Configuring Scan Profiles
Acunetix installs with a default set of Scan Profiles, which allow you to scan for specific types of vulnerabilities. Scan Profiles (or Scan Types) are logical groupings of checks that Acunetix performs to scan for a specific category of vulnerabilities (such as Cross-Site Scripting, SQL Injection, etc.). Below is a list of scanning types available in Acunetix with a short description about each:
- Full Scan - Use the Full Scan profile to launch a scan using all the checks available in Acunetix.
- High Risk Vulnerabilities - The High Risk Alerts scanning profile will only check for the most dangerous web vulnerabilities.
- Cross-Site Scripting Vulnerabilities - The Cross-Site Scripting scanning profile will only check for Cross-Site Scripting vulnerabilities.
- SQL Injection Vulnerabilities - The SQL Injection scanning profile will only check for SQL Injection vulnerabilities.
- Weak Passwords - The Weak Passwords Scanning profile will identify forms which accept a username and password and will attack these forms.
- Crawl Only - The crawl only scan will only crawl the site and builds the structure of the site without running any vulnerability checks.
- Network Scan - Use the Network Scan (Full and fast) profile to launch a scan using the OpenVAS engine inside your network to scan network services that are not available from the outside but still may be subject to internal threats.
- Malware Scan - Use the Malware Scan profile to launch a scan that will only check links and scripts files on the Target (or accessed by the Target) for malware using the Anti-Virus (Windows Defender or ClamAV) on the Acunetix Machine. Malware Scanning is done when scanning a Targeting using Full Scans. When installed on Windows, Acunetix automatically uses Windows Defender, which is pre-installed with Windows and does not require configuration. When installed on Linux, Acunetix uses ClamAV. You will need to install ClamAV separately and Acunetix will automatically use it to scan for malware.
- New Web Vulnerabilities - If you have upgraded from a previous version of Acunetix, your new version may be able to detect new types of vulnerabilities which your previous version could not. This scan profile will scan for all the vulnerabilities that your previous version was not able to scan for.
If you need to be more granular in your scans, you can create your own custom scanning profiles which check for specific vulnerabilities. Proceed as follows:
- Click the "Add New Profile" button.
- Provide a name for the profile.
- Select the vulnerabilities as needed. You can search for vulnerabilities using the search field. You can also click on the folder icons to expand the folders.
- Click Save when done.
When starting a new scan, you can choose your custom scanning profiles in the Scan Type selection.