Crawling Performance Node
Crawling is a vital phase of an Invicti Enterprise scan. It allows the detection of vulnerable points in the target web application during the attacking stage.
Invicti Enterprise systematically interacts with every link and button within the application to ensure comprehensive coverage. It also submits and navigates through discovered forms to access pages that typically appear only after submission. This process helps build a complete link pool, which is then analyzed for potential vulnerabilities.
The scanner compiles these links in the Knowledge base, providing detailed information on how each one was discovered.
You can access the same information in the Knowledge base report and Knowledge base tab.
For information about our other Knowledge base nodes, refer to the Knowledge base nodes documentation.
Learn how to view the Crawling Performance node in Invicti Enterprise and Invicti Standard.
Invicti forms Knowledge base nodes on its findings.
This document outlines the sources used to calculate the number of links.
| Source | Description |
|---|---|
| AJAX/XMLHttpRequests | This is the number of links identified as AJAX requests. |
| ASP.NET Project Importer | This is the number of links identified from the ASP.NET Project (*.csproj or *.vbproj) file. |
| Backup Resource | This is the number of links identified by the Backup Modifier, which tries to find backup (*.bak, *.old) files. |
| BLR Script | This is the number of links identified through the BLR Script. The BLR Script is a feature that automates specific user interactions on a website during a security scan, such as filling out forms or clicking buttons. It improves scan coverage and accuracy by simulating real user actions. |
| Burp Importer | This is the number of links identified from the Burp log file. |
| CSV Importer | This is the number of links identified from comma-separated values. |
| DOM Parser | This is the number of links identified by the DOM Parser, which parses HTML or XML files. |
| DOM Parser Extracted Resource | This is the number of links identified by the DOM Parser Extracted Resource, which extracts resources like image and frame. |
| DOM Parser Navigate | This is the number of links identified by the DOM Parser Navigate, which intercepts navigate calls. |
| DOM Parser New Window | This is the number of links identified by the DOM Parser, which intercepts new window calls. |
| .DS_Store Modifier | This is the number of links identified from the .DS_Store file. |
| Fiddler Importer | This is the number of links identified from the Fiddler Session Archive (*.saz) file. |
| Form Authentication Sequence | This is the number of links discovered while performing form authentication requests. |
| HTTP Archive Importer | This is the number of links identified from the HTTP Archive (*.har) file. |
| HTTP Request Importer | This is the number of links that are identified by parsing sources. |
| I/O Docs Importer | This is the number of links that identified from the I/O Docs (*.json) file. |
| Link Importer | This is the number of links that are identified using the Link Importer tool. |
| Mod Negotiation Resource | This is the number of links that are identified from content negotiation provided by the mod_negotiation module. |
| Invicti Session Importer | This is the number of links that are identified from the Invicti Session (*.nss) file. |
| OWASP ZAP Importer | This is the number of links that are identified from the OWASP ZAP file. |
| Postman Importer | This is the number of links that are identified from the Postman file. |
| Proxy | This is the number of links that are crawled using the proxy (Manual Crawling) feature. |
| RAML Importer | This is the number of links that are identified from the RESTful API Modeling Language (*.raml) file. |
| Related Link | This is the number of links identified by the scanner through analysis of other crawled links. |
| Resource Finder | This is the number of links identified through Common Files and Directories checks, which detect hidden resources not visible to the public, as well as through brute-forcing hidden resources. |
| Robots.txt Sitemap | This is the number of links that are identified from robots.txt or sitemap.xml files. |
| Shark Resource Modifier | This is the number of links identified by the Shark Resource Modifier. Shark Resource Modifier is a mechanism that uses Shark, an agent on the web server, to directly list files and directories. It bypasses traditional brute-force methods, making hidden resource discovery more efficient and precise. |
| SOAP Web Service Parser | This is the number of links that are links identified from SOAP Web Service parser. |
| Start Link | This is the number of links the user enters to initialize the scan. It is basically the target URL. |
| Swagger Importer | This is the number of links that are identified from the OpenAPI (formerly Swagger) (*.json, *.yaml, *.yml) file. |
| Text Parser | This is the number of links identified by the text parser while parsing the responses' source code. |
| Text Parser Form | This is the number of links identified through HTML forms to which the forms are submitted. |
| Unspecified | This is the number of links for which the scanner could not determine the Parsing Source. |
| WADL Importer | This is the number of links that are identified from the Web Application Description Language (*.wadl) file. |
| WordPress Importer | This is the number of links that are identified from the WordPress REST API (*.json) file. |
| WSDL Importer | This is the number of links that are identified from the Web Services Description Language (*.wsdl) file. |
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center