miss a dependency?


    • Hi,

      This issue has probably happened because your browser cached a previous version of Acunetix 11. To resolve this you will need to perform a hard refresh of the Acunetix 11 interface from your browser by holding down the Shift button on your keyboard and clicking on the Refresh button from your browser. Clearing your browser cache will also resolve the issue.

      Having said that, I can confirm that Acunetix 11 is compatible with the latest IE and Edge browsers.

      If you are still having issues it would be best to contact our Support Team on support@acunetix.com


  • Where can we tell the scanner/scan profile we are specifically using Windows, or Unix, or Apache 2 or IIS.. as we used to? This used to cut down our scan times with previous Acunetix products dramatically.


  • Hi,
    Is it possible to enable / view response body? As i can see there is no response body like old versions.
    Thanks in advance


  • In version 12 how can I instruct Acunetix to scan a specific list of files? The method explained above does not work in version 12.


    • Hi David,

      Can you try with the latest build we released last Friday. We had a bug whereby the exclusions were taking priority over import files.

  • Comments are closed.