Acunetix Scan Statuses
When you initiate a scan using Acunetix, the product goes through various stages, and different statuses are assigned to reflect the progress and outcome of the scan. A status is assigned as soon as the scan starts. This document explains the statuses you might encounter during a scan.
Each scan has two statuses:
- The first status shows the progress of the scan. This can be Queued, Starting, In Progress, Aborted, Completed, and Failed. In this case, Failed means that the scanner never got to complete the scan, and usually is the result of a scanner failure.
- The second status is used to indicate if the scan encountered any issues whilst scanning. This is indicated by a warning or error icon next to the status, and more details of the failure can be found in the scan’s Activity window and Events Page. For example, if we fail to connect to the site, the scan will be marked as Completed, but it will show a warning message stating that we could not connect.
Acunetix scan status descriptions
Status name | Description |
Scheduled | The scan has been scheduled and is waiting for launch. It is set to start at a specific time in the future. |
Queued | The scan is in a queue waiting to be processed. If there are excluded hours set for the Target, the scanner waits until those hours pass before starting the scan. |
Starting | The scan is in the process of starting. |
In progress | The scan is actively running and analyzing the Target for vulnerabilities. |
Aborting | The user has clicked Cancel, and the system is in the process of stopping the scan. |
Aborted | The scan has been stopped manually by the user, or it has encountered 25 consecutive network errors. For more information refer to Scans and network errors. |
Pausing | The user has clicked Pause, and the scan is in the process of being temporarily halted. |
Paused | The scan has been paused and is temporarily halted. |
Resuming | The user clicked Resume, and the scan is in the process of being restarted. |
Resumed | The scan has been resumed after being temporarily paused. |
Completed | The scan has finished. The scan can be marked as Completed if the pre-scan validation fails. |
Completed with error | The scan has finished, but some issues were encountered during the process. Check the Scan’s Activity log, which will have more information on the error encountered. The most common errors are listed in the rest of this article. |
Completed with warning | The scan has finished with warnings that indicate potential issues needing attention. Check the Scan’s Activity log, which will have more information on the warning. The most common errors/warnings are listed in the rest of this article |
Failed | The scanner encountered issues and failed to run successfully. Check the Scan’s Activity log, which will have more information on the error encountered. The most common errors are listed in the rest of this article. The Scan’s Events tab will have more information on why the scan has failed. |
Scan error activity messages
Information messages
These messages from the scanner are provided for information purposes only and do not usually necessitate any further actions.
Message | Further information |
Initial request to [web address] was redirected to [web address] | The first request done to the Target’s address was redirected to another address on the same site and same protocol (http or https). |
Start URL changed (initial request to [web address] was redirected to [web address] | The first request done to the Target’s address was redirected to another address on the same site with a different protocol. This can happen when the address being scanned is http, and the first request is redirected to https. |
Scanning has resumed | This message is shown when the scan has been resumed from a paused state |
No GraphQl schema detected | The scanner has tried to query a GraphQL API, however, it has not managed to do so. This usually happens when introspection is not enabled. You can either enable introspection on the GraphQL API or import the GraphQL schema as an import file in the Target's configuration |
AcuSensor used for this scan | AcuSensor has been configured for the site, and is being used in the scan. |
Windows Defender used for this scan | Indicates that Windows Defender is used to detect malware on the site. |
Warning messages
Warning messages alert you to potential issues that require attention, signaling a moderate level of concern. While not urgent, prompt action is advised to mitigate the risk of future problems or complications.
Message | Further information |
Antivirus not found | No supported anti-virus engine has been found running on the machine running the Acunetix scan. The website cannot be scanned for malware. Acunetix supports using Windows Defender on Windows OS and ClamAV on Linux. More information can be found at https://www.acunetix.com/support/docs/wvs/installing-malware-scanning/ |
AcuSensor was not detected on ${host} | Although the IAST AcuSensor has been configured on the Target, the scan did not manage to communicate with the IAST sensor.
|
Automatic login failed for ${host} | Autologin has been configured for the Target, but no login form was found on the server.
