Application Security Platform
Scan management

Scan dynamic URL target

This document is for:
Invicti Platform

For our Dynamic URL (aka ephemeral) targets, scans can only be triggered via the API or during CI/CD. They cannot be initiated from the UI with the dynamic URL.

For instructions on how to add a dynamic URL target, refer to the linked document.

All scans are associated with the same dynamic URL (ephemeral or short-lived) target, even though they are performed on different URLs.

There are two ways to scan a dynamic URL target:

  1. Scan a dynamic target via API
  2. Using any of our CI/CD integrations - just select your ephemeral target in the Asset field.

This document walks you through triggering a scan using API through Visual Studio.

Scan a dynamic URL target via API

  1. Open Visual studio for example, paste in the following sample script, and amend the variables.

POST https://platform.invicti.com/api/v1/scans HTTP/1.1
Content-Type: application/json
accept: application/json
Authorization: Bearer {YOURTOKEN}
{
"user_authorized_to_scan": "yes",
"target_id": "{YOUTARGETID}",
"profile_id": "11111111-1111-1111-1111-111111111117",
"schedule": {
 
"disable": false,
 
"time_sensitive": true,
 
"history_limit": 10,
 
"triggerable": false
},
"max_scan_time": 0,
"incremental": false,
"address": "{YOURTESTURL}"
}

🛠️

Replace to following parameters:

  • {YOURTOKEN}: Replace with your Invicti Platform API key.
  • {YOUTARGETID}: Replace with the target ID taken from Inventory > Targets > Target ID in the right-side drawer.
  • {YOURTESTURL}: Replace with the URL you would like to scan.

  1. Execute the script in Visual Studio to trigger the scan via the API.
  2. The response then looks similar to this.

  1. If you navigated to the Scans > All scans page, you would see a scan starting.
  2. Using the scan_id, you can locate the scan in Invicti Platform.

Find what URL was used for a scan

To see what URL was used for a Dynamic URL target scan follow these steps:

  1. Select Scans > All scans from the left-side menu.
  2. Choose the scan you want to review.
  3. Go to the Vulnerabilities tab, select a specific vulnerability, and view the associated URL in the panel that appears on the right.


Share This Article