Skip to main content
availability

Deployment: Invicti Platform on-demand, Invicti Platform on-premises

Instant scan

Running scans is a crucial step in the security assessment process, allowing you to identify and address vulnerabilities within your web applications. There are multiple ways to start a scan. This document describes how to launch a new scan immediately using the New scan button.

READ BEFORE LAUNCHING SCANS

All scans must comply with the Authorized target scanning policy. Review this document before executing the scans.

Steps to start a new scan

After configuring your targets, you're ready to begin scanning.

  1. Select Scans from the left-side menu, then click New scan on the DAST scans page to open the scan settings.
  2. In the Scan target drop-down, use the checkboxes to select the target you want to scan.
  3. Select Scan profile from the list of available default or custom profiles.
  4. Optionally, in the Report drop-down menu, select a report type.
  5. Optionally, in the Tags field, add tags to label and organize the scan.
  6. Select Immediately in the How would you like to scan? field.
tip

To schedule the scan for a later time, refer to the Future scan document.

If the target's login sequence includes a manual intervention step, you must use an instant scan on Invicti Platform on-demand - scheduled and recurring scans don't support interactive login. See Complete an interactive login for details.


  1. Confirm the scan configuration and start the scan by pressing Start scan.
Start scan button to confirm configuration and launch the scan.

The scan starts immediately. You can access the scan results by clicking on the relevant line on the list of scans on the DAST scans page. Refer to the Review scan results document for more information.

Complete an interactive login

availability

Deployment: Invicti Platform on-demand

If the target has a manual intervention step in its login sequence, the scan pauses at the start with a Waiting for Interactive Login status. A warning banner appears on the scan page.

  1. On the scan page, click Complete Interactive Login in the warning banner.
  2. The Login Sequence Recorder opens at the manual intervention point. Perform the required manual action - for example, solve the CAPTCHA.
  3. Click Resume in the Login Sequence Recorder. The scan continues automatically.
note

Only the user who started the scan can complete the interactive login. If the interactive login isn't completed within 30 minutes, the scan stops.

When a scan is waiting for interactive login, Invicti sends an in-app notification to the scan creator.

Alternative scan options

  • Future scan - schedules a one-time scan for a specific date and time.
  • Scheduled scan - sets up scans to run on a schedule through DAST scan schedules.
  • Recurring scan - sets up a scheduled scan that repeats automatically on a defined interval.
  • Incremental scan - scans only newly discovered or modified pages.
  • Scan dynamic URL target - triggers scans on ephemeral targets via API or CI/CD.
  • PCI ASV scan - runs official PCI DSS compliance scans through Clone Systems.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Last updated on
Was this page useful?