Support
Scans

Configuring Basic, Digest, NTLM/Kerberos and Negotiate Authentication

This document is for:
Invicti Standard, Invicti Enterprise On-Premises, Invicti Enterprise On-Demand

Invicti supports Basic, Digest, NTLM/Kerberos and Negotiate authentication mechanisms. This enables you to configure scans for websites that require those types of authentication.

Basic, Digest, NTLM/Kerberos and Negotiate Authentication Fields

This table lists and explains the fields in the Basic, Digest, NTLM/Kerberos and Negotiate Authentication section.

Field

Description

Basic, Digest, NTLM/Kerberos, Negotiate Authentication

Select to enable Basic, Digest, NTLM/Kerberos or Negotiate Authentication.

Type

Select the type of authentication:

  • Basic
  • NTLM
  • Kerberos
  • Digest
  • Negotiate

URL Prefix

Enter the URL prefix that determines the scope of the authentication method. For example: https://www.example.com/protected.

Username

Enter the username for the login popup.

Password

Enter the password for the login popup, masked by asterisks.

Domain

Enter the domain setting, which should be the value of the domain name for Windows systems, not the hostname of the site. This field is optional, for when the domain is required in Windows environments only.

Do not expect challenge (Basic Authentication)

Select to enable authentication, even if the server does not send an authentication challenge. This is an option that specifies whether the Basic Authentication credentials should be sent in each request without expecting a 401 Authentication challenge from the server.

How to Configure Basic, Digest, NTLM/Kerberos and Negotiate Authentication in Invicti Enterprise
  1. Log in to Invicti Enterprise.
  2. From the main menu, click Scans, then New Scan. The New Scan window is displayed.
  3. From the Authentication section, select Basic, NTLM/Kerberos. The Basic, or NTLM/Kerberos, Negotiate Authentication section is displayed.
  4. Enable the Basic, Digest, NTLM/Kerberos, Negotiate Authentication checkbox.

Basic, Digest, NTLM/Kerberos, Negotiate Authentication Screen

  1. Click New Credential. The Credential dialog is displayed.
  • From the Type dropdown, select an option.
  • In the URL Prefix field, enter the scope of the authentication. For example, if the authentication is enabled on the /foo folder then enter: http://site.com/foo/.
  • In the Username field, enter the username.
  • In the Password field, enter the password.
  • In the Domain field, enter the domain name, if required.

Credential Dialog

  1. Click Apply to save settings.
How to Configure Basic, Digest, NTLM/Kerberos and Negotiate Authentication in Invicti Standard
  1. Open Invicti Standard.
  2. From the Home tab, click New. The Start a New Website or Web Service Scan dialog is displayed.
  3. Click the Basic, NTLM/Kerberos tab.
  4. Enable the Basic, Digest, NTLM/Kerberos, Negotiate Authentication checkbox.
  5. From the Type dropdown, select an option.

Invicti Standard Basic, Kerberos Authentication Configuration Screen

  1. In the URL Prefix field, enter the scope of the authentication. For example, if the authentication is enabled on the /foo folder then enter: http://site.com/foo/.
  2. In the Username field, enter the username.
  3. In the Password field, enter the password.
  4. In the Domain field, enter the domain name, if required.
  5. If required, Enable the Do not expect challenge (Basic Authentication) checkbox.
  6. Click Start Scan.