Support
Scans

Overview of Scan Profiles

This document is for:
Invicti Standard, Invicti Enterprise On-Premises, Invicti Enterprise On-Demand

As you launch web application security scans in Invicti, you can configure the scan settings manually. But, since many scans are necessary, it would be inefficient to manually configure the same settings each time. Scan Profiles enable you to save scan settings for future scans. Scan Profiles can be reconfigured at any time.

These are the scan settings you can add to a Scan Profile:

  • Target URL
  • Scan Policy
  • Report Policy
  • Custom Cookies
  • Crawling Information
  • Scan Scope and Excluded URLs
  • Additional Websites
  • Imported Links
  • URL Rewrite
  • Scan Time Window (for Invicti Enterprise)
  • Notifications (for Invicti Enterprise)
  • PCI Scans (for Invicti Enterprise)
  • Pre-request Scripts (for Invicti Standard)
  • Authentication Settings
  • Scan Tags

Scan Profiles apply only to single website scans. They cannot be used for group or multiple website scans.

For further information on Scan Profiles in Invicti Enterprise, see Invicti Enterprise Scan Options Fields. For further information on Scan Profiles in Invicti Standard, see Invicti Standard Scan Options Fields.

Configuring Scan Profiles in Invicti Enterprise

In Invicti Enterprise, configuring scan profiles is achieved through fields that are mostly the same for all scan types – full or incremental, single or group, immediate or scheduled.

If you want to set the Scan Profile as the default for a specific website, you can select it as Primary. Or, if you want to share the Scan Profile with your team, you can select it as Shared.

How to View Scan Profiles

  1. Log in to Invicti Enterprise.
  2. From the main menu, click Scans, then Scan Profiles. The Scan Profiles window is displayed.

How to Create a Scan Profile from Scan Settings

  1. Log in to Invicti Enterprise.
  2. From the main menu, click Scans, then New Scan. The New Scan window is displayed.
  3. Configure the scan settings as explained in Creating a New Scan.

New Scan Window Image

  1. Click Save Profile. The Save Scan Profile dialog is displayed.

  1. In the Name field, enter a name.
  2. Enable Primary or Shared.
  3. Click Save As New Profile.

How to Use a Scan Profile in a Scan

  1. Log in to Invicti Enterprise.
  2. From the main menu, click Scans, then New Scan. The New Scan window is displayed.

New Scan Window Image

  1. From the Scan Profile dropdown, select a scan profile.
  2. Click Launch.

If you select a scan profile while creating a new scan, any scan tags associated with that scan profile will appear on the New Scan page.

How to Edit a Scan Profile

  1. Log in to Invicti Enterprise.
  2. From the main menu, click Scans, then Scan Profiles. The Scan Profiles window is displayed.
  3. From the list, click Edit on the relevant Scan Profile.
  4. Configure the scan settings as required.
  5. Click Update Profile

New Scan Window Image

  1. The Save Scan Profile dialog is displayed.
  2. Complete the fields as explained in How to Create a Scan Profile from Scan Settings.

  1. Click Update. (Alternatively, click Save As New Profile.)

How to Delete a Scan Profile

  1. Log in to Invicti Enterprise.
  2. From the main menu, click Scans, then Scan Profiles. The Scan Profiles window is displayed.

  1. Next to the relevant scan profile, click Delete. The Delete Scan Profile dialog is displayed.

  1. Click Delete.

Filtering scan profiles

Column Filters

All columns can be filtered, using a highly customizable combination of Fields, Operators, and Values. Each is explained below. This is useful for teams that manage the security of many websites.

Filters & Values

This table lists the filters and values available for the columns listed above. Select an option to filter the list by that criterion.

  • In many cases, values can be entered into the value field; in others, the value can be selected from a drop-down menu.
  • You can enter more than one filter at a time.

Field

Description

Value

Name

Select to filter scan profiles by name.

Enter a value.

Target URL

Select to filter scan profiles by Target URL.

Enter a value.

