Skip to main content

Scan dynamic URL targets

For Dynamic URL (also known as ephemeral) targets, scans can only be triggered via the API or during CI/CD. They can't be initiated from the UI with the dynamic URL.

For instructions on how to add a dynamic URL target, refer to the linked document.

warning

All scans are associated with the same dynamic URL (ephemeral or short-lived) target, even though they are performed on different URLs.

There are two ways to scan a dynamic URL target:

  1. Scan a dynamic target via API
  2. Using any of the CI/CD integrations - just select your ephemeral target in the Asset field.

This document walks you through triggering a scan using API through Visual Studio.

READ BEFORE LAUNCHING SCANS

All scans must comply with the Authorized target scanning policy. Review this document before executing the scans.

Scan a dynamic URL target via API

Follow the steps following to scan a dynamic URL target using Visual Studio.

  1. Open Visual studio, paste in the following sample script, and amend the variables.
POST https://platform.invicti.com/api/v1/scans HTTP/1.1
Content-Type: application/json
accept: application/json
Authorization: Bearer {YOURTOKEN}

{
  "user_authorized_to_scan": "yes",
  "target_id": "{YOUTARGETID}",
  "profile_id": "11111111-1111-1111-1111-111111111117",
  "schedule": {
    "disable": false,
    "time_sensitive": true,
    "history_limit": 10,
    "triggerable": false
  },
  "max_scan_time": 0,
  "incremental": false,
  "address": "{YOURTESTURL}"
}
Replace the following parameters:
  • {YOURTOKEN}: Replace with your Invicti Platform API key.
  • {YOUTARGETID}: Replace with the target ID taken from Inventory > Targets > Target ID in the right-side drawer.
  • {YOURTESTURL}: Replace with the URL you would like to scan.

  1. Execute the script in Visual Studio to trigger the scan via the API.

  2. The response then looks similar to this.

Dynamic URL target scan response

  1. If you navigated to the Scans > DAST scans page, you would see a scan starting.

  2. Using the scan_id, you can locate the scan in Invicti Platform.

Find what URL was used for a scan

To see what URL was used for a Dynamic URL target scan follow these steps:

  1. Select Scans from the left-side menu to open the All scans page.

  2. Choose the scan you want to review.

  3. Go to the Vulnerabilities tab, select a specific vulnerability, and view the associated URL in the panel that appears on the right.

Dynamic URL scan results showing vulnerabilities tab with associated URLs

Need help?

The Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?