More info on how to configure Site Login at https://www.acunetix.com/support/docs/wvs/configuring-targets/#h.kuyxv7dnofuh |
Client certificate missing for host: [web address] | The Target requires a Client Certificate in order to login to the web site. Either no Client Certificate was configured for the Target, or the scanner did not manage to log in using the Client Certificate configured for the Target. |
HTTP Authentication required on: [web address] | While scanning the site, the scanner encountered HTTP Authentication at the address shown in the message. In order for the scanner to scan the restricted area, you will need to configure HTTP Authentication from the Target's configuration > HTTP Authentication. More info on how to configure HTTP Authentication at https://www.acunetix.com/support/docs/wvs/http-authentication/ |
Initial request to site returned status 4xx or 5xx | The first HTTP request to the Target returned a 4xx or a 5xx. The specific error provides further indication of what is happening and might indicate that the website is not working, or that the Target requires further configuration to be scanned successfully. Check the Target's address, and ensure that the scanner can connect to the Target configured. This usually indicates that the website is expecting additional data, such as an HTTP Authentication, custom header,s or a custom cookie. These can be configured in the Target's configuration. The more common errors are shown below The scanner will not be able to proceed with the scan when such errors are encountered. |
Initial request to site returned status 400: Bad Request | The first HTTP request to the Target returned a 400, Bad Request. Check the Target's address, and ensure that the scanner can connect to the Target configured. This usually indicates that the web site is expecting additional data, such as a custom header or a custom cookie. These can be configured in the Target's configuration. The scanner will not be able to proceed with the scan when this error is encountered. |
Initial request to site returned status 401: Unauthorized | The first HTTP request to the Target returned a 401, Unauthorised. Check the Target's address, and ensure that the scanner can connect to the Target configured. This error usually indicates that HTTP Authentication needs to be configured to connect to the web server The scanner will not be able to proceed with the scan when this error is encountered. |
Initial request to site returned status 403: Forbidden | The first HTTP request to the Target returned a 403, Forbidden. Check the Target's address, and ensure that the scanner can connect to the Target configured. This message indicates that the Target is not allowing the connection from the scanner. Check if the scanner's address needs to be whitelisted, or if additional data needs to be added to the requests done by the scanner such as Custom HTTP Headers or Custom Cookies. The web server might also require HTTP Authentication. All of these can be configured from the Target's configuration The scanner will not be able to proceed with the scan when this error is encountered. |
Initial request to site returned status 404: Not Found | The first HTTP request to the Target returned a 404. Check the Target's address, and ensure that the scanner can connect to the Target configured. The scanner will not be able to proceed with the scan when this error is encountered. |
Initial request to site returned status 429: Too Many Requests | The initial HTTP requests to the Target returned a 429, Too Many Requests. This usually happens when the Target is configured to limit connections which are making too many requests. The scanner would need to be whitelisted from such a configuration. The scanner will not be able to proceed with the scan when this error is encountered. |
Initial request to site returned status 500: Internal Server Error | The first HTTP request to the Target returned a 500, Internal Server Error. Check the Target's address, and ensure that the scanner can connect to the Target configured. This usually indicates an error within the web application. The scanner will not be able to proceed with the scan when this error is encountered. |
Initial request to site returned status 502: Bad Gateway | The first HTTP request to the Target returned a 502 Bad gateway. Check the Target's address, and ensure that the scanner can connect to the Target configured. This usually indicates that a proxy server or gateway did not receive a timely response from the website The scanner will not be able to proceed with the scan when this error is encountered. |
Initial request to site returned status 503: Service Unavailable | The first HTTP request to the Target returned a 503, Service Unavailable. Check the Target's address, and ensure that the scanner can connect to the Target configured. This error usually indicates a temporary or permanent error on the web server and might be caused by temporary overload or the website is down for maintenance. The scanner will not be able to proceed with the scan when this error is encountered. |
Login forms were detected but no LSR or Autologin are configured. | While scanning the site, the scanner identified login forms, however, no authentication information was provided. In order for the scanner to scan the restricted area, you will need to configure login details from the Target's configuration > Site Login. More info on how to configure Site Login at https://www.acunetix.com/support/docs/wvs/configuring-targets/#h.kuyxv7dnofuh |
Non Responsive | The server was not responsive, and the scan cannot be done. Check the Target's address, and ensure that the scanner can connect to the Target configured. This message usually indicates a network-level error, such as Timeout when connecting to the website, or that the network connection has been closed while trying to connect to the website The scanner will not be able to proceed with the scan when this error is encountered. |
Outdated AcuSensor detected | The Target has AcuSensor configured. This has been correctly detected on the Target, however the version detected is not the latest. Update the IAST sensor on the Target. More info on how to update the IAST sensor can be found at [ADDRESS] |
Some imported URLs are out of scope of the target | An import file has been configured for the Target from the Target's configuration > Import Files / API Definitions, however, some of the imported addresses are out of scope for the Target. This message is shown when some of the imported URLs link to a different site. |
Start URL changed to [web address] (target was not responsive on 80) | The Target is configured as an http Target. However, the scanner did not manage to connect to the target on port 80. When this happens, the scanner will try to connect to the Target using https on port 443. |
Error messages
Error messages indicate that a critical issue has occurred, preventing the Scanner from functioning as intended. Immediate attention and resolution are typically necessary to restore normal operation and prevent further disruptions.
