How to Scan for Specific Vulnerabilities
If you do not need to perform a full scan, you may choose from the list of Scan Types to run against a Target. Scan Types are a logical grouping of tests that test for specific classes of vulnerabilities such as SQL injection or Cross-Site Scripting tests which you can use to reduce the scope of the tests the scanner will run during the scan.
You may either use the default Scan Types or create your own. The Scan Type to run a scan with may be selected upon launching a new Scan. A single Target may be scanned with several Scan Types, several times. The following are the default Scan Types included with Acunetix.
- Full Scan - Use the Full Scan profile to launch a scan using all the checks available in Acunetix.
- High Risk Vulnerabilities - The High Risk Alerts scanning profile will only check for the most dangerous web vulnerabilities.
- Cross-Site Scripting Vulnerabilities - The Cross-Site Scripting scanning profile will only check for Cross-Site Scripting vulnerabilities.
- SQL Injection Vulnerabilities - The SQL Injection scanning profile will only check for SQL Injection vulnerabilities.
- Weak Passwords - The Weak Passwords Scanning profile will identify forms which accept a username and password and will attack these forms.
- Crawl Only - The crawl only scan will only crawl the site and builds the structure of the site without running any vulnerability checks.
- Network Scan - Use the Network Scan (Full and fast) profile to launch a scan using the OpenVAS engine inside your network to scan network services that are not available from the outside but still may be subject to internal threats.
- Malware Scan - Use the Malware Scan profile to launch a scan that will only check links and scripts files on the Target (or accessed by the Target) for malware using the Anti-Virus (Windows Defender or ClamAV) on the Acunetix Machine. Malware Scanning is done when scanning a Targeting using Full Scans. When installed on Windows, Acunetix automatically uses Windows Defender, which is pre-installed with Windows and does not require configuration. When installed on Linux, Acunetix uses ClamAV. You will need to install ClamAV separately and Acunetix will automatically use it to scan for malware.
- New Web Vulnerabilities - If you have upgraded from a previous version of Acunetix, your new version may be able to detect new types of vulnerabilities which your previous version could not. This scan profile will scan for all the vulnerabilities that your previous version was not able to scan for.
Custom Scan Types
While the default Scan Types are enough for most use cases, sometimes you may need to fine-tune exactly which tests Acunetix runs. This can be achieved through custom Scan Types. To create a custom Scan Type, navigate to the Scan Profiles page and click the Add New Profile button. Scan Types are organized by type of test, and you can also search for specific vulnerability tests which you wish to run.