Skip to main content
availability

Deployment: Invicti Platform on-demand, Invicti Platform on-premises

Custom scan profiles

Each time you start a scan on a target, you can specify which scan profile to use. By default, Invicti uses the Full Scan profile. You can choose from the built-in profiles or use a custom scan profile.

This document explains how to create a custom scan profile for use when scanning a target.

What are custom scan profiles

Custom scan profiles let you concentrate on particular areas of concern by choosing the precise tests you require. This helps ensure your scans fully cover your web applications and increases the overall efficacy of your security testing efforts.

To see what checks you can add to your scan profile, refer to the Checks for custom scan profiles section of this document.

Create a custom scan profile

You can create a custom scan profile in two ways:

  • New profile - start with a blank profile and select only the checks you need.
  • Clone an existing profile - duplicate an existing built-in or custom profile and modify it to suit your needs.
note

When you enable a category in a scan profile, Invicti automatically includes any new security checks added to that category in future updates.

Create a new profile

  1. Select Scans > Scan profiles from the left-side menu.
  2. Click Add new profile.
Add new profile button in the scan profiles interface.
  1. Enter the profile Name.
  2. Optionally, enter a Description to explain the purpose of this profile.
  3. Click the up and down arrows to expand the sections for more granularity.
  4. Enable the checkbox next to each check you want to include in your custom scan profile. Each check displays the highest severity it can report. To narrow the list, use the Severity filter to show only checks that can report at a specific severity level.
Search for checks

You can also use the search field to find checks and tests. For example, searching for "xss" shows you all the available checks for cross-site scripting.


Security checks with maximum severity.
  1. Click Add profile.

Your new custom scan profile appears at the bottom of the Scan profiles page.

Custom scan profile listed at the bottom of the scan profiles page

Clone an existing profile

Clone an existing built-in or custom scan profile to use it as a starting point for your new profile.

  1. Select Scans > Scan profiles from the left-side menu.
  2. Find the profile you want to clone and click the clone icon in the Actions column. The Add new profile dialog opens with the checks from the original profile pre-selected.
  3. Update the profile Name. By default, the name is set to "[Original profile name] - copy."
  4. Optionally modify the Description if needed. The description from the original profile is copied by default.
  5. Modify the checks as needed by selecting or deselecting checkboxes.
Search for checks

You can also use the search field to find checks and tests. For example, searching for "xss" shows you all the available checks for cross-site scripting.


Create a custom scan profile by cloning an existing one.
  1. Click Add profile.

Your new custom scan profile appears at the bottom of the Scan profiles page.

Edit a custom scan profile

  1. Select Scans > Scan profiles from the left-side menu.
  2. Click on the name of the custom scan profile you want to edit.
  3. Make your changes to the custom profile by selecting or deselecting checks for inclusion.
  4. Click Update profile.

Delete a custom profile

  1. Select Scans > Scan profiles from the left-side menu.
  2. Find the scan profile you would like to delete and click the dust bin icon to delete it.
Delete scan profile using the dust bin icon
  1. Click Delete profile to confirm this action.

Run a scan using a custom scan profile

When starting a new scan, you can choose a built-in profile or your custom scan profile from the Profile drop-down. For detailed instructions, refer to the New scan document.

Profile drop-down window showing the custom profile as selected

Checks for custom scan profiles

Here are the checks you can add to your custom scan profiles:

Scanning tests

Scanning tests include the following types:

  • File tests check vulnerabilities in files identified on the website.
  • Directory tests check vulnerabilities on directories identified on the website.
  • Input scheme tests check vulnerabilities on various parts of the website, such as GET parameters, Form inputs, and HTTP headers.
  • Server tests check vulnerabilities that are related to the server hosting the website.
  • Structure tests include the tests executed at the end of the crawl session, which identify vulnerabilities in the website's structure.
  • Post-scan tests include checks that are carried out at the end of the scan, such as checking for any stored cross-site scripting that might have been injected during the scan.
  • Known web application tests include security audits for various well-known web applications, such as WordPress or SAP products.

Runtime passive analysis

Includes vulnerability checks run passively during the crawl. For example, checks for situations where the website insecurely transitions from HTTPS to HTTP.

Crawler analysis

Includes vulnerability checks that act upon the responses from the web server to the crawler requests.

Location tests

Include tests that are executed on each unique location identified.

HTTP Data tests

Include vulnerability checks executed on all requests. These checks look for very specific content in the request/response and proceed to further verifications in specific scenarios. For example, the SAML signature audit checks are only executed when SAML Response is found.

Target tests

Include vulnerability checks executed only once on the target being scanned.

Input parsing tests

Include checks targeting input parsing vulnerabilities, such as prototype pollution.

Client-side checks

Include checks executed using the browser capabilities provided by DeepScan. An example of such vulnerabilities is DOM cross-site scripting.

Include checks executed on API endpoints.

info

Available only with API Security Add-on.

Include checks for LLM-powered applications provided by DeepScan. Example checks include prompt injection and leakage or insecure output handling. For specialized testing scenarios such as AI-powered applications, you can create profiles targeting specific vulnerability types like LLM-based app vulnerability testing.

Custom scripts

Include scripts that execute any custom scripts found in the custom scripts folder.

Malware scanner

Includes checks of the web application for malicious links and malware.

info

Requires an on-premises deployment or an internal agent.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?