Package: Invicti AppSec Core (on-demand)
Authorized target scanning policy
Read before launching scans
Before initiating any scans, it's critical to ensure that you have proper authorization to test the target website or web application.
- Unauthorized scanning is prohibited. Performing scans without consent may result in your IP address and all scan-related activity being logged on the target's web server.
- Inform stakeholders. If you aren't the sole administrator of the website or application, you must notify all relevant administrators before starting a scan.
- Be aware of the potential impact. Some scans may cause performance issues or even result in the target system becoming temporarily unavailable, requiring a manual restart.
By proceeding with a scan, you confirm that you've obtained all necessary permissions and accept responsibility for the actions and consequences associated with the scan.
Use Invicti test websites
If you're new to scanning or want a safe environment to experiment in, we recommend using our publicly available test websites. These are designed specifically for safe, controlled scanning and testing, so you can explore Invicti AppSec's capabilities without impacting live systems.
✅ Recommended: testinvicti.com (Verified available)
The testinvicti.com test environment provides reliable, comprehensive testing coverage with multiple technology stacks:
- Main site: http://testinvicti.com/
| Name | URL | Technologies |
|---|---|---|
| ASP.Net - Testinvicti | http://aspnet.testinvicti.com | Windows, IIS, ASP.NET, MsSQL |
| PHP - Testinvicti | http://php.testinvicti.com | Windows, Apache, PHP, MySQL |
| SPA - Angular - Testinvicti | http://angular.testinvicti.com | Ubuntu, Apache, PHP, Angular 5, MySQL |
| API - REST - Testinvicti | http://rest.testinvicti.com | Ubuntu 18, Apache, PHP 7.1, MySQL |
| GraphQL - Testinvicti | http://graphql.testinvicti.com | Ubuntu 22.04, NodeJS, GraphQL |
| Python - Testinvicti | http://python.testinvicti.com | Ubuntu 22.04, Flask, CouchDB, nginx |
| API - Vulnerable API | http://vulnapi.testinvicti.com | Ubuntu, NodeJS, Swagger, SQLite |
⚠️ Alternative: vulnweb.com (May have availability issues)
Note: These sites may occasionally be unavailable due to maintenance or infrastructure issues. If you encounter connection problems, please use the testinvicti.com sites above.
- Main site: http://www.vulnweb.com/
| Name | URL | Technologies |
|---|---|---|
| SecurityTweets | http://testhtml5.vulnweb.com | nginx, Python, Flask, CouchDB |
| Acuart | http://testphp.vulnweb.com | Apache, PHP, MySQL |
| Acuforum | http://testasp.vulnweb.com | IIS, ASP, Microsoft SQL Server |
| Acublog | http://testaspnet.vulnweb.com | IIS, ASP.NET, Microsoft SQL Server |
| REST API | http://rest.vulnweb.com/ | Apache, PHP, MySQL |
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center