Message | Further information |
Auto Detect import failed. File not supported: [web address] | The Target is configured with an import file. However, the scanner has failed to use the import file, since it could not correctly detect the format of the import file. Check that the import file is valid and that it is a supported format. Then try to upload it again to the Target's configuration. |
Burp Items import failed | The Target is configured with a Burp import file. However the scanner has failed to use the imported Burp file. Check that the Swagger import file is valid, and try to upload it again to the Target's configuration once you have fixed it. |
Business Logic import failed | A Business Logic Recording has been configured for the Target, however, the scanner encountered errors when trying to automatically replay the recording. From the Target's configuration, edit the Business Logic Recording and try to replay the actions. Confirm that all the login actions can be replayed and that the replay does not stop halfway through. This error will hinder the scanning of the site since the actions configured in the Business Logic Recording cannot be replayed. |
Failed to initialize OAuth | The Target is configured to use Oauth to login to the site, however, the scanner is not able to login using the Oauth details provided. Confirm the Target’s Oauth configuration and try to scan the target again. |
Failed to obtain access-token | OAuth has been configured for the Target, however, the scanner did not manage to obtain a valid access-token using the information provided. From the Target's configuration > Site Login, confirm the OAuth configuration. |
GraphQl import failed | The Target is configured with a GraphQL import file. However the scanner has failed to use the imported GraphQL file. Check that the GraphQL import file is valid, and try to upload it again to the Target's configuration once you have fixed it. |
GraphQl import failed. Only JSON format is accepted for GraphQl Schema | The Target is configured with a GraphQL import file. However, the scanner has failed to use the imported GraphQL file, since the GraphQL import file needs to be in JSON format. Check that the GraphQL import file is valid, and try to upload it again to the Target's configuration once you have fixed it. |
Initial request ([web address]) error: [Error number]: SSL routines:: [Additional error information] | Error encountered while establishing an SSL connection to the website. Ensure that you can connect to the website using a normal browser. The scanner will not be able to proceed with the scan when this error is encountered. |
Initial request ([web address] error: Timeout | The server was not responsive, and the scan could not be done. Check the Target's address, and ensure that the scanner can connect to the Target configured. This message indicates that the scanner is encountering a timeout when trying to connect to the website. The scanner will not be able to proceed with the scan when this error is encountered. |
Initial request ([web address] error: Cannot connect | The server was not responsive, and the scan could not be done. Check the Target's address, and ensure that the scanner can connect to the Target configured. This message indicates that the scanner is encountering a problem when trying to connect to the website. The scanner will not be able to proceed with the scan when this error is encountered. |
Initial request ([web address] error: Unexpected close | The server closed the network connection, and the scan cannot be done. Check the Target's address, and ensure that the scanner can connect to the Target configured. This message indicates that the server closed the connection when trying to connect to the website. The scanner will not be able to proceed with the scan when this error is encountered. |
Initial request ([web address] error: DNS lookup failed. | The scanner cannot connect to the web server because the DNS lookup of the provided address has failed. Check the Target's address, and ensure that the scanner can connect to the Target configured. The scanner will not be able to proceed with the scan when this error is encountered. |
Initial request ([web address] error: Invalid or restricted address | This error can occur on Acunetix Online when the Target's address is invalid or restricted. The scanner will not be able to proceed with this scan when this error is encountered. Check the Target's address before proceeding with scanning the Target again. |
Postman Collection import failed: [ERROR] | The Target is configured with a Postman Collection import file. However the scanner has failed to use the imported Postman Collection. The error will provide further indication of why this is happening. |
Scanning of ${host} was aborted (target was not responsive) | The server was not responsive, and the scan cannot proceed. Check the Target's address, and ensure that the scanner can connect to the Target configured. This message indicates that the server became not responsive during the scan. The scanner will not be able to proceed with the scan when this error is encountered. |
Swagger Import Failed | The Target is configured with a Swagger import file. However the scanner has failed to use the imported Swagger file. Check that the Swagger import file is valid, and try to upload it again to the Target's configuration once you have fixed it. |
The login sequence for ${host} is invalid | A login sequence has been configured for the Target, however, the scanner could have encountered errors when trying to automatically replay the sequence. From the Target's configuration, edit the login sequence and try to replay the login actions. Confirm that all the login actions can be replayed and that the replay does not stop halfway through. Proceed to confirm the restricted links, and that all the actions which can invalidate the session are configured as restricted links. Finally, confirm that the session detection pattern is correctly configured for the login sequence. You can use the "Check Pattern" button to automatically confirm the Session Validation Pattern. Not that you first need to replay the login actions for the validation to work correctly. |