Support
Options

Advanced

This document is for:
Invicti Standard

In the Advanced tab in Invicti Standard, you can configure multiple options in multiple categories such as browsing, attacking, logging within the application. Performance and coverage can be achieved with the help of these options, which may vary depending on the scanned target.

To view the Advanced tab, press the CTRL key and click Options.

Advanced option categories

This table lists and explains the various types of task categories available in Advanced.

The list is sorted A-Z. Click the category icon to sort the items by category instead.

CategoryDescription
AttackerThese are options for Invicti attacks, which can change attack behaviors.
CrawlerThese are options for the Invicti crawler, which can change performance and coverage.
LoggingThese are options for logging, which include logging level, logging HTTP requests, and performance analysis.
MiscThese are non-categorized options and include actions in proxy, report, and auto-update.
ScanThese are options for scan action that can affect scan performance and the information scans produce.
UIThese are options for the Invicti Standard UI, such as Theme, Language, and Invicti Assistant.

Advanced options

This table lists and describes the options available in Advanced.

OptionDescription
AllowNavigationOnDomParserThis allows redirects at DOM Parser while loading the page. The default value is: ‘False’.
AnalyzeAttacksIf set to ‘False’, Invicti will not parse responses from attacks (such as responses from SQL Injections) to find new links. If set to ‘True’, Invicti will do this, assuming other conditions are met. This will significantly increase CPU use during attacks. The default value is: ‘False’.
AnalyzeParameterSubsetRelationsIf set to ‘True’, Invicti will analyze subset relations between parameter sets, i.e. Invicti will not attack the second link, as the first link contains all the parameters of the second one. For example:1./search?name=john&surname=smith&city=london2./search?name=john&surname=smithThe default value is: ‘True’.
ApplicationDocumentRootPathThis sets the root path where Invicti will store its scan, log, and configuration data. The default value is: ‘{MyDocumentsPath}\{AssemblyProduct}\)’.
AssistantEnabledThis enables Invicti Assistant. The default value is: ‘True’.
AssistantLevelThis sets the minimum severity that will be used by Invicti Assistant to notify users. The default value is: ‘5’.
AssistantOptimizerLinkPoolThresholdThis sets how many collected unique links it takes to trigger the Assistant Auto Optimizer. The default value is: ‘50’.
AssistantOptimizerTimeoutThis determines the hard timeout (in seconds) after which the Assistant Auto Optimizer will be triggered to optimize the current scan policy. The default value is: ‘600’.
AutoCloudUploadIf set to ‘True’, finished scans will be automatically uploaded to Invicti Enterprise. The default value is: ‘False’.
AutoFollowRedirectIf set to ‘True’, the requester automatically follows redirect responses. The default value is: ‘False’.
AutoPilotExitAfterCrawlOnlyIf set to ‘True’, (when ForceAutoPilot is also set to ‘True’) Invicti will conduct a crawl-only scan, without attacking, and exit after the scan is finished. The default value is: ‘False’.
AutoSaveInterval (min)This determines the interval (in minutes) after which Invicti auto-saves the scan status to the AutoSave.nss file. The default value is: ‘15’.
AutoUpdateIf set to ‘True’, automatic update checks are made once daily. The default value is: ‘True’.
BlockCsrfRequestPerlinkIf set to ‘True’, it blocks CSRF Requests per link. Depending on the value, Invicti waits for other CSRF token requests to be finished. The default value is: ‘True’.
BuiltInPoliciesSuggestionStatusThis specifies whether the scan policy optimization is suggested for scans that use built-in policies. The default value is: ‘Always’.
CategorySwitchLevelsThis continues the state of performance logging configuration for categories in the Logging tab in the Options dialog.
CheckPublicSuffixForEmailDisclosureIf set to ‘True’, Invicti checks the PublicSuffix list for detected email disclosures. The default value is: ‘True’.
