Support
Knowledge Base Nodes

Knowledge Base Nodes

This document is for:
Invicti Standard, Invicti Enterprise On-Premises, Invicti Enterprise On-Demand

During scans, Invicti collects information about the web application and displays it in various nodes in the Knowledge Base. This information helps you understand your web application better and learn how attackers are likely to proceed. Knowledge Base node information also helps security practitioners fine tune scans for better coverage.

For further information, see Knowledge Base Tab, and Knowledge Base Report.

Knowledge Base Nodes List

This table lists and explains the Knowledge Base nodes found in Invicti Enterprise and Invicti Standard.

Node Description
AJAX / XML HTTP Requests This is a list of the AJAX / XML HTTP Requests found in the target application. From this node, you can check that Invicti is detecting and simulating all of these requests, especially when scanning a client-side script heavy web application such as a single page application.

This is sometimes referred to as the XML HTTP Requests List.

For further information, see AJAX / XML HTTP Request Node.

Attack Possibilities This is a list of the possible number of attacks per engine that Invicti might carry out. Attack possibilities information is collected by attack engines when Invicti is attacking a website. These values are calculated on the basis of the number of parameters present for each link. They are used as estimates to inform users about scan progress.

This node is displayed in Invicti Standard only and is disabled by default. In order to see it in a report, you must first enable it (see Advanced).

For further information, see Attack Possibilities Node.

Comments This is a list of source code comments. Some of them may contain sensitive keywords highlighted in red and bold. This is the most overlooked security issue of all and could lead to sensitive information disclosure. It is very typical for developers to leave very sensitive information in web applications, such as connection strings, administrative accounts credentials, details of the test environments and much more. Invicti allows users to add new entries to the list of sensitive comments so they are alerted once this type of entry is identified in the source code comments. Users can also modify the existing patterns from the Comments node in the Invicti settings.

For further information, see Comments Node.

Cookies This is a list of cookies set by the target application. Cookies can disclose a lot of information about the target website that attackers can use to craft a malicious attack. From this node, security professionals have access to a centralized list of all cookies, so they can analyse them one by one and identify any cookie-related security issues.

For further information, see Cookies Node.

Crawling Performance This is a table with information on crawling performance, such as Parsing Source, Crawled Link Count, Total Response Time, and Average Response Time. For further information, see Crawling Performance Node.
CSS Files This is a list of CSS Files found in the target application. Modern web applications have dynamic CSS files (ones that accept input from other sources and variables) so they can also be an attack vector. Even though Invicti automatically scans target web applications for potential vulnerabilities in CSS files, this list is useful for users who need to manually analyze them.

This is sometimes referred to as the Client CSS File List.

For further information, see CSS Files Node.

Email Addresses This is a list of email addresses found in the target application. Although having clear text email addresses on a website is not a vulnerability in itself, it is good to know what email addresses are published on the website.

For further information, see Email Addresses Node.

Embedded Objects This is a list of all the embedded objects such as Flash files or ActiveX components that were discovered in the target web application, and their location.

For further information, see Embedded Objects Node.

External CSS Files This is a list of all the external CSS files the target website uses. This is for information purposes only.

For further information, see External CSS Files Node.

External Frames This is a list of frames found in the target application that originate from an external source. Similar to external scripts, external frames may be the result of an already hacked website. This is why it is good for security professionals to know about all the external objects in a web application.

For further information, see External Frames Node.

External Scripts This is a list of external scripts found in the target application. An external script from a non-trusted source should be considered a security risk, since it might be tampered by someone else to execute malicious JavaScript on the target web application. Such tampering might result in a stored or permanent cross-site scripting vunerability.

Information in this knowledge base node can also help users determine whether the target web application has already been hacked; for example, whether malware is being distributed via an injected script. All (un)trusted third party scripts used in your web application are also listed in this knowledge base node.

For further information, see External Scripts Node.

File Extensions This is a list of file extensions found in the target application. Under each extension, it will also list all the files with that extension. This information helps security professionals determine what is being served from the target web application.

For further information, see File Extensions Node.

Form Validation Errors This is a list of Form Validation Errors found in the target application. This is an Information level issue that informs you about web forms that were unable to be submitted due to validation errors.

For further information, see Form Validation Errors Node.

Google Web Toolkit This is a list of any GWT-RPC requests that are identified during a scan. When such requests are identified it means that a web application built with Google Web Toolkit is running on the target server.

They are sometimes referred to as GWT Requests.

For further information, see Google Web Toolkit Node.

Incremental Scan This is a list of all the new links found during incremental scans, allowing you to identify newly-added pages.

For further information, see Incremental Scan Node.

