Skip to content

Creating a new scan

You must have Super administrator, Administrator, or User level access rights to create and start a scan. See Roles and permissions for more information.

Before starting the scan, it is recommended to follow the steps described in the Preparing to scan production applications section.

To start the scan, go to the Scans page using the link in the side menu. The page is also available via the List of scans link in the Scans card on the Overview page.

Quick creation

  1. Click New scan to open the Create Scan Wizard.

  2. Select or create a target:

    • To scan previously created targets, select one or more targets from the list. For faster search, you can enter part of the target's URL in the corresponding field.

    • To scan a new target, enter the target's URL (the URL must begin with http:// or https://) and click Create this target.

      SolidPoint dashboard. Creating a scan

    Important

    If you select a large number of targets to launch simultaneously, a scan queue will be created: some scans will launch as others finish. Please note that the number of selected targets will affect the system performance and the time it takes to complete the scanning process.

  3. Press Create.

    A scan will be launched with the default settings.

Step-by-step creation

  1. Follow steps 1 and 2 of the previous instructions.
  2. To change the scan settings, go to the Scan Type step.

  3. Select the scan type: Full, Custom, or Discovery. The option to Scan with DirBuster will be available for the Custom scan type only if the static-crawler module is selected.

    Detailed information about the scan types is provided in the tooltips within the interface and in the table below.

  4. You can create the scan immediately by clicking Create or go to the Summary step to check the scan settings first.

    The scans you create will be displayed at the top of the list on the Scans page.

Scan types

Type Dirbusting is available Description
Full All available modules are used. The process can be time-consuming
Discovery Preliminary investigation of the target, which includes identifying all endpoints of the server API. This type of scan does not reveal any vulnerabilities, but the results can be used for further investigation
Custom ✓- Allows you to select the modules that will be used during scanning. For the fuzzing modules to work correctly, discovery must be performed by the appropriate modules beforehand. The option to scan with DirBuster will only be enabled if the static-crawler module is selected