In Netsparker Desktop web application security scanner you can exclude specific URLs and parameters that have already been crawled from a scan while the scan is running and before they are scanned.
Prior to scanning a website for vulnerabilities, the Netsparker web vulnerability scanner crawls the website to discover all its pages and attack surfaces. Every resource that is crawled and is going to be attacked is added to the sitemap. For example as seen in the screenshot below, so far the web scanner identified identified the file parameter in the file process.php.
To exclude the file parameter in the process.php resource from the vulnerability scan highlight the object, right click it and select Exclude from Attack, as shown below.
Once an object is excluded it is marked with a no entry icon as shown in the screenshot on the left.
Note: If you exclude a resource while it is being scanned, the vulnerability checks that were running while you excluded it will still run. Only pending ones will be halted.
You can also exclude a complete branch from a scan. For example if you want to exclude all the files under a specific URLsuch as /support/ highlight it and select Exclude this Branch from Attack.
If you would like to reverse your action and include back a resource or branch in the scan, highlight the resource in question, right click and select Include in Attack or Include Branch in Attack.