Primary

Select to filter scan profiles by their status.

The drop-down options are:

  • (Not Set)
  • Yes
  • No

Shared

Select to filter scan profiles by their status.

The drop-down options are:

  • (Not Set)
  • Yes
  • No

Mine

Select to filter scan profiles by their creators.

The drop-down options are:

  • (Not Set)
  • Yes
  • No

Tags

Select to filter scan profiles by tags.

Enter a value.

Scan Policy

Select to filter scan profiles by scan policies.

Enter a value.

Operator

This table lists and explains the Operators available for filtering columns. They work in conjunction with the Field, Operator, and Value.

Operator

Description

Equal

This operator can be used for exact matching. 

Not Equal

This operator can be used to exclude some results based on exactly matching.

Contains

This operator can be used to include results if the filtered column contains the value. It does not matter where the value is. For example, you could filter for the word 'production'.

Not Contains

This operator can be used to exclude certain results on the Websites page.

Starts with

This operator can be used to filter for columns that begin with the value.

Ends with

This operator can be used to filter for columns that end with the value.

How to filter scan profiles in Invicti Enterprise
  1. From the main menu, select Scans > Scan Profiles.
  2. From the Scan Profiles page, select the filter button ( ) next to any header column.
  3. Select Clear to clear all fields.
  4. Add a New Filter.
  5. In the relevant filter, where relevant:
    • From the Field drop-down, select Tag.
    • From the Operator drop-down, select an option.
    • In the Value field, enter a value.
  1. Select Apply.

Configuring Scan Profiles in Invicti Standard

In Invicti Standard, when you configure scan settings in the Start a New Website or Web Service Scan dialog, the tab in which the changes are made is marked as bold and underlined for reference (e.g. General).

This is also useful when you load a Scan Profile. You can quickly see which tabs contain settings that have been modified.

For further information on each scan setting, see Invicti Standard New Scan Fields and Invicti Standard Scan Options Fields.

How to Create a New Scan Profile

  1. Open Invicti Standard.
  2. From the ribbon, click Home, then New. The Start a New Website or New Service Scan dialog is displayed.
  3. Configure the scan settings as explained in Invicti Standard New Scan Fields and Invicti Standard Scan Options Fields.
  4. In the Target Website or Web Service URL panel, click Previous Settings.

  1. Click Save as New Profile. The Save Profile As dialog is displayed.

  1. In the Profile Name field, enter a name, and click Save.

How to Load a Saved Scan Profile

  1. Open Invicti Standard.
  2. From the ribbon, click Home, then New. The Start a New Website or New Service Scan dialog is displayed.
  3. From the Target Website or Web Service URL panel, click Previous Settings.

  1. Select the Scan Profile you want to use.
  2. From the button dropdown, click the downward arrow, and click Start Scan.

How to Change the Scan Settings in a Scan Profile

  1. Open Invicti Standard.
  2. From the ribbon, click Home, then New. The Start a New Website or New Service Scan dialog is displayed.
  3. In the Target Website or Web Service URL panel, click Previous Settings.

  1. Select the name of the Scan Profile you want to change.
  2. Configure the settings as required.
  3. From the Previous Settings dropdown, click Save Profile.

Default Scan Profiles in Invicti Standard

The Invicti Standard web security scanner has two built-in Scan Profiles, the Default, and the Previous Settings.

  • The Default Scan Profile has the default configuration.
  • The Previous Settings built-in Scan Profile is used by the scanner to save the settings of the Scan Profile used in the previous scan. Even if you used a saved Scan Profile in a previous scan, its settings will be saved in the Previous Setting Scan Profile.

Managing Scan Profiles in Invicti Standard

Invicti Standard Scan Profiles are saved as XML files in the following location:

%USERPROFILE%\Documents\Invicti\Profiles

From this location, you can delete or back up your Scan Profiles

Not found what you're looking for?

Open a ticket and our technical support team will assist you quickly.

Open a ticket This will redirect you to the ticketing system.