ClientCertificateStoreLocationThis specifies the location of the X.509 certificate for client certificate authentication. The options are ‘CurrentUser’ and ‘LocalMachine’.The default value is: ‘CurrentUser’.
CloudAPITokenThis is the API Token for integration.
CloudServerURLThis is the URL of the on-premises server. The default value is: empty.
CloudTypeThis is the Connection Type number. It determines the type of integration, whether it is for Invicti Enterprise On-Demand or Invicti Enterprise On-Premises. The default value is: ‘1’.
CloudUserIDThis is the user ID for integration. The default value is: YourUserID.
CompactLargeObjectHeapIf set to ‘True’, the Large Object Heap (LOH) of the .NET framework is compacted periodically. The default value is: ‘True’.
CsrfWaitHandleTimeoutDepending on the value, Invicti waits for other CSRF token requests to be finished which is less than the given time. The default value is: ‘-1’.
CsvlmportSeparatorThis specifies the delimiter character to use when importing links from CSV files. The default value is: ‘,’.
CurrentIntegrationNameThis provides the selected Enterprise Integration name. For further information, see Enterprise Integration.
CustomRootCertificatePathThis sets the path of the custom root certificate to be used by the internal proxy. The default value is: empty.
DisableContentOptimizationIf set to ‘True’, Content Optimization is disabled. This prevents Invicti from performing some passive checks for the same HTTP responses. The default value is: ‘False’.
DisableGUILogsIf set to ‘True’, logs in the GUI are not shown. The default value is: ‘False’.
DisableHawkCommunicationIf set to ‘True’, this disables communication with Invicti Hawk, meaning Out-of-Band SSRF engines are disabled even when they are selected in a scan policy. The default value is: ‘False’.
DisableIgnoreCookieChecksIf set to ‘True’, Invicti does not send requests without cookies (custom or not). (Normally, Invicti does this to increase coverage and determine the behavior of the application when no cookie is sent.)The default value is: ‘False’.
DisableIriParsingIf set to ‘True’, Invicti converts some characters in the URL automatically. This conversion causes failure for some websites, which expect unchanged characters. If a website returns an error after changing the URL, this option needs to be False. The default value is: ‘False’.
DisablePassiveEnginesThis disables passive security checks. The default value is: ‘False’.
DisableRecrawlingThis disables the Recrawling phase of scans. The default value is: ‘False’.
DisableRequestParametersReorderingIf set to ‘True’, Invicti will send query parameters in the order that were originally captured; otherwise, parameters will be ordered alphabetically. The default value is: ‘False’.
DisableWebSecurityThis specifies whether the –disable-web-security parameter is passed to the Chromium instance. The default value is: ‘True’.
DomParserClearAllIntervalsTimeout (ms)This clears all setInterval callbacks after this timeout (in milliseconds). The default value is: ‘0’.
DomParserDisableGpuThis disables GPU acceleration in the DOM Parser simulation. The default value is: ‘False’.
DomParserForceTimeoutsIf set to ‘True’, the DomParser will force setTimeout and setInterval callbacks to execute without waiting for a timeout. The default value is: ‘False’.
DomParserMaxFormInputsCountThis determines the maximum number of inputs the DOMParser will parse in a single form. The default value is: ‘100’.
DomParserMaxFormsCountThis determines the maximum number of forms the DOM Parser will parse in a document. The default value is: ‘100’.
DomParserMaxLinksCountThis determines the maximum number of links the DOM Parser will parse in a document. The default value is: ‘1000’.
DomParserNonDfsTraversalReversedThis is a reverse traversal order of DOM elements that are not in the SmartDFS sub-simulation. The default value is: ‘False’.
DomViewportHeightThis specifies the DOM viewport height. The default value is: ‘720’.
DomViewportWidthThis specifies the DOM viewport width. The default value is: ‘1280’.
DomXssSingleAttackTimeout (ms)This sets the single attack timeout (in milliseconds) for the DOM XSS Scanner. The default value is: ‘20000’.
DomXssTotalAttackTimeout (ms)This sets the total attack timeout (in milliseconds) for the DOM XSS Scanner. The default value is: ‘600000’.
