Configuring Acunetix to include only specific portions of a website
There are situations where you may need to configure Acunetix to include only specific portions of the web application for crawling and scanning. This might be required if the scope of the scan is to test a particular subset of a website or web application. You can achieve this in one of the following ways:
- Configure Acunetix to start a scan from a particular directory of your website
- Use an import file that Acunetix will use as a list of URLs to scan, simultaneously enabling the option "Restrict scans to import files"
Starting a Scan from a Directory
To configure Acunetix to start a scan from a particular directory of your website, you can create a target that specifies the intended directory on the site — for example:
Acunetix will only scan the /AJAX/ directory of the site and the files and directories below it. Acunetix will not scan any URLs which are above the /AJAX/ path.
🔍 Acunetix Targets - URL format
For this to work correctly, the URL needs to end in a forward slash (/). If you do NOT include the forward slash (/), Acunetix will start the scan from the parent directory and will therefore include anything on the same level as the /AJAX/ directory.
Using Import Files
You can use one or more import files to very precisely list which URLs Acunetix will scan. For example, you can achieve this as follows:
- Create a Target for your website's main URL — for example: http://testphp.vulnweb.com; with description "Test PHP Site (Artists & Categories)"
- Create an import file with filename "artists_categories.txt" as follows:
- In the Target Settings page for your new target:
- Scroll down to the "Import Files" panel
- Enable the "Restrict scans to import files" option
- Add the "artists_categories.txt" file to the list of import files
- Click on the "Save" button at the top of the Target Settings page
With this configuration, you have restricted the Acunetix scanner to check ONLY the URLs you have specified in your import file(s). You can think of this approach as the equivalent of switching off the crawler function.
See also: Configuring Acunetix to exclude scanning a portion of website