Scanning APIs

Scanning gRPC API Web Services with Invicti Enterprise

This document is for:
Invicti Enterprise On-Demand, Invicti Enterprise On-Premises

gRPC (Remote Procedure Call) is a modern, high-performance framework that enables efficient communication between services in distributed systems. Unlike traditional RESTful APIs, which typically use JSON over HTTP, gRPC uses protocol buffers as its Interface Definition Language (IDL) and HTTP/2 for transport. This combination offers benefits such as improved performance, built-in support for streaming, and strong typing. This document describes how to scan gRPC API Web services with both Invicti Enterprise On-Premises and Invicti Enterprise On-Demand.

How to scan gRPC API Web Services

The process involves preparing a new scan, uploading a .proto file, and adding the gRPC Service URL into the Additional Websites page. For detailed instructions, follow these steps:

  1. Log in to Invicti Enterprise.
  2. From the main menu, select Scans > New Scan.
  3. Fill in the Target URL and select a Scan Profile.
  4. From the Scan Settings, select Links/API Definitions.
  5. In the Links / API Definitions > From File section, select gRPC.

  1. In the gRPC Proto Import window, type the gRPC endpoint URL and click Ok.

NOTE: The Agent does not support multiple .proto files. While multiple .proto files can be imported through the UI, the Agent only utilizes a single .proto file.

  1. If the entered gRPC Endpoint URL is located in a different domain than the Target URL, the gRPC endpoint will be added to the Additional Websites section. Click Ok.

  1. In the window that opens up, locate and select the .proto file, and click Open.
  2. The All imported Links section is updated with the .proto file you selected.

  1. In Scan Settings, under Additional Websites, the gRPC URL is specified as an additional website.

  1. Click Launch at the bottom of the page to start scanning with the gRPC Service.

Invicti Help Center

Our Support team is ready to provide you with technical help.

Go to Help Center This will redirect you to the ticketing system.