DoNotExpectAuthenticationChallengeThis enables the requester to send authentication credentials without expecting a challenge from the server. The default value is: ‘True’.
DoNotShowScanFinishedDialogIf set to ‘True’, no dialog is displayed when a scan is finished. The default value is: ‘False’.
DoNotShowScopeExtensionWarningIf set to ‘True’, this disables the warning message shown when Invicti cannot figure out the root path for a scan whose Scope has been set to Entered Path and Below. The default value is: ‘False’.
ElkAddressThis is the address of Kibana server. 
EnableAggressiveCachingThis enables the aggressive caching of resources that are hosted on external domains. The default value is: ‘True’.
EnableAssistOptimizerThis enables the Invicti Assistant Scan Policy Optimizer. The default value is: ‘True’.
EnableAutoSortThis enables auto-sorting in the Issues panel. The default value is: ‘True’.
EnableBrowserStorageTrackingThis enables the collection of items from localStorage and sessionStorage in the browser. The default value is: ‘True’.
EnableConsoleLogCollectionThis enables console log message collection. The default value is: ‘True’.
EnableContextAwareXssAnalyzerIf set to ‘True’, the Context-Aware XSS analyzer is enabled. It runs before any XSS analysis. If it detects a vulnerability, the XSS engine won’t make any additional attacks. The default value is: ‘True’.
EnableExpect100If set to ‘True’, 100-Continue behavior is used for HTTP Requests. The default value is: ‘False’.
EnableFeatureUsageTrackingIf set to ‘True’, this enables sending usage information to Invicti. The default value is: ‘True’.
EnableGzipAndDeflateThis enables GZip and Deflate decompression for compressed HTTP Responses. The default value is: ‘True’.
EnableLinkDiagnosticsThis enables parent link detection for links with CSRF tokens. The default value is: ‘False’.
EnableMLLoginPageIdentifierThis enables the machine learning service to identify the login page(s). The default value is: ‘False’.
EnableMLServiceThis enables machine learning service integrations. The default value is: ‘False’.
EnablePerformanceAnalysisIf set to ‘True’, Invicti will generate performance logs if the log level is set high enough. The default value is: ‘False’.
EnableSoundsThis enables sounds to play when certain events occur during the scan. The default value is: ‘False’.
EnableStaticVDBThis enables Version Disclosure vulnerabilities to be reported. The default value is: ‘True’.
EnableTimingTracingIf set to ‘True’, Invicti will log JSON formatted information to the disk. Enabling this option will cause increased disk use and make Invicti generate another log file to the hard drive along with regular scan logs. The default value is: ‘False’.
Enable VdbUploadIf set to ‘True’, Invicti uses this setting to upload the VDB file. The default value is: ‘False’. 
EnableWeakSignatureAlgorithmChecksThis enables SSL certificate chain analysis for weak signature algorithms. The default value is: ‘True’.
ErrorReportingServiceUrlThis specifies the web service URL to which unhandled errors are reported. The default value is: ‘http://www.netsparker.com/support/error-reporting.asmx’. 
FileExtensionRegexThis specifies the RegEx that is used to find links that end with a file extension.The default value is: ‘as[ap]x?|php[35]?|cf[cm]|pl|[psx]?html?|as[chm]x|config|dll|cgi|inc(?:lude)?|jsp?’.
ForceAutoPilotIf set to ‘True’, this silent mode will not display error messages. The default value is: ‘False’.
ForceQueryBasedScopeIf set to ‘True’, Invicti includes all files in a scan, regardless of the restricted extension in the scope. The default value is: ‘False’.
FormAuthenticationMaxWaitAfterLoginForBearerToken (ms)This sets the maximum time (in milliseconds) to wait after logging in to intercept Bearer tokens. The default value is: ‘2000’.
FormAuthenticationPageLoadTimeout (ms)This sets the maximum time (in milliseconds) to wait while trying to load a page during form authentication. The default value is: ‘30000’.
FormAuthenticationWaitAfterLoginFormLoad (ms)This sets the time (in milliseconds) to wait after a login form is loaded. The default value is: ‘2000’.
HideBrowserViewHintIf set to ‘True’, the hint on the Browser View tab is hidden. The default value is: ‘False’.