Interesting Headers This is a list of all the unusual or customized HTTP headers encountered during a security scan of the target web application. This information is very useful for quality assurance teams. It can lead them to discover any legacy or unused components that are still being called because some unused code is still enabled in the system.

This information can also help security professionals uncover more information about the target web application and the environment it is running in. For example, they can find out if a load balancer or web application firewall is in use, or determine the version of some of the server components to enable more targeted testing.

This is sometimes referred to as the Custom Header List.

For further information, see Interesting Headers Node.

Invicti Shark This is a list of issues identified by Invicti Shark (IAST). You can run interactive security testing with Invicti Shark. Using it enables Invicti to provide additional information from the back-end while scanning your web application. Once the scan is completed, all components are listed under the Shark node in the Knowledge Base.

For further information, see Invicti Shark Node.

JavaScript Files This is a list of JavaScript files found in the target application. Security professionals can refer to this centralized list of information to check that all JavaScripts on the target website are secure and are being used appropriately. This avoids the risk of neglecting to find some during a manual check.

This is sometimes referred to as the Client Script List.

For further information, see JavaScript Files Node.

MIME Types This is a list of MIME Types found in the target application. Under each MIME type, Invicti also lists all the files with that MIME type. This information is very useful in case further manual testing is required. It also helps security professionals spot any unusual files or types served by the server which could indicate a successful hack.

For further information, see MIME Types Node.

Not Founds This is a list of all the web pages that return a 404 error. This is used to inform users that these pages are not reachable and therefore cannot be scanned.

For further information, see Not Founds Node.

Out of Scope Links This is a list of all Out of Scope Links, both uncrawled and unattacked. From this knowledge base node, users can determine what was not scanned and why, to enable them to fine tune their security scan settings should they wish to also scan these links.

For further information, see Out of Scope Links Node.

Proofs This is a list of all the data that is extracted as a Proof when exploiting a vulnerability: Identified Database Version, Identified Database Name and Identified Database User. This data could contain the username and database name for a SQL Injection, or the content of a file for a local file injection for example. From this node, you can discover how much potentially sensitive information the scanner was able to extract automatically for demonstration purposes.

For further information, see Proofs Node.

REST APIs This is a list of a REST API or RESTful web services that are identified in a scan. Invicti automatically crawls and scans the RESTful Web service.

For further information, see REST APIs Node and Finding Vulnerabilities in RESTful Web Services Automatically with a Web Security Scanner.

Scan Performance This is a table with information on scan performance, such as source, request count, total response time, and average response time.

For further information, see Scan Performance Node and Scan Performance Upgrades.

Site Profile This is a table with site profile information about the technologies used in the target website, such as JavaScript Libraries, Database Server and Operating System.

For further information, see Site Profile Node.

Slowest Pages This is a table listing the top ten slowest pages by URL and Response Time. In this knowledge base node, the average response time of the target web application is displayed together with all the pages with the highest response time. Pages that are slow to load do not pose any security threat, except perhaps for a Denial of Service (DoS), but there is a reason why they are taking longer to load. It could be caused by errors or inefficiencies in the code, so it is still worth knowing about them for troubleshooting purposes.

This is sometimes referred to as the Top Response Times List.

For further information, see Slowest Pages Node.

Software Composition Analysis (SCA) Node This node displays an information table on third-party components detected by Invicti Shark (IAST) in your web application. During the scan, Invicti identifies these components in your web application and lists them in the Knowledge Base panel. So, security and technical personnel can refer to the list to make sure that all third-party components are up to date and have no known vulnerabilities.

For further information, see Software Composition Analysis (SCA) Node.

SSL This is a list of the information about the SSL certificate used in the target website, and the protocols and ciphers that are supported by the target server. Recently, there have been a number of issues with old ciphers and protocols, so it is good to know what the target web application supports, so you can fine tune the server’s configuration.

This is sometimes referred to as the SSL Knowledge Base Provider.

For further information, see SSL Node.

URL Rewrite This node contains tables with information on the URL Rewrite settings and the URL Rewrite rules matched in the target application. Invicti scanners automatically configure their own URL rewrite rules when scanning a website that uses URL rewrites, so you do not have to manually configure them. If you need to verify the rules, or get a better understanding of the workings and setup of the target web application, check the rules that the scanner automatically configured.

For further information, see URL Rewrite Node and URL Rewrite Rules.

Web Pages With Inputs This is a list of form inputs found in the target application. This list can be used by developers and QA (quality assurance)  members for further manual testing. Security professionals find such information useful too, since it gives them a better overview of the attack surfaces of a web application.

It is sometimes referred to as the Form Inputs List.

For further information, see Web Pages With Inputs Node.

Web Services (SOAP) This is a list of SOAP WEB Services found in the target application, with details on the operation and parameter of each.

For further information, see Web Services (SOAP) Node.