Adding paths via Import Files / API Definitions

You can add paths to your targets via import files or API definitions to guide the Aucnetix crawler. This is useful when there are parts of a site that are not linked to the main target. By specifying paths for the crawler to add to the scan, you can ensure that any unlinked pages and directories are scanned.

NOTE: Import files/API definitions are applied to individual targets, and a target can have multiple files imported.

How to add import files/API definitions to a target

  1. Prepare the file(s) that you want to import to a target.
  2. Log in to Acunetix and go to the Targets page.
  3. Click on the target address that you want to import paths to. The Target Settings page will open.
  4. Scroll down to the Import Files / API Definitions section.
  5. Click the upload icon in the Choose File field.
  6. Locate and select the file that you want to import to the target.
  7. Your file uploads automatically and is now listed in the Import Files /API Definitions section of the Target Settings.
  8. Click Save for your settings to take effect.

TIP: To remove an imported file from a target, click the trash icon next to the file that you have imported, then click Save.

Accepted file formats

You can add paths to a target using output from the following tools::

  • Selenium IDE: Scripts used to automatically test web applications (.html and .side)
  • Telerik Fiddler: Session archives (.saz)
  • Burp: Saved items (.xml) and state files
  • HTTP Archives: Can be exported from various tools, including developer tools included with major browsers (.har)
  • Swagger 2.0 / 3.0: Used to describe RESTful APIs (.json, .yaml, and .yml files)
  • WSDL: Used to describe SOAP web services (.wsdl)
  • WADL: Used to describe restful APIs (.wadl)
  • ASP.NET Web Forms project files (.csproj and .vbproj)
  • Paros log files (.session.data)
  • Postman collections v2 (.json)
  • GraphQL files (.graphql and .json)
  • Text files with lists of URLs (.txt)

Restricting scans to import files

When importing a file, you can also specify whether scans of the target should be restricted to only the paths contained in your imported or linked file(s).

  • ENABLED: If you enable Restrict scans to import files, then the crawler will add to the scan ONLY the paths listed in the import file, ignoring all other parts of the target.

  • DISABLED: If you disable Restrict scans to import files, then the crawler will crawl the target as usual, and use the import file to add other paths listed in the import file, EVEN if no other part of the target links to them (orphaned folders/files).

Illustrative scenario

For example, if you create a target with the URL http://www.example.com and use an import file containing the following data:

  • http://www.example.com/main/sub1/
  • http://www.example.com/extra/sub3/

Then, depending on whether the option Restrict scans to import files is enabled or disabled, you will get the following behavior:

Restrict Option

Will crawl and scan

Will NOT crawl and scan

Enabled

http://www.example.com/main/sub1/

http://www.example.com/extra/sub3/

http://www.example.com/main/sub2/

http://www.example.com/extra/sub1

http://www.example.com/new/

http://www.example.com/

Disabled

http://www.example.com/

http://www.example.com/extra/sub1

http://www.example.com/extra/sub3/

http://www.example.com/main/sub1/

http://www.example.com/main/sub2/

http://www.example.com/new/

 

« Back to the Acunetix Support Page