IastBridgeTimeoutThis sets the timeout for waiting data from the Shark Bridge (in milliseconds). The default value is: ‘250’.
LastOpenedFoldersThis specifies the list of the last opened folder paths. The default value is: (Collection)
LastUsedScanProfileThis specifies the name of the scan profile that was used last. The default value is: empty.
LastWhatsNewCheckThis specifies the last What’s New check date. The default value is: 1/1/2000.
LastWhatsNewDateThis specifies the last What’s New post date. The default value is: 1/1/2000.
LayoutVersionThis specifies the version of the current Invicti layout. The default value is: 1.
LightSQLInjectionChecksIf set to ‘True’, this increases the speed of SQL Injection checks by decreasing the coverage. The default value is: ‘False’.
LogExtremeDetailThis enables performance analysis in detail. This will slow down the scan process. The default value is: ‘False’.
LogFilesQuestionBindedIf set to ‘True’, the log files are submitted through error reporting when a crash happens. The default value is: ‘True’.
LoggingEnabledIf set to ‘True’, this enables logging. Otherwise, all logging will be disabled. The default value is: ‘True’.
LogHttpRequestsIf set to ‘True’, HTTP requests made during a scan are saved into the scan folder using the Fiddler session file format. The default value is: ‘False’.
LogRecurringParametersThis enables or disables logging recurring parameter detections. The default value is: ‘True’.
LogTracedActivityToXmlIf set to ‘True’, trace logs are written as XML files. Otherwise, they are written as CSV files. The default value is: ‘False’.
LogRunningRegexTimeout (ms)This sets the maximum time (in milliseconds) that is allowed for long-running Regex operations. The default value is: ‘30000’.
MaxDepthThis sets the maximum depth for crawling links. The depth is calculated using the number of navigations required to access it. For example, if you need to click two links to access a link, the depth of that link is two. The default value is: ‘5’.
MaxDocumentSizeKBThis sets the maximum size of the document in kilobytes (KB). Invicti will cut the response and cancel the connection when a document HTTP read reaches this size. The default value is: ‘3072’.
MaxDomParserCountThis sets the maximum number of DOM Parser instances that run during a scan. It defaults to three-quarters of the logical processor count. Otherwise, the default value is: ‘3’.
MaxDomXssScannerCountThis determines the maximum number of DOM XSS scanner instances that run during a scan. It defaults to three-quarters of the logical processor count. Otherwise, the default value is: ‘3’.
MaxEmailAddressReportThis sets the maximum number of email addresses to report. The default value is: ‘100’.
MaxHardFailRetryThis sets the maximum amount of hard fails before Invicti will stop. Hard fails refer to serious connection problems, such as Connection Timeout, DNS Failure, TCP Reset or Proxy Connection is not Available. The default value is: ‘10’.
MaxHardLogoutCountThis sets the maximum logout count before Invicti gives up the scan. The default value is: ‘1000’.
MaximumRedirectThis sets the maximum redirect count. The default value is: ‘4’.
MaximumResponseHeadersLengthThis sets the maximum allowed length in kilobytes (1024 bytes) of the response headers. A value of -1 means that no limit is imposed on the response headers. A value of 0 means that all requests will fail. The default value is: ‘64’.
MaximumRetryThis sets the maximum number of reattempts when Invicti fails to get a response from a page. The default value is: ‘3’.
MaxKnowledgeItemCountThis sets the maximum number of items that will be displayed in the Knowledge Base nodes. The default value is: ‘500’.
MaxLengthThis sets the maximum character length to parse. If a document is larger than this, Invicti will cut it off before parsing. The default value is: ‘500000’.
MaxRedirectBodySizeThis determines the maximum expected body size of the Redirect Response (in characters). The default value is: ‘450’.
MaxThreadCountPerPoolThis determines the maximum number of threads in each thread pool. The default value is: ‘24’.
