Support
Knowledge Base Nodes

Crawling Performance Node

This document is for:
Invicti Standard, Invicti Enterprise On-Premises, Invicti Enterprise On-Demand

Crawling is a crucial stage in a Invicti scan, enabling vulnerable points in the target web application to be discovered during the Attacking stage.

Invicti clicks every link and button in the web application in order to access every corner of the target web application. It also submits discovered forms and traverses them to access the pages that are typically only accessible once the form is submitted. This is done so that it can populate the link pool, then attack these links to identify vulnerabilities.

The scanner lists these links in the Knowledge Base and provides details on how it found them.

This table lists the sources that are used to determine the number of links.

Source

Description

Start Link

This is the number of links that are entered by the user to initialize the scan. It is basically the target URL.

Text Parser

This is the number of links identified by the text parser while parsing the responses’ source code.

Text Parser Form

This is the number of links identified through HTML forms to which the forms are submitted.

AJAX/XMLHttpRequests

This is the number of links identified as AJAX requests.

Related Link

This is the number of links identified by the scanner through the analysis of other crawled links.

Resource Finder

This is the number of links identified by the Common Files and Directories checks, which look for hidden resources that are not visible to the public.

Unspecified

This is the number of links for which the scanner could not determine the Parsing Source.

ASP.NET Project Importer

This is the number of links identified from the ASP.NET Project (*.csproj or *.vbproj) file.

Backup Resource

This is the number of links identified by the Backup Modifier, which tries to find backup (*.bak, *.old) files

Burp Importer

This is the number of links identified from the Burp Saved Items (*.xml).

CSV Importer

This is the number of links identified from comma-separated values.

DOM Parser

This is the number of links identified by the DOM Parser, which parses HTML or XML files.

DOM Parser Extracted Resource

This is the number of links identified by the DOM Parser Extracted Resource, which extracts resources like image and frame.

DOM Parser Navigate

This is the number of links identified by the DOM Parser Navigate, which intercepts navigate calls.

DOM Parser New Window

This is the number of links identified by the DOM Parser, which intercepts new window calls.

.DS_Store Modifier

This is the number of links identified from the .DS_Store file.

Fiddler Importer

This is the number of links identified from the Fiddler Session Archive (*.saz) file.

Form Authentication Sequence

This is the number of links discovered while performing form authentication requests.

HTTP Archive Importer

This is the number of links identified from the HTTP Archive (*.har) file.

HTTP Request Importer

This is the number of links that are identified by parsing sources.

I/O Docs Importer

This is the number of links identified from the I/O Docs (*.json) file.

Link Importer

This is the number of links that are identified using the Link Importer tool.

Mod Negotiation Resource

This is the number of links that are identified from content negotiation provided by the mod_negotiation module.

Invicti Session Importer

This is the number of links that are identified from the Invicti Session (*.nss) file.

OWASP ZAP Importer

This is the number of links that are identified from the OWASP ZAP file.

Postman Importer

This is the number of links that are identified from the Postman file.

Proxy

This is the number of links that are crawled using the proxy (Manual Crawling) feature.

RAML Importer

This is the number of links that are identified from the RESTful API Modeling Language (*.raml) file.

Resource Finder

This is the number of links identified by brute-forcing hidden resources.

Robots.txt Sitemap

This is the number of links that are identified from robots.txt or sitemap.xml files.

SOAP Web Service Parser

This is the number of links that are links identified from SOAP Web Service parser.

Swagger Importer

This is the number of links that are identified from the OpenAPI (formerly Swagger) (*.json, *.yaml, *.yml) file.

WADL Importer

This is the number of links that are identified from the Web Application Description Language (*.wadl) file.

WordPress Importer

This is the number of links that are identified from the WordPress REST API (*.json) file.

WSDL Importer

This is the number of links that are identified from the Web Services Description Language (*.wsdl) file.

Once the scan is completed, all crawling performance information is listed under the Crawling Performance node in the Knowledge Base, highlighted in red and bold. You can access the same information in the Knowledge Base Report and Knowledge Base Tab.

For further information, see Knowledge Base Nodes.

How to View the Crawling Performance Node in Invicti Enterprise

  1. Log in to Invicti Enterprise.
  2. From the main menu, click Scans, then Recent Scans. The Recent Scans window is displayed.
  3. Next to the relevant website, click Report.
  4. From the Technical Report section, click the Knowledge Base tab.
  5. Click Crawling Performance. The information is displayed in a Crawling Performance tab.

How to View the Crawling Performance Node in Invicti Standard
  1. Open Invicti Standard
  2. Start a Scan or open a previously saved scan.
  3. The Knowledge Base is displayed on the right of the Scan Summary Dashboard. (If it is hidden, display it again using the Knowledge Base icon on the View tab on the ribbon. Alternatively, click the Reset Layout icon on the View tab, then close the Activity/Progress/Logs panes to give maximum viewing space.)

  1. Ensure that the Knowledge Base Viewer is also displayed. (If it is hidden, you can display it again using the Knowledge Base Viewer button on the View tab. You may also want to close the Activity/Progress/Logs panes.)
  2. Click the Crawling Performance node in the Knowledge Base. All detected Crawling Performance information is displayed in the Knowledge Base Viewer.

Invicti Help Center

Our Support team is ready to provide you with technical help.

Go to Help Center This will redirect you to the ticketing system.