VScanner's Knowledge Base
  • Welcome to VScanner Documentation
  • VScanner API
    • Introduction
      • Classification
    • Authentication
    • Vulnerability Scanner
      • Scans
        • Explorer Preferences
          • Features
        • Website Vulnerability Preferences
          • Features
        • Scan API Preferences
          • Features
        • Subdomain Finder
    • PDF Report Generation
    • PDF Report AI Action Plan
  • FAQ (Frequently Asked Questions)
    • Account & Subscription
      • Can I change my subscription at any time?
      • Can I delete my account at any time?
      • Which payment methods does VScanner accept?
    • Scans & Reports
      • Can I export the scan result to PDF?
      • I fixed the vulnerabilities found on the last scan, how do I run a new one?
      • How often can I run a scan?
      • How long will it take for a scan to complete?
      • What is a target on VScanner?
      • How to scan a website on VScanner?
      • How does VScanner work?
    • Web Security Vulnerabilities
      • How to protect from cyber attacks?
      • List of OWASP TOP 10 vulnerabilities for 2021-2022
      • What are the most common vulnerabilities on websites?
      • How to fix - Broken Access Control
      • How to fix - Extension Vulnerabilities
      • How to fix - Plugin Vulnerabilities
      • How to fix - CMS Vulnerability
      • How to fix - Weak HTTPS Configurations
      • How to fix - Invalid HTTPS Certificates
      • How to fix - Session Failure
      • How to fix - Validation Failure
      • How to fix - Authorization Failure
      • How to fix - Weak Authentication
      • How to fix - Sensitive Data Exposure
      • How to fix - Cross-Site Request Forgery (CSRF)
      • How to fix - Local File Injection (LFI)
      • How to fix - Remote File Injection (RFI)
      • How to fix - Cross-Site Scripting (XSS)
      • How to fix - Command Injection
      • How to fix - SQL Injection
Powered by GitBook
On this page
  1. VScanner API
  2. Vulnerability Scanner
  3. Scans
  4. Website Vulnerability Preferences

Features

Users can choose between three scan types, "full", "default" or "lite" scans. Lite and default scans have fewer features but finish much faster than "full" scans.

Assessment Area
Lite Scan
Default scan
Full Scan
Description

Headers Misconfiguration Issues

Examines header components to find misconfigurations, and authentication issues in your application.

Email Spoofing (SMTP)

Examines the Simple Mail Transfer Protocol (SMTP) of the host for email falsification vulnerabilities

Web Application Firewall Issues (WAF)

Feature designed to detect the presence of a Web Application Firewall (WAF) on the target website. Identifying a WAF is essential to understanding the security posture of the website and the measures taken to protect it against potential threats.

Version-based Software Issues

Search for used technologies, services, certificates and version-based reports

Common Vulnerabilities and Exposures (CVEs)

Checks for all CVE Entries and lists CVE References for the found vulnerabilities.

Leaked Credentials

By accessing various leaked credentials databases (internal and external), this task aims to identify any instances where the target domain's credentials have been exposed

SQL Injection

By performing an iterative loop through all found URLs, this task identifies and tests for potential SQL injection points.

Subdomain Takeover

Detects vulnerable subdomains that could to be claimed by an unauthorized individual or attacker

Cross-Site Scripting (XSS)

Thoroughly examines the URL and its parameters to detect any potential XSS threats that could compromise the security of the web application.

Authentication Brute Force

Utilizes open and leaked information to understand the possibility of gaining unauthorized access to web applications through web form submissions

Open Redirect

Identifies open redirect vulnerabilities, which can potentially lead to security breaches and phishing attacks

Text4Shell

Identifies the presence of the Text4Shell vulnerability within the target domain or website, avoiding malicious actors that can potentially execute arbitrary commands on the target server

CMS Issues (WordPress, Drupal, etc.)

Seeks out used Content Management System (CMS) software and related framework details. It also reports vulnerabilities for exposed users.

Open Source Intelligence (OSINT)

Queries the Shodan database to identify exposed services, open ports, and other accessible information.

File and Directory Enumeration

Performs file and directory enumeration to identify files that should not exist or have improper read permissions

TLS Identification

Identification of TLS protocol support to identify vulnerabilities in cryptographic communication.

Check CSRF

Identifications of server forms/requests not protected against CSRF attacks

Note: API Scan is not covered in this table above.

Issue groups

PreviousWebsite Vulnerability PreferencesNextScan API Preferences

Last updated 21 days ago