MaxVulnerabilityThresholdThis sets the maximum number of vulnerability reports for the same type. Invicti will not report the same vulnerability more than this number of times. The default value is: ‘150’.
MaxVariationThresholdThis determines the maximum number of variations to report for groupable vulnerabilities. The default value is: 10.
MaxVulnerabilityThresholdForActiveEnginesThis sets the maximum number of vulnerability reports for the same type for active security checks such as SQLi and XSS, for example. Invicti will not report the same vulnerability more than this number of times. The default value is: ‘1000’.
MaxWebViewReuseCountThis sets the maximum reuse number of embedded browser instances. The default value is: ‘100’.
MinCspNonceEntropyLimitThis sets the allowed metric entropy of the base64 decoded nonce in the Content Security Policy engine. The setting is between 0 and 1. The default value is: ‘0.15’.
NotifiedExpiringLicencesIf enabled, the user of any expiring licenses is notified.
NotifyWhatsNewIf enabled, the user is notified with the What’s New. The default value is: ‘True’.
OnlyFillUpPostIf set to ‘True’, Invicti will not use a default value for the empty GET parameters. The default value is: ‘False’.
OnPremisesTypeThis specifies the On-Premises product type. The default value is: ‘0’.
ParallelAttacksStartLinkThis sets the amount of links that Invicti will crawl before it starts attacking if the Crawl and Attack is also enabled. The default value is: ‘20’.
ParserParameterLimitThis sets the maximum number of parameters to parse in a FORM field. The default value is: ‘200’.
PasswordEncryptionScopeThis specifies the scope for password encryption. The alternatives are CurrentUser or LocalMachine.The default value is: ‘CurrentUser’.
PerformanceLogLevelThis sets the level for performance logging. The default value is: ‘3’.
PptrConsoleDebugThis enables or disables devtools console debug output of DOM simulation. The default value is: ‘False’
PptrEnableRateGateThis uses the request per second settings. The default value is: ‘True’.
PptrHeadlessThis enables or disables Puppeteer headless mode. The default value is: ‘True’.
PptrPageDisposeThis enables or disables the Puppeteer page delaying disposal. The default value is: ‘True’.
PptrUseNativeRequesterThis uses the native browser’s requester. The default value is: ‘False.’
PreventSleepModeDuringScanIf set to ‘True’, this prevents the computer from entering sleep mode during the scan. The default value is: ‘False’.
ProductNameThis is the name of this product. The default value is: ‘Invicti’.
ProxyAddressThis is the application proxy address. The default value is: ‘127.0.0.1’.
ProxyAuthenticationEnabledIf set to ‘True’, the application proxy authentication is enabled. The default value is: ‘False’.
ProxyByPassListEnter a bypass list that will be skipped while using the proxy. 
ProxyByPassOnLocalIf set to ‘True’, the application determines the usage of the proxy on local. The default value is: ‘False’.
ProxyDomainThis is the application proxy domain. The default value is: empty.
ProxyModeThis is the application proxy mode. The default value is: ‘1’.
ProxyPasswordThis is the application proxy password. The default value is: empty.
ProxyPortThis is the application proxy port. The default value is: ‘8080’.
ProxyUseDefaultCredentialsIf set to ‘True’, the application proxy uses default credentials. The default value is: ‘False’.
ProxyUserNameThis is the application proxy user name. The default value is: empty.
RecentURLsThis stores the list of URLs that have recently been scanned.
RecoverSessionPathsThis stores the paths to session files that have crashed while using a previous Invicti instance.
ReportExportConfirmedThis determines the Export Confirmed option for the Save Report dialog. The default value is: ‘True’.
ReportExportLastFolderThis stores the path to the folder to which the last report was exported. The default value is: empty.
ReportExportLastFooterThis stores the last footer text for the report footer. The default value is: empty.
ReportExportLastHeaderThis stores the last header text for the report header. The default value is: empty.
ReportExportPdfThis is the last Export as the PDF option value. The default value is: ‘True’.
ReportExportUnconfirmedThis is the Export Unconfirmed option in the Save Report dialog. The default value is: ‘True’.
