Authorized target scanning policy
Read before launching scans
Before initiating any scans, it is critical to ensure that you have proper authorization to test the target website or web application.
- Unauthorized scanning is prohibited. Performing scans without consent may result in your IP address and all scan-related activity being logged on the target’s web server.
- Inform stakeholders. If you are not the sole administrator of the website or application, you must notify all relevant administrators before starting a scan.
- Be aware of the potential impact. Some scans may cause performance issues or even result in the target system becoming temporarily unavailable, requiring a manual restart.
By proceeding with a scan, you confirm that you have obtained all necessary permissions and accept responsibility for the actions and consequences associated with the scan.
Use our test websites
If you are new to scanning or want a safe environment to experiment in, we recommend using our publicly available test websites. These are designed specifically for safe, controlled scanning and testing—so you can explore Invicti’s capabilities without impacting live systems.
Test website http://testinvicti.com/
Name | URL | Technologies |
ASP.Net - Testinvicti | Windows, IIS, ASP.NET , MsSQL | |
PHP - Testinvicti | Windows, Apache, PHP, MySQL | |
SPA - Angular - Testinvicti | Ubuntu, Apache, PHP, Angular 5, MySQL | |
API - REST - Testinvicti | Ubuntu 18, Apache, PHP 7.1, MySQL | |
GraphQL - Testinvicti | Ubuntu 22.04, NodeJS, GraphQL | |
Python - Testinvicti | Ubuntu 22.04, Flask, CouchDB, Nginx | |
API - Vulnerable API | Ubuntu, NodeJS, Swagger, SQLite |
Test website http://www.vulnweb.com/
Name | URL | Technologies |
SecurityTweets | nginx, Python, Flask, CouchDB | |
Acuart | Apache, PHP, MySQL | |
Acuforum | IIS, ASP, Microsoft SQL Server | |
Acublog | IIS, ASP.NET , Microsoft SQL Server | |
REST API | Apache, PHP, MySQL |