Exclude (and Include) Links from the Sitemap After Crawling

In Netsparker Desktop web application security scanner you can exclude specific URLs and parameters that have already been crawled from a scan while the scan is running and before they are scanned.

Excluding a URL or Parameter from a Web Security Scan

Prior to scanning a website for vulnerabilities, the Netsparker web vulnerability scanner crawls the website to discover all its pages and attack surfaces. Every resource that is crawled and is going to be attacked is added to the sitemap. For example as seen in the screenshot below, so far the web scanner identified identified the file parameter in the file process.php.

The files and URLs that Netsparker Desktop crawls are listed in the sitemap

To exclude the file parameter in the process.php resource from the vulnerability scan highlight the object, right click it and select Exclude from Attack, as shown below.

Exclude a file from the attack after it was crawled by Netsparker Desktop

Once an object is excluded it is marked with a no entry icon as shown in the screenshot on the left.

Note: If you exclude a resource while it is being scanned, the vulnerability checks that were running while you excluded it will still run. Only pending ones will be halted.

Excluding a Branch from a Web Security Scan

You can also exclude a complete branch from a scan. For example if you want to exclude all the files under a specific URLsuch as /support/ highlight it and select Exclude this Branch from Attack.

Include Resources Back in the Scan (Reversing the Exclusion)

If you would like to reverse your action and include back a resource or branch in the scan, highlight the resource in question, right click and select Include in Attack or Include Branch in Attack.

You can include back a resource you excluded during a scan in Netsparker Desktop


Keep up to date with web security news from Netsparker