Configuring Additional Websites
By default, Acunetix 360 does not scan domains that are different from those of the Target URL. Therefore, when you scan http://example.com, if there is a link to http://api.example.com, Acunetix 360 will not follow and scan the website or links to http://api.example.com. Instead, it reports them as Out of Scope Links in the Knowledge Base Tab of the Technical Report.
In Acunetix 360, you can use the Additional Websites feature to specify which other websites you want to scan.
Additional Website fields
This table lists and describes the fields in the Additional Websites tab.
Click to add additional URLs. Two additional fields are displayed.
This is the URL of the additional website.
Enable to scan canonical URLs to prevent scanning duplicate pages. If this option is enabled, when the Acunetix 360 scanner detects a link to a canonical domain, such as http://www.example.com/blogs/foo-bar, it will be converted to http://example.com/blogs/foo-bar and scanned via this URL.
How to configure Additional Websites in Acunetix 360
- Log in to Acunetix 360.
- From the main menu, click Scans, then New Scan. The New Scan window is displayed.
- From the Scan Options section, select Additional Websites.
- Click New.
- In the URL field, enter the additional website.
- Enable Canonical, if required.
- Add as many Additional Websites as required.
- Click Launch.
Please note that you can only add websites that are allowed by your license.
The Scan Profile and Settings Used for the Additional Websites
For more information about configuring and managing Scan Profiles in Acunetix 360, see Overview of Scan Profiles.
Setting the Scan Scope
The configured Scan Scope settings do not apply for the Additional Websites. Instead the Whole Domain scan scope will always apply. This means that all of the detected pages and sub folders on the additional website will be scanned.
For further information, see Scan Scope.
Including and Excluding URLs
The configured Include/Exclude URLs apply for Additional Websites too. So, if an additional website's links contain exit or endsession keywords, they will be excluded from the scan.
For further information, see Writing Regular Expressions to Include/Exclude URLs.
The URL rewrite configuration also applies for Additional Websites. If the Heuristic URL rewrite technology is used, the scanner will try to automatically identify the URL Rewrites on the target website. If custom URL Rewrite rules are configured, they will also apply to Additional Websites as well.
Therefore if an Additional Website contains a link that matches the pattern configured above, for example, http://api.example.com/products/1, the URL Rewrite parameter(s) will be detected automatically.
For further information, see URL Rewrite Rules.
It is not possible to configure authentication settings for Additional Websites via the scan settings.
For further information, see Configuring and Verifying Form Authentication in Acunetix 360.
Reporting Scan Activity and Issues Identified in Additional Websites
The configured Additional Websites will have a node each in the Scan Summary list, as illustrated.
A new entry was also added to the reports, in which all the configured additional websites that were scanned will be listed.
The URLs in the reports are reported in full in the MIME Types node on the Knowledge Base tab, so that you can see which ones contain the issue.
For further information on Issues, see Viewing Issues in Acunetix 360.