Scan Preferences

Scan jobs can be configured with the optional "preferences" object. If no "preferences" object is passed to a scanning job the default parameters are used.

scan_type

Parameter type: string

Users can choose between two scan types, "full" or "lite" scans. Lite scans fewer less features but are completed much faster than "full" scans. To view the full list of features for each scan type please visit: Scan Features

Allowed parameters

full

default

lite

sqli

Parameter value: sqli

Parameter type: boolean

Activates SQL Injection vulnerability detection task. This task is disabled by default so as to not cause overload on production environments

Allowed ParametersDescription

false (default)

Disables SQL Injection vulnerability detection

true

Enables SQL Injection vulnerability detection

xss

Parameter value: xss

Parameter type: boolean

Activates XSS vulnerability detection task. This task is disabled by default so as to not cause overload in production environments

Allowed ParametersDescription

false (default)

Disables XSS vulnerability detection

true

Enables XSS vulnerability detection

crawler_options

Parameter type: JSON

Specifies which tasks will be executed by VScanner's crawler

Field nameDescriptionAllowed parameters (Bool)

exposed_emails

Returns discovered emails found while crawling

Default: True

open_redirect

Discovers open redirect vulnerabilities

Default: True

exposed_apikeys

Returns discovered API Keys found while crawling

Default: True

open_directory

Discovers open directories while crawling

Default: False

exposed_information

Returns files and configurations found while crawling, such as .env files

Default: False

backdoor_detection

Discovers backdoors that may be present while crawling, such as malicious php files left by hackers

Default: False

search_url_malware

Discovers URLs used by known malicious Javascript scripts

Default: False

Important Note:

Please note that enabling options that are disabled by default in the crawler might lead to a significant increase in requests to the target endpoint. Be mindful that setting these options to 'True' can generate a high volume of requests.

An example of a JSON that enables all crawler options:

{
    "url": "https://www.example.com",
    "preferences": {
        "scan_type": "full",
        "scan_speed": "fast",
        "scan_deep": 3,
        "search_in_web_cache": true,
        "crawler_options": {
            "exposed_emails": true,
            "open_redirect": true,
            "exposed_apikeys": true,
            "open_directory": true,
            "exposed_information": true,
            "backdoor_detection": true,
            "search_url_malware": true
        }
    }
}

cms_brute_force

Parameter type: integer

integer Initiates a brute force attack on identified CMS systems such, as WordPress.

Allowed parametersDescription

0 (default)

Disables CMS brute force

1

Enables CMS brute force

web_brute_force

Parameter type: integer

Initiates brute force attacks on Basic access HTTP authentication

Allowed parametersDescription

0 (default)

Disables Basic auth brute force

1

Enables Basic auth brute force

scan_speed

Parameter type: string

Determines the speed of the crawler.

Allow parameterProc. concurrencyProc. parallelismMax. req/sec

"sequencial"

1

1

10

"slow"

2

3

80

"moderate"

5

5

40

"fast"

10

10

150

scan_deep

Parameter type: integer

Indicates the crawl depth used by the scanner.

Default value: 3

search_in_web_cache

Parameter type: boolean

Indicate whether VScanner should scan for the target's web pages that are cached but not currently indexed on the live site. Due to the large number of web pages included in the scan, it will naturally take longer to complete.

Allowed parametersDescription

false (default)

Disables searching in cached pages

frue

Enables searching in cached pages

leak_data_usage

Parameter type: integer

If enabled, VScanner will check whether any discovered emails are listed in data breach databases.

Allowed parametersDescription

0 (default)

Disables searching in cached pages

1

Enables searching in cached pages

Last updated