ReportExportVariationsThis is the last Export All Variations option value. The default value is: ‘False’.
ReportGenerationTimeout (s)This determines the time (in seconds) to wait before report generation is canceled when triggered from the command line. The default value is: ‘120’.
ReportOpenAfterThis is the last Open Generated Report option value. The default value is: ‘True’.
ReportPolicyAllowEditIf set to ‘True’, this enables users to add and edit vulnerability profiles in the Report Policy Editor. Administrator privilege is required to modify the Default Report Policy. The default value is: ‘False’.
RequestBuilderMaxFileSizeThis determines the maximum file size (in megabytes) that can be used as a File Parameter in the Request Builder. The default value is: ‘10’.
RequestHeaderDebugInfoIf set to ‘True’, a header named X-Invicti-Debug (diagnostic debug information) is added to HTTP requests made by Invicti scans. The default value is: ‘False’.
RequiresHttpRequesterThis determines whether Auto-Authenticator requires HTTP requester or not. The default value is: ‘True’.
RequiresUpgradeIf set to ‘True’, the current installation requires a one-time upgrade to be executed. The default value is: ‘True’.
ResourceFinderThreadCountThis determines the thread count used by the Resource Finder. The default value is: ‘5’.
SavePermanentXSSAttacksIf set to ‘True’, this saves permanent XSS attacks, so that they can be identified later.If set to ‘False’, Invicti may not find the injection point for identified permanent XSS issues but will access the HDD (hard disk drive) much less during XSS attacks. The default value is: ‘True’.
ScriptingRecursionLimitThis sets the custom scripting maximum recursion level. The default value is: 100.
ScriptingTimeoutThis sets the custom scripting timeout in seconds. The default value is: 60.
SendAsUserThis sends the unhandled exception as a user. The default value is: ‘False’.
SenderMailAddressBindingThis specifies the mail address to that error reports are sent following a crash. The default value is: empty.
SendErrorsToElkThis specifies whether the error logs are to be sent to Kibana. The default value is: ‘False’.
SendToActionsThis is a list of registered Send To Actions.
ShortRunningRegexTimeout (ms)This sets the maximum time (in milliseconds) that is allowed for short-running Regex operations. The default value is: ‘15000’.
ShowAllLoggingCategoriesIf set to ‘True’, all log categories in the Logging tab in the Options dialog are displayed. The default value is: ‘False’.
ShowAttackPossiblityListIf set to ‘True’, the Attack Possibilities node in is displayed in the Knowledge Base panel. The default value is: ‘False’.
ShowOptionsIf set to ‘True’, the Start a New Website or Web Service Scan dialog opens with the Options panel expanded. The default value is: ‘False’.
SmartDfsEnabledIf set to ‘True’, SmartDFS is enabled in the DOM simulation. The default value is: ‘True’.
SmartDfsMaxSampleCountThis sets the maximum sample count for SmartDFS-filtered DOM elements. The default value is: ‘5’.
SmartDfsMinElementCountThis sets the minimum number of elements to trigger SmartDFS.The default value is: ‘5’.
SmartDfsMinTagGroupCountThis sets the minimum number of HTML tag groups to trigger SmartDFS.The default value is: ‘3’.
SmartDfsSimilarityDistanceThis sets the similarity distance between 0 and 1 for SmartDFS.The default value is: ‘0.1’.
SqlHackerAvoidSpacesThis replaces the space used by hackers to bypass some IDSes (intrusion detection systems) in SQL Injection exploitation with something else, including several checks. The default value is: ‘True’.
SqlInjectionAutoFollowRedirectIf set to ‘True’, the boolean SQL injection engine will follow HTTP redirects. The default value is: ‘True’.
SQLInjectionDataLengthThis sets the maximum number of characters to export in an SQL Injection exploit. The default value is: 1000.
SsrfEnableCheckOnScanStartIf set to ‘True’, the Invicti Hawk health check is enabled at the start of a scan. The default value is: ‘True’.
SsrfResponderNameThis specifies the name of the Server-side request forgery (SSRF) Responder. The default value is: ‘Hawk’
StopOnSslErrorThis specifies whether Invicti stops scanning if SSL connection error occurs. The default value is: ‘True’.
