Creating a new scan

Acunetix 360 enables you to begin scanning web applications immediately, by selecting the default scan settings. However, there are multiple, customizable scan options available. Each option is explained in the following sections.

For further details, see Overview of Scanning, Overview of Scan Policies, and Scheduling Scans.

Acunetix 360 New Scan Fields

This table lists and explains the fields in the New Scan window.

Field

Description

Target URL

This is the target URL of the website, including the path.

You can add a URL in the following formats:

Hostname: http://example.com/

IPv4: http://192.168.1.42/

IPv6: http://[fe80::8554:69c3:bb4:b28a]/

Scan Profile

This is the Scan Profile.

For further information, see Configuring Scan Profiles.

Acunetix 360 Scan Options Fields

The Scan Options section is divided into Scan Settings and Authentication. This section lists and explains the fields in the Scan Options section.

General

In this Scan Settings tab, you can configure the basic scanning options.

Field

Description

Scan Policy

The Scan Policy defines the scan settings and which security tests will be performed.

For further information, see Overview of Scan Policies and Scan Policy Editor.

Agent Selection

This is the type of Agent that will run the scan.

The options are: Dedicated or Group. If you select Group, the Preferred Agent field (next) changes to Preferred Agent Group.

This field is only available in Acunetix 360 (On-Premises).

For further information, see Agents in Acunetix 360 On-Premises.

Preferred Agent/Preferred Agent Group

The Agent is a service application that executes scans and informs the Acunetix 360 application.

Select an Agent or Agent Group.

This field is only available in Acunetix 360 (On-Premises) or if Agent Mode is selected as Internal in the Website Settings for scanning websites in Acunetix 360.

For further information, see Agents in Acunetix 360 On-Premises.

Report Policy

The Report Policy defines how scan results will be reported.

For further information, see Custom Report Policies.

Authentication Profiles

The Authentication Profile specifies which profile will be used for authentication during the scan. For further information, see Authentication Profiles.

This field is only available if you saved any authentication profile.

Custom Cookies

This contains any required cookies in the format cookiename=value.

The value must be URL encoded. Use semicolons (;) to separate multiple cookies.

Advanced Crawling Settings

This indicates how the scan should crawl the Target URL.

The options are:

  • Find and Follow New Links: This enables Acunetix 360 to find and follow new links in the crawled pages. By default, this option is enabled. Disabling this option could significantly impact the scan's coverage, resulting in missed vulnerabilities and links. So, it is highly recommended to keep this option enabled to ensure Acunetix 360's maximum scanning effectiveness.
  • Enable Crawl & Attack at the Same Time: This lets Acunetix 360 attack the web application and finds vulnerabilities while crawling is still running. By default, this feature is enabled, Disabling this option requires Acunetix 360 to wait for the crawling process to complete before it can begin the attack phase, potentially prolonging the scan duration.

Max Scan Duration

This indicates the maximum length of the scan. Drag the slider as required.

If the scan is not completed within this time, it is automatically terminated.

In the New Group Scan and Scheduling Group Scan windows, there are checks to:

  • Customize Max Scan Duration – Enable this setting to configure the maximum scan duration in hours. If your scan isn't completed in this time, it will be automatically terminated.
  • Customise Scan Time Windows – Enable this setting to configure the time periods during which scanning is allowed. Scanning is paused during disallowed hours.

Scan Tags

This option lets you enter a name or value to group website(s). Tags can consist of a name and a value, separated with a colon character; that is name: value. Or, they can be a single word. For further information about the scan tags, see Tagging scans in Acunetix 360.

Comments

This option allows users to add a comment to their scan during a launch. This comment is displayed on the scan report.

Scan Scope

In this Scan Settings tab, you can configure the Scan Scope.

In addition, you can:

  • Enter a list of Regular Expressions to Exclude or Include URLs
  • Select whether the scanner should Include or Exclude the RegEx patterns
  • Specify Disallowed HTTP Methods

For further information, see Configuring the Scan Scope.

Additional Websites

In this Additional Websites tab, you can add additional links to domains that need to be scanned, other than the domain of the target URL.

For further information, see Configuring Additional Websites.

Imported Links

In this Imported Links tab, you can add any pages that you also want to scan, that are not linked from anywhere on the target website.

For further information, see Importing Links.

URL Rewrite

In this Scan Settings tab, you can configure URL Rewrite rules for the scan.

