The web server logs will show your IP address and all the attacks made by Acunetix. If you are not the sole administrator of the website or web application, please make sure to warn other administrators before performing a scan. Some scans might cause a website to crash, requiring a restart of the website.
🔍 Authorization to Scan
Do NOT scan a website without proper authorization!
After configuring your Targets, you are ready to launch Scans and start identifying any vulnerabilities that exist in the web applications. There are multiple ways to start a Scan, which include:
- From the Targets list, select the Targets to scan, and click the Scan button
- From within the Scanning Options dialog, configure the options to be used for the scan, then click the "Create Scan" button
- Scan Type - Choose between Full Scan or a scanning profile which will scan for specific vulnerabilities, such as High Risk Vulnerabilities only. You can read more about Scan Profiles here.
- Report - You can request that a report is automatically generated after the scan is completed. Here is a description of all the Reports
- Schedule - Select if the scan should start instantly, or if the scan should be scheduled for a future date / time. You can also configure recurrent scans.
- Click the "Create Scan" button to launch the scan.
Interaction with a Scan in Progress
While most of the scanning procedure is fully automated, you may have configured a Login Sequence for a target that may require some Manual Intervention. Manual Intervention is typically required when a target employs more sophisticated mechanisms to protect the login process – some examples would be CAPTCHA, Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA), and other one-time password (OTP) mechanisms.
When you are performing a scan for such a target, Acunetix will pause and prompt you for your Manual Intervention with a popup notification:
Click on the Bell (notifications) icon to expand the notifications list, and click on "Resolve this issue" in the Manual Intervention required notification.
The LSR will open up, and will automatically perform all the recorded actions until the required Manual Intervention. Now you can perform the necessary actions which the LSR requires human interaction for, and click on the "Close" button at the bottom of the LSR window.
The LSR will continue to execute the remaining login actions, and the remainder of the scan can proceed automatically.