StopSilentScanOnConnectionFailureThis prevents host connection errors from being shown when the /silent switch is used. The default value is: ‘False’
SuggestPolicyOptimizationIf set to ‘True’, the Scan Policy Optimizer dialog will be displayed at the start of a scan. The default value is: ‘True’.
SwitchToOptimizedPolicyIf set to ‘True’, this switches to auto-optimized Scan Policies automatically. The default value is: ‘False’.
SystemProxyDomainThis sets the application system proxy domain. The default value is: empty.
SystemProxyPasswordThis sets the application system proxy password. The default value is: empty.
SystemProxyUserNameThis sets the application system proxy username. The default value is: empty.
TextParserMaxFormsCountThis sets the maximum number of forms the text parser will parse in a document. The default value is: ‘100’.
TextParserMaxInputsCountThis sets the maximum number of inputs the text parser will parse in a document. The default value is: ‘100’.
TextParserMaxJsStringsCountThis sets the maximum amount of JavaScript strings (including comments and literals) that can be parsed. The default value is: ‘2000’.
TextParserMaxLinksCountThis sets the maximum number of links the text parser will parse in a document. The default value is: ‘1000’.
ThemeThis sets the preferred theme for the Invicti application. The default value is: ‘GloomGloom’.
UpdateChannelThis set the update channel for Auto Updates. The default value is: ’empty’.
UpdateCheckThis stores the date that the last Auto Update was made. The default value is: ‘2000-01-01’.
UpdatePathThis specifies the URL where auto-update checks are made. The default value is: ‘http://www.netsparker.com’.
UseCustomRootCertificateIf set to ‘True’, the internal proxy uses the custom root certificate. The default value is: ‘False’.
UseDatabaseIf set to ‘True’, the scan results are saved into the session database. The default value is: ‘True’.
UsePlusForSpaceEncodingIf set to ‘True’, the ‘+’ sign is used to encode spaces in URLs, instead of ‘%20’.The default value is: ‘False’.
UserInterfaceLanguageThis sets the language code for the UI language. The default value is: ‘en’.
VdbLastUpdateCheckThis stores the date that the last VDB update check was made. The default value is: ‘2000-01-01’.
VdbUpdateCheckURLThis sets the URL where the VDB update check is made. The default value is: ‘https://service.invicti.com/go/?ref=vdbversion’
VdbUpdateURLThis sets the URL from which the VDB update is made. The default value is: ‘https://service.invicti.com/go/?ref=vdb”’
VdbUpdateVersionThis stores the VDB version received from the update server. The default value is: empty.
VdbVersionThis stores the current VDB version.
WebApplicationFirewallThis lists the Web Application Firewall configuration registered. The default value is: ‘Collection’.
WebInspectorRemoteDebugPortIf set to ‘0’, the remote debug port for the web inspector is disabled. The default value is: ‘0’.
WebServiceProtocolNameThis sets the protocol used to access the described XML Web services. The allowed values are: SOAP, SOAP 12, HttpPost, HttpGet, and HttpSoap.The default value is: empty.

How to view and find advanced options

  1. Open Invicti Standard.
  2. In the Home tab, press the CTRL key, and click Options. The Options dialog is displayed, with the Advanced tab open in Alphabetical order.
  1. Enter the Advanced option you want in the search box. Alternatively, slide the scrollbar to search for it manually, then click on it when found.
  2. When you have completed configuring the Advanced option setting, click Save.

How to prevent the operating system from going to sleep while there is a scan in progress

  1. Open Invicti Standard.
  2. In the Home tab, press the CTRL key, and click Options. The Options dialog is displayed.
  3. In the search dialog, enter ‘PreventSleepModeDuringScan’ and click when displayed.

Alternatively, slide the scrollbar down to ‘PreventSleepModeDuringScan’ a click once to highlight.

  1. In the drop-down option, select True. (The default is False.)
  1. Click Save.

Invicti Help Center

Our Support team is ready to provide you with technical help.

Go to Help Center This will redirect you to the ticketing system.