  • Heuristic mode, to automatically detect the URL
  • Custom mode, to configure the URL Rewrite rules for a faster scan

For further information, see URL Rewrite Rules.

Pre-Request Script

In this Scan Settings tab, you can configure Pre-Request Script options.

This is an Acunetix 360 On-Premises only feature.

Field

Description

Enabled

Select to enable Pre-Request Script. Once enabled, the Presets dropdown is activated.

Presets

This allows you to select the HMAC option and view the relevant script.

Test Script

This allows you to test the new script.

Scan Time Window

In this Scan Settings tab, you can configure the time periods in the week during which scanning is allowed and paused.

For further information, see Scan Time Window.

Notifications

In this Scan Settings tab, you can configure notifications to instantly inform you about the status of a web application security scan, or when specific vulnerabilities are detected. You also manage notification priorities and test a notification.

For more information, see Managing Notifications.

PCI Scan

In this Scan Settings tab, you can conduct a PCI Scan to receive approved PCI compliance reports for your public websites.

For further information, see PCI Scanning in Acunetix 360.

Form Authentication

In this Authentication tab, you can configure Form Authentication options.

For more information, see Configuring and Verifying Form Authentication in Acunetix 360.

Basic NTLM/Kerberos

In this Authentication tab, you can configure Basic, Digest, NTLM/Kerberos and Negotiate authentication options.

For further information, see Configuring Basic, Digest, NTLM/Kerberos and Negotiate Authentication.

Header Authentication

In this Authentication tab, you can configure HTTP Header authentication.

For further information, see Configuring Header Authentication.

Client Certificate

In this Authentication tab, you can configure Client Certificate authentication.

For further information, see Configuring Client Certificate Authentication.

OAuth2

In this Authentication tab, you can configure OAuth2 authentication.

For further information, see Configuring OAuth2 Authentication.

How to Scan a Website in Acunetix 360

In Acunetix 360, there are two ways to launch a scan:

  • You can launch a scan from a shortcut located next to [Your Name].

  • You launch a scan from the main menu.

Before scanning your first website in Acunetix 360, make sure you have added a website (Adding a Website in Acunetix 360).

  1. From the main menu, click Scans, then New Scan. The New Scan window is displayed.

  1. In the Target URL field, enter the URL.
  2. Complete the remainder of the fields, as described in Acunetix 360 New Scan Fields and Acunetix 360 Scan Options Fields.
  3. Click Launch.
How to Run a Group Scan in Acunetix 360
  1. From the main menu, click Scans, then New Group Scan. The New Website Group Scan window is displayed.

  1. From the Website Group dropdown, select the website group you want to scan.
  2. Complete the remainder of the fields, as described in How to Scan a Website in Acunetix 360.
  3. Click Launch.

You can also launch Group Scans from Manage Groups window (click Scan).

How to Run an Incremental Scan in Acunetix 360
  1. From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
  2. Next to the relevant scan, click Report. The Scan Summary window is displayed.

  1. From the Scan dropdown, select Incremental Scan. The Incremental Scan window is displayed.
  2. Click Launch.
How to Run an Incremental Group Scan in Acunetix 360

First, make sure you have already run a Group Scan.

  1. From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
  2. Next to the Group Scan for which you want to run an incremental scan, click the Scan dropdown, and select Incremental Scan. The Incremental Scan window is displayed.

  1. If required, select the Customize Max Scan Duration checkbox and configure the settings.
  2. Click Launch.
How to Run a Retest in Acunetix 360
  1. From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
  2. Next to the scan for which you want to run a Retest, click the Scan dropdown, and select Retest. The Retest Scan window is displayed.

  1. Click Launch.
How to Run Bulk Operations on a Scan in Acunetix 360
  1. From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
  2. Next to the scans for which you want to run a bulk operation, click the checkbox.
  3. Click the Bulk dropdown, and select the bulk operation you want.

  1. A dialog is displayed asking you to confirm your choice.

  1. Click Delete, Cancel, or Pause as required.
How to Cancel or Pause a Scan in Acunetix 360
  1. Launch a scan in Acunetix 360.
  2. If you want to cancel the scan, click Cancel.

The Cancel Scan dialog is displayed.

  1. Click Yes, cancel it.
  2. If you want to simply pause the scan instead, select the Cancel dropdown and click Pause.

The Pause Scan dialog is displayed.

  1. Click Yes, pause it.

 

« Back to the Acunetix Support Page