Targets are the websites and web applications that you would like to scan using Acunetix. These will need to be configured in Acunetix before they can be scanned. Once configured, a Target can be scanned as often as required.
Change to the Targets page to configure a new website to scan.:
- From the Targets’ page, select 'Add Target'.
Screenshot - Add Target
- Provide the address of the web site
- Optionally, enter a short description that will allow you to easily identify this target.
- Click ‘Add Target’ when done.
- You will be taken to the Target’s options, where you can configure other options if needed.
You may need to scan restricted areas within the web application configured as a Target in Acunetix. The information used to access the restricted area can be configured from the Site Login options found in the General Settings within the Target's configuration.
Screenshot - Form-based Authentication - Automated Login
In most cases, you can select to have Acunetix try to auto-login into the site. This will work for most web applications which use a simple login process. You need to provide the Username and Password to access the restricted area. The scanner will automatically detect the login link, the logout link and the mechanism used to maintain the session active.
Screenshot - Form-based Authentication using Login Sequence Recorder
For more complex web applications, which might be using a more elaborate login mechanism, you would need to Launch the Login Sequence Recorder and record the login sequence (*.lsr file), which can then be uploaded and saved with your Target settings. Information on how to use the Login Sequence Recorder can be found at http://www.acunetix.com/blog/docs/acunetix-wvs-login-sequence-recorder/
Generating and Installing AcuSensor
AcuSensor improves the scan results provided by Acunetix by being able to identify all the pages on your website, increases the information about the vulnerabilities detected and decreases false positives. Check the previous section on how to install AcuSensor.
For each Target, you can configure other options, including:
- Crawling options, such as a custom User-Agent
- Paths to be excluded when scanning the specific target
- HTTP Authentication
- Client Certificates
- Custom Headers
- Custom Cookies
- List of Allowed hosts, which will be scanned when scanning the specific Target. Note that these need to pre-configured as separate Targets beforehand.