Application Security Platform
Scan profiles

Custom scan profiles

This document is for:
Invicti Platform

Each time you start a scan on a target, you can select which scan profile to use. By default, Invicti uses the Full Scan profile. You can choose from the built-in profiles or use a custom scan profile.

This document explains how to create a custom scan profile for use when scanning a target.

What are custom scan profiles?

Custom scan profiles let you concentrate on particular areas of concern by choosing the precise tests you require. This helps ensure your scans fully cover your web applications and increases the overall efficacy of your security testing efforts.

To see what checks you can add to your scan profile, refer to the Checks for custom scan profiles section of this document.

Create a custom scan profile

  1. Select Scans > Scan Profiles from the left-side menu.
  2. Click Create new profile.

  1. Enter the profile Name.
  2. Click the checkbox next to each check you want to include in your custom scan profile. Click the up and down arrows to expand the sections for more granularity.

You can also use the search field to find checks and tests. For example, searching for 'xss' will show you all the available checks for cross-site scripting.

A description of each check is displayed on the right when you select it.    

  1. Click Create profile.

  1. Your new custom scan profile appears at the bottom of the Scan Profiles page.

Edit a custom scan profile

  1. Select Scans > Scan Profiles from the left-side menu.
  2. Click on the name of the custom scan profile you want to edit.
  3. Make your changes to the custom profile by selecting or deselecting checks for inclusion.
  4. Click Update profile.

Delete a custom profile

  1. Scans > Scan Profiles from the left-side menu.
  2. Find the scan profile you would like to delete and click the dust bin icon to delete it.

  1. Click Delete profile to confirm this action.

Run a scan using a custom scan profile

When starting a new scan, you can choose a built-in profile or your custom scan profile from the Profile drop-down. For detailed instructions, refer to our New scan document.

Checks for custom scan profiles

Here are the checks you can add to your custom scan profiles:

  • Scanning tests, which include the following different types of tests:
  • File tests check vulnerabilities in files identified on the website.
  • Directory tests check vulnerabilities on directories identified on the website.
  • Input scheme tests check vulnerabilities on various parts of the website, such as GET parameters, Form inputs, and HTTP headers.
  • Server tests check vulnerabilities that are related to the server hosting the website.
  • Structure tests include the tests executed at the end of the crawl session, which identify vulnerabilities in the website's structure.
  • Post-scan tests include checks that are carried out at the end of the scan, such as checking for any stored cross-site scripting that might have been injected during the scan.
  • Known web application tests include security audits for various well-known web applications, such as WordPress or SAP products.
  • Runtime passive analysis includes vulnerability checks run passively during the crawl. For example, checks for situations where the website insecurely transitions from HTTPS to HTTP.
  • Crawler analysis includes vulnerability checks that act upon the responses from the web server to the crawler requests.
  • Location tests include tests that are executed on each unique location identified.
  • HTTP Data tests include vulnerability checks executed on all requests. These checks look for very specific content in the request/response and proceed to further verifications in specific scenarios. For example, the SAML signature audit checks are only executed when SAMLResponse is found.
  • Target tests include vulnerability checks executed only once on the target being scanned.
  • Input parsing tests include checks targeting input parsing vulnerabilities, such as prototype pollution.
  • Client-side checks include checks executed using the browser capabilities provided by DeepScan. An example of such vulnerabilities is DOM cross-site scripting.
  • Custom scripts include scripts that execute any custom scripts found in the custom scripts folder.
  • Malware Scanner (On-Premises only) includes checks of the web application for malicious links and malware.


Share This Article