Configuring Additional Websites
By default, Acunetix 360 does not scan domains that are different from those of the Target URL. Therefore, when you scan http://example.com, if there is a link to http://api.example.com, Acunetix 360 will not follow and scan the website or links to http://api.example.com. Instead, it reports them as Out of Scope Links in the Knowledge Base Tab of the Technical Report.
In Acunetix 360, you can use the Additional Websites feature to specify which other websites you want to scan.
Additional Website Fields
This table lists and describes the fields in the Additional Websites tab.
Click to add additional URLs. Two additional fields are displayed.
This is the URL of the additional website.
Enable to scan canonical URLs to prevent scanning duplicate pages. If this option is enabled, when the Acunetix 360 scanner detects a link to a canonical domain, such as http://www.example.com/blogs/foo-bar, it will be converted to http://example.com/blogs/foo-bar and scanned via this URL.
How to Configure Additional Websites in Acunetix 360
- Log in to Acunetix 360.
- From the main menu, click Scans, then New Scan. The New Scan window is displayed.
- From the Scan Options section, select Additional Websites.
- Click New.
- In the URL field, enter the additional website.
- Enable Canonical, if required.
- Add as many Additional Websites as required.
- Click Launch.
Please note that you can only add websites that are allowed by your license.
The Scan Profile and Settings Used for the Additional Websites
For more information about configuring and managing Scan Profiles in Acunetix 360, see Overview of Scan Profiles.
Setting the Scan Scope
The configured Scan Scope settings do not apply for the Additional Websites. Instead the Whole Domain scan scope will always apply. This means that all of the detected pages and sub folders on the additional website will be scanned.
Including and Excluding URLs
The configured Include/Exclude URLs apply for Additional Websites too. So, if an additional website's links contain exit or endsession keywords, they will be excluded from the scan.
For further information, see Writing Regular Expressions to Include/Exclude URLs.
You can add Imported Links which will be applied to the Additional Websites too. This setting allows you to specify pages that you would like to scan, which are not linked from anywhere on the website.
Imported Links Fields
This table lists and describes the fields in the Imported Links tab.
Specify the pages that you want to scan.
Select a file for importing links from the dropdown.
How to Import Links for Additional Websites in Acunetix 360
- Open Acunetix 360.
- From the Scans tab, click New Scan. The New Scan window is displayed.
- From the Scan options menu, select Imported Links. The Imported Links section is displayed.
- Specify pages:
- By manually entering the URLs in the Enter Links field
- By importing the URLs by uploading a supported file (e.g. a Fiddler file that includes, for each link, the URL, HTTP Request Header and Body) in the Import Links section:
- Click the dropdown to select a file for importing links
- Click Launch.
The URL rewrite configuration also applies for Additional Websites. If the Heuristic URL rewrite technology is used, the scanner will try to automatically identify the URL Rewrites on the target website. If custom URL Rewrite rules are configured, they will also apply to Additional Websites as well.
Therefore if an Additional Website contains a link that matches the pattern configured above, for example http://api.example.com/products/1, the URL Rewrite parameter(s) will be detected automatically.
For further information, see URL Rewrite Rules.
It is not possible to configure authentication settings for Additional Websites via the scan settings.
For further information, see Configuring and Verifying Form Authentication in Acunetix 360.
Reporting Scan Activity and Issues Identified in Additional Websites
The configured Additional Websites will have a node each in the Scan Summary list, as illustrated.
A new entry was also added to the reports, in which all the configured additional websites that were scanned will be listed.
The URLs in the reports are reported in full in the MIME Types node on the Knowledge Base tab, so that you can see which ones contain the issue.
For further information on Issues, see Viewing Issues in Acunetix 360.