Integrating Acunetix with Mantis

Integrating Acunetix with Mantis is a 4-step process:

1. Prepare an API Token in Mantis for communication with Acunetix
2. Configuring Acunetix for Integration
3. Configuring a Target to Report Issues to your Issue Tracker
4. Submitting Vulnerabilities to Mantis

Prerequisites

Before successfully integrating Acunetix with Mantis, ensure you have completed the following preparations:

• Have a Mantis account.
• Create a project; typically, this would contain bug reports or issues for the Target Web Application.
• Generate an API Token to secure the communication channel between Acunetix and Mantis.
• If using Acunetix Online, ensure that your Mantis system allows incoming API requests from online.acunetix.com or app.invicti.com (For EU-based customers: app-eu.invicti.com).

Prepare your Mantis account for Integration

If you already have a project in Mantis that you want to use to hold issues generated by Acunetix scans, then you can skip to creating an API token.

Create a Project

1. From your Mantis sidebar menu, select Manage.

2. Select the Manage Projects tab.
3. In the Projects panel, click Create New Project.

4. In the Add Project panel:

• Enter a Project Name.
• Enter a description for the project.
• In the case of this example, you would leave the other fields at their default values.
• Click Add Project.

Create an API Token for Acunetix Integration authentication

1. From your Mantis profile dropdown, select My Account.

2. Select the API Tokens tab.
3. In the Create API Token panel:

• Set the Token Name field to Acunetix Integration (This is just a name to remind you of its use).
• Click Create API Token.

4. Ensure you keep a copy of the Token, as it cannot be retrieved after exiting the page. If you lose the Token, you will need to create a new one and repeat the process.

Configuring Acunetix for Integration

Prerequisites

Before successfully integrating Acunetix with Mantis, ensure you have completed the following preparations:

• Have a project; typically, this would contain the issues for the Target Web Application.
• Generate an API Token to secure the communication channel between Acunetix and Mantis for your Target's project.

• In the Acunetix UI, click Issue Trackers in the sidebar
• Click Add Issue Tracker
• Set the Name to describe the integration – for this example, we have used Mantis Issues

• Select the Target Groups that will have access to this issue tracker configuration:

• Select the proxy settings which will be used to communicate with this issue tracker:

• The default is to use the Acunetix general proxy settings
• Use the No Proxy setting to avoid using a proxy when communicating with this issue tracker

• Use the Custom setting to use proxy settings specifically for communicating with this issue tracker. Specify the protocol, proxy address and port and optionally username and password to be used to connect to the proxy server.

• Select "Mantis" from the dropdown labelled "Platform"
• Set the URL to the base URL for your Mantis deployment — in this example "http://tools.example.local/mantisbt"
• Insert your Mantis API Token into the "Token" field
• Click on "Test Connection" - you should receive a "Connection is Successful" message; also, the "Project and Issue Type" panel will be updated with your list of Projects

• Select the Mantis project you want the integration to be linked to – in this example you would be using the pre-created "internal-wiki" project

• Click the "Save" button at the top of the "Add Issue Tracker" panel

Configuring a Target to Report Issues to your Issue Tracker

From your list of Targets, select the Target you wish to work with.

• In the Target Information panel, scroll to the bottom of the panel and expand the "Advanced" link.
• Enable the "Issue Tracker" slider
• From the "Issue Tracker" dropdown, select the name of the Mantis Integration configuration you wish to use
• At the top of the "Target Information" panel, click the "Save" button

Now that your Target is configured to link to Mantis, you need to Scan your Target. When the Scan is completed, you will be able to select the Vulnerabilities to submit to your Issue Tracker.

Submitting Vulnerabilities to Mantis

Once you have completed a Scan on your Target:

• Select "Vulnerabilities" in the sidebar
• Adjust your filter to obtain a shortlist containing the vulnerabilities you wish to send to your Issue Tracker
• Use the checkboxes next to vulnerability to select the vulnerabilities to send to the Issue Tracker
• Click the "Send to Issue Tracker" button at the top of the "Vulnerabilities" panel

Check your Mantis Issues page

Check your Mantis Issues page; it will display the issues you've submitted to the Issue Tracker: