How to edit the Acunetix settings.xml

The most common Acunetix settings can be configured from the Acunetix user interface, usually from within the settings of each target. The more advanced settings are found in the settings.xml file, which you can find in:

  • Windows: C:\ProgramData\Acunetix\shared\general\settings.xml
  • Linux: /home/acunetix/.acunetix/data/general/settings.xml
  • MacOS: /Applications/Acunetix.app/Contents/Resources/data/general/settings.xml

Advanced settings that you can find in the settings.xml file include:

  • File extensions that should not be processed by Acunetix (e.g. avi)
  • HTTP headers to be manipulated by the scanner
  • Parameters that should be excluded
  • Ad blocker settings
  • Session timeout
  • HTTP cache
  • Various scanning thresholds
  • Default values for HTTP form inputs

There are situations where you may need to edit one of these settings or introduce your own settings. You can do it by creating a file called custom_settings.xml and adding your custom settings in this new file. When doing this, you need to replicate the XML structure of the original settings.xml file.

The custom_settings.xml file should be created in one of the following locations:

  • Windows: C:\ProgramData\Acunetix\shared\general\custom_settings.xml
  • Linux: /home/acunetix/.acunetix/data/general/custom_settings.xml
  • MacOS: /Applications/Acunetix.app/Contents/Resources/data/general/custom_settings.xml

Although you can edit the settings.xml file directly, you should avoid it since the settings.xml file will be overwritten when Acunetix is upgraded. On the other hand, the custom_settings.xml file is retained when upgrading.

Example: Adding FormInput parameters for another language

If you are planning to scan a website in Spanish, you can enhance the accuracy of the Acunetix scanner by adding FormInput parameters to match Form field labels in Spanish. We could add the following lines to the <Settings><ScanSettings><HTMLForms><FormURL> section:

<FormInput enabled="1" name="*nombre*" value="${alpharand}" length="-1"></FormInput>

<FormInput enabled="1" name="*apellido*" value="${alpharand}" length="-1"></FormInput>

…allowing the scanner to match Form fields for name and surname (in Spanish) respectively.

 

« Back to the Acunetix Support Page