Website Scan (New)

Parameters

NameTypeDescriptionValue
tool_idIntegerThe id of this tool170
targetStringThe URL that will be scanned
scan_typeStringThe type of scan that you want to be performedfull_beta(current engine)
options[attack][active][String]A list of active test names to run against.
By default this is an empty list representing no tests should be performed
xss - XSS
sqli - SQL Injection
lfi - Local File Inclusion
oscmdi - OS Command Injection
options[attack][passive][String]A list of passive test names to run against.
By default this is an empty list representing no tests should be performed
security_headers - Security Headers
cookie_security - Cookie Security
directory_listing - Directory Listing
secure_communication - Secure Communication
weak_password_submission - Weak Password Submission Method
error_debug_messages - Commented code/Error codes
password_cleartext - Clear Text Submission of Credentials
cross_domain_source - Verify Domain Sources
mixed_content - Mixed Encryptions Content
options[discovery][String]A list of discovery test names to run against.
By default this is an empty list representing no tests should be performed
server_info_disc_light - Fingerprint Website
server_software_light - Server Software Vulnerabilities
parse_robots - Check for Robots.txt
js_libraries - JavaScript libraries
untrusted_certificates - SSL/TLS Certificates
client_access_policies - Client access policies
resource_discovery - Resource Discovery
options[spider][exclude_urls][String]A list of urls test names to run against.
By default this is an empty list representing no paths should be excluded.
options[spider][approach]StringThe crawling style to apply for the spidering process.classic (default)
spa(currenty unavailable)
options[spider][limits][depth]IntegerThe maximum depth measured by number of '/' that the scanner crawls and scans.This is 10 by default.

Start scan examples

{
  "op": "start_scan",
  "tool_id": 170,
  "tool_params": {
    "target": "http://demo.pentest-tools.com/webapp/",
    "scan_type": "full_beta",
    "options": {
      "spider": {
        "approach": "classic",
        "limits": {
          "depth": 10
        },
        "exclude_urls": "http://demo.pentest-tools.com/webapp/logout"
      },
      "attack": {
        "active": ["sqli", "xss"],
        "passive": ["cookie_security"]
      },
      "discovery": ["parse_robots"]
    }
  }
}