Default scan profiles
Scan profiles are collections of predefined security checks used to test your web application for vulnerabilities. When launching a scan, you select a scan profile to run against a target. Invicti includes a set of default scan profiles designed to meet common application security needs. You can use these defaults or create custom scan profiles tailored to your specific requirements. A single target can be scanned multiple times using different scan profiles.
Built-in scan profiles
Default scan profiles are predefined groupings of tests designed to identify specific classes of vulnerabilities, such as SQL injection or Cross-Site Scripting (XSS). These profiles help streamline scanning by narrowing or expanding the scope of checks depending on your goals. You can use these profiles to focus on specific risks or perform comprehensive assessments.
- Full Scan
Performs a comprehensive scan using all available checks in Invicti. This profile offers the widest vulnerability coverage.
- Critical / High Risk
Scans only for the most severe vulnerabilities, including SQL Injection, Cross-site Scripting (XSS), and File Inclusion. This profile is dynamically updated with each release to include the latest high-impact checks.
- Critical / High / Medium Risk
Extends the Critical / High Risk profile by also checking for medium-risk issues, such as server misconfigurations and common coding flaws. This profile is also dynamically updated.
- Cross-site Scripting (XSS)
Focuses exclusively on detecting XSS vulnerabilities. Updated regularly to include the latest relevant tests.
- SQL Injection
Focuses only on detecting SQL Injection vulnerabilities. This profile is dynamically updated to reflect the latest threat signatures.
- Weak Passwords
Identifies login forms and attempts to exploit them using known weak credentials to detect authentication vulnerabilities.
- Crawl Only
Performs a crawl of the target site to map its structure without running any vulnerability checks.
- OWASP TOP 10 API
Scans for the top 10 most critical API risks to web applications, as defined by the OWASP Top 10 API project.
- OWASP Top 10
Scans for the top 10 most critical security risks to web applications, as defined by the OWASP Top 10 project.
- PCI checks
Identifies vulnerabilities that would cause non-compliance with Payment Card Industry data security standards (PCI DSS).
- Sans Top 25
Scans for the 25 most dangerous software errors, based on the Common Weakness Enumeration (CWE) list curated by the SANS Institute.