This short guide covers the essentials of which of our tools and features to streamline in order to set up your workflow when assessing websites. The full, step-by-step guide can be found in our Learning Center.
Discover your attack surface [optional]
If you already know your target hostname’s attack surface, you can skip the discovery stage.
Run the Website Scanner
The Website Scanner finds common vulnerabilities that affect web applications, such as SQL Injection, XSS, OS Command Injection, Directory Traversal, and others. The scanner also identifies specific web server configuration issues.
The Full scan goes into much more detail than the Light Scan and attempts to map the entire attack surface of the target system through various tactics: crawling the application, discovering hidden files, using more attack vectors to check for server configuration issues and outdated services, etc.
Run a specific CMS scanner [optional]
Perform an authenticated website scan [where applicable]
If your target application requires authentication and you don’t enable authenticated scans, the Website Scanner covers only a small set of application functionalities, specifically the ones exposed before the user has to log in. To get more in-depth results, we recommend performing authenticated scans.
We offer four authentication methods for our Website Scanner tool: recorded, automatic, cookies, or headers. If you don’t know which one is suitable for your target application, check out how each authentication method works in the dedicated guides we created for you.
Discover hidden files with URL Fuzzer
The URL Fuzzer finds hidden files and directories on a web server through the fuzzing method. This is a discovery technique that allows you to discover resources that are not meant to be publicly accessible (e.g. /backups, /index.php.old, /archive.tgz, /source_code.zip, etc).
Test the webserver using the Network Vulnerability Scanner
Since the Network Vulnerability Scanner with OpenVAS helps you detect a wide range of vulnerabilities in network services, operating systems, and also in web servers, its use cases are very diverse. Make sure to test each of your servers to make the most of its capabilities.