Scan Preferences
Scan jobs can be configured with the optional "preferences" object. If no "preferences" object is passed to a scanning job the default parameters are used.
Last updated
Scan jobs can be configured with the optional "preferences" object. If no "preferences" object is passed to a scanning job the default parameters are used.
Last updated
Users can choose between two scan types, "full" or "lite" scans. Lite scans fewer less features but are completed much faster than "full" scans. To view the full list of features for each scan type please visit: Scan Features
Allowed parameters |
---|
Parameter value: sqli
Parameter type: boolean
Activates SQL Injection vulnerability detection task. This task is disabled by default so as to not cause overload on production environments
Allowed Parameters | Description |
---|---|
Parameter value: xss
Parameter type: boolean
Activates XSS vulnerability detection task. This task is disabled by default so as to not cause overload in production environments
Specifies which tasks will be executed by VScanner's crawler
Please note that enabling options that are disabled by default in the crawler might lead to a significant increase in requests to the target endpoint. Be mindful that setting these options to 'True' can generate a high volume of requests.
An example of a JSON that enables all crawler options:
integer Initiates a brute force attack on identified CMS systems such, as WordPress.
Initiates brute force attacks on Basic access HTTP authentication
Determines the speed of the crawler.
Indicates the crawl depth used by the scanner.
Default value: 3
Indicate whether VScanner should scan for the target's web pages that are cached but not currently indexed on the live site. Due to the large number of web pages included in the scan, it will naturally take longer to complete.
If enabled, VScanner will check whether any discovered emails are listed in data breach databases.
Allowed Parameters | Description |
---|---|
Field name | Description | Allowed parameters (Bool) |
---|---|---|
Allowed parameters | Description |
---|---|
Allowed parameters | Description |
---|---|
Allow parameter | Proc. concurrency | Proc. parallelism | Max. req/sec |
---|---|---|---|
Allowed parameters | Description |
---|---|
Allowed parameters | Description |
---|---|
full
default
lite
false (default)
Disables SQL Injection vulnerability detection
true
Enables SQL Injection vulnerability detection
false (default)
Disables XSS vulnerability detection
true
Enables XSS vulnerability detection
exposed_emails
Returns discovered emails found while crawling
Default: True
open_redirect
Discovers open redirect vulnerabilities
Default: True
exposed_apikeys
Returns discovered API Keys found while crawling
Default: True
open_directory
Discovers open directories while crawling
Default: False
exposed_information
Returns files and configurations found while crawling, such as .env files
Default: False
backdoor_detection
Discovers backdoors that may be present while crawling, such as malicious php files left by hackers
Default: False
search_url_malware
Discovers URLs used by known malicious Javascript scripts
Default: False
0 (default)
Disables CMS brute force
1
Enables CMS brute force
0 (default)
Disables Basic auth brute force
1
Enables Basic auth brute force
"sequencial"
1
1
10
"slow"
2
3
80
"moderate"
5
5
40
"fast"
10
10
150
false (default)
Disables searching in cached pages
frue
Enables searching in cached pages
0 (default)
Disables searching in cached pages
1
Enables searching in cached pages