IMPORTANT: Do NOT scan a website without proper authorization!
How to launch a scan
After configuring your Targets, you are ready to launch scans and start identifying any vulnerabilities that exist in the web applications. There are multiple ways to start a scan:
- From the Targets list: Select Targets to scan, then click the Scan button.
- From Target Settings: Click Scan, configure the options to be used for the scan, then click Create Scan.
- Scan Profile: Choose between Full Scan or a scanning profile which will scan for specific vulnerabilities, such as Critical Risk Vulnerabilities only. For more information about Scan Profiles, refer to Configuring Scan Profiles.
- Report: You can request that a report is automatically generated after the scan is completed. For more information about the reporting options, refer to Types of Acunetix Reports.
- Schedule: Select if the scan should start instantly or be scheduled for a future date / time. You can also configure recurrent scans.
Interaction with a Scan in Progress
While most of the scanning procedure is fully automated, you may have configured a Login Sequence for a target that may require some manual intervention. Manual intervention is typically required when a target employs more sophisticated mechanisms to protect the login process – some examples would be CAPTCHA, Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA), and other one-time password (OTP) mechanisms.
When you are performing a scan for such a target, Acunetix will pause and prompt you for your manual intervention with a popup notification: Some scans require manual intervention. Check notifications.
To resolve this:
- Click on the Bell (notifications) icon to expand the notifications list.
- Click Resolve this issue in the manual intervention required notification.
- The Login Sequence Recorder (LSR) will open and automatically perform all the recorded actions until the required manual intervention. Now you can perform the necessary actions which the LSR requires human interaction for, then click Close at the bottom of the LSR window.
The LSR will continue to execute the remaining login actions and the remainder of the scan can proceed automatically.