Importing links from supported tools

The Importing links from supported tools feature enables you to add links to the Link Pool collated by Acunetix 360 scans during the Crawling stage. This means the scanner has a head start and achieves greater coverage during the Scan stage.

  • The Importing links from supported tools feature in Acunetix 360 enables you to add links to determine web pages that you want scanned.
  • You can also ensure that Acunetix 360 includes data already captured by using other tools into the scan.

For further information, see Importing links and API definitions for Acunetix 360.

Information

In Acunetix 360, you can upload a file of 10 MB size. If the file size is bigger than that, you can split the files into separate files to be able to upload the imported links.

What file types can be imported into Acunetix 360?

An Acunetix 360 scan can be fed using output from the following tools:

ASP.NET Project File (.csproj, .vbproj)

ASP.NET project files can be used in the previous version of ASP.NET, prior to ASP.NET Core. This project file can store resource links that are used in an ASP.NET project, for example JavaScript files, CSS files, and multimedia resources such as images or static contents.

You can add to the Acunetix 360 Link Pool by importing ASP.NET Project Files. In addition, if Acunetix 360 encounters a .csproj or .vbproj file during crawling, it will parse and extract new URLs from those files too.

Burp Saved Items

You can use Burp Suite to save links in order to add them to Acunetix 360 for vulnerability scanning.

Information

First, make sure that Burp is configured to listen to the proxy.

How to Export URLs from Burp
  1. Open Burp.
  2. Visit the URLs at the target website after configuring it to listen to the proxy.
  3. From the main ribbon, select Proxy > HTTP history.

  1. Right-click to select and save the targets, and select Save items. A dialog box is displayed.
  2. Enter a filename and select Save.

For further information on how to import links in Acunetix 360, see Importing links and API definitions.

Comma Separated Values

You can use an Excel document to create a list of URLs in a CSV file that you can import into a vulnerability scan. This is a manual process that lets you include URLs that are unlinked from the target website.

How to use Microsoft Excel to create a CSV Upload File
  1. Open Microsoft Excel.
  2. In a blank document, type each URL into a separate cell in one column.

  1. Save the document as a CSV file.

For further information on how to import links in Acunetix 360, see Importing links and API definitions.

Fiddler

Fiddler is a debugging proxy server application that captures HTTP and HTTPS traffic, and logs it for you to review. Since the program is able to capture the traffic, you can save the URLs to import into Acunetix 360 for vulnerability scanning. You can download the Fiddler Classic 4.0 via this link.

Information

First, ensure that Fiddler is configured to listen to the proxy.

How to configure Fiddler to capture HTTPS Connections
  1. Open Fiddler.
  2. From the main ribbon, select Tools > Options.
  3. From the Options window, select the HTTPS tab.
  4. From the HTTPS tab, select the Capture HTTPS CONNECTs and Decrypt HTTPS traffic.

  1. Select Yes to continue.
  2. From the Security Warning window, select Yes to continue.
  3. From the Add certificate to the Machine Root List? window, select Yes to continue.

Fiddler added its root certificate to the Machine Root list. Now, it is configured to capture HTTPS traffic. You can visit your target website so that Fiddler can capture the traffic to scan this website in Acunetix 360.

How to Export URLs from Fiddler
  1. Open Fiddler.
  2. Visit the URLs at the target website.
  3. From the Session List tab, select your targets.

  1. Right-click, and select Save > Selected sessions > in ArchiveZIP. A dialog box is displayed.
  2. Enter a filename and select Save.

For further information on how to import links in Acunetix 360, see Importing links and API definitions.

HTTP Archives

HAR (HTTP Archive) is a file format that logs session data between the client and the server. It is a JSON-formatted archive file that saves the information of all web responses and requests made with the browser, which helps detect performance issues. Since you can log your session, you can easily export URLs that you visited into Acunetix 360 for scanning.

Information

With browsers, you can save HAR files. No additional program is required. In this procedure, Google Chrome is used to create a HAR file.

Information

Make sure the Preserve Log box is checked and Network traffic (red dot) is logged.

Before visiting URLs, first delete the traffic already appearing in the window.

How to Export URLs from Chrome
  1. Open Chrome.
  2. Press F12 on your keyboard to open Developers tools and then select the Network tab.

  1. Visit the URLs at the target website.

  1. Right-click and select Save all as HAR with content. A dialog box is displayed.
  2. Enter a filename and select Save.

For further information on how to import links in Acunetix 360, see Importing links and API definitions.

I/O Docs

I/O Docs is a live, interactive documentation system for RESTful web APIs. When the method, resources, and parameters of APIs are defined in JSON format, I/O Docs will automatically generate a JavaScript client interface to test exposed API functions. URLs can be imported from I/O Docs files to feed the Acunetix 360 link pool.

Netsparker Session File

URL Importing allows you to upload a Netsparker Session File. You can upload a report file generated by Netsparker Enterprise or Netsparker Standard. The scanner identifies any URLs in these files and imports them into Acunetix.

How to import URLs as a Netsparker Session File from Acunetix 360
  1. Log in to Acunetix 360.
  2. From the main menu, select Scans > New Scan.

  1. On the New Scan page, select the Imported Links tab.
  2. From the Import Links drop-down, select Netsparker Session File, then upload the saved file.
  3. You can view the imported links when the upload is successful.

Postman Collections

Postman is an API testing tool that offers integration capacity with the CI/CD pipeline. It also helps you to create mock-up tests and API documentation.

You can create request collections and API test suites in Postman. You can also use request collections prepared in Postman in Acunetix 360 when you're auditing your web application or API security.

Information

Please note that Acunetix 360 supports the Collection Variables.

How to export URLs in Postman
  1. Open Postman.
  2. Create a request collection and requests individually. (If you already have collections, go to the next step.)
  3. Next to your request collection, click the ellipsis button to display the menu.

  1. Click Export.
  2. On the Export Collection window, select the required format, and select Export.

  1. In the window that opens, select a location, and click Save.

For further information on how to import links in Acunetix 360, see Importing links and API definitions.

RAML

The RESTful API Modeling Language (RAML) is a way to describe RESTful APIs so that both humans and computers can read them. It describes resources, methods, parameters, responses, and media types in a clear way. Providing a structured and clear format for API, RAML makes it easy to manage the entire API lifecycle. RAML can also describe those APIs that do not obey all the constraints of REST.

Open API

Open API is a technical specification that describes certain APIs. It allows humans and computers to discover and understand the capabilities of a service that does not require access to source code, additional documentation, or the inspection of network traffic.

Web Application Description Language

WADL (the Web Application Description Language) is an XML description of HTTP-based web services that a machine can read. Aiming to simplify and promote the reuse of web services based on the existing HTTP, WADL describes the resources provided by a service and the relationships between them.

Web Services Description Language

WSDL (Web Services Description Language) is an XML file that tells the client application what the web service does. It also provides all the information necessary to connect to the web service and use all the functionality provided by the web service.

WordPress REST API

WordPress is a popular open-source content management        system. With JSON (JavaScript Object Notation) format, WordPress REST API provides an interface for other websites and software to interact with your WordPress site in sending and receiving data.

For further information on how to import links in Acunetix 360, see Importing links and API definitions.


 
« Back to the Acunetix Support Page