Why not automate 100% of the process?
Because you just can’t automate everything. No automated scanner can...
- Interpret the context of the target
- Decide which data is important
- Know when to stop or when to push further
- Find logic flaws, chain exploits, and do custom post-exploitation
To make this task easier for you, our scanners can automatically verify some findings by exploiting the identified vulnerabilities and presenting the user with a proof of exploitation. These will be already tagged as CONFIRMED.
The findings that cannot be automatically validated will be tagged as UNCONFIRMED. This means that they may or may not be legitimate findings, as such is the inherent risk of any automated scanner - to generate false positives.
Our development team is doing its best to reduce the rate of false positives generated by the scanners, as well as provide as much information as possible in the finding details section, so you can manually check and confirm each finding.
To help you manually validate findings we provide an easy exploit that runs the attack vector directly from the scan result. Use the Replay Attack button to check the result of the exploit.
Once verified, you can go to your findings tab, select the finding(s), click Modify Finding, and select Change Verified.