In Netsparker Desktop web application security scanner you can exclude specific URLs and parameters that have already been crawled from a scan while the scan is running and before they are scanned.
Excluding a URL or Parameter from a Web Security Scan
Prior to scanning a website for vulnerabilities, the Netsparker web vulnerability scanner crawls the website to discover all its pages and attack surfaces. Every resource that is crawled and is going to be attacked is added to the sitemap. For example as seen in the screenshot below, so far the web scanner identified identified the file parameter in the file process.php.
To exclude the file parameter in the process.php resource from the vulnerability scan highlight the object, right click it and select Exclude from Attack, as shown below.
Once an object is excluded it is marked with a no entry icon as shown in the screenshot on the left.
Note: If you exclude a resource while it is being scanned, the vulnerability checks that were running while you excluded it will still run. Only pending ones will be halted.
Excluding a Branch from a Web Security Scan
You can also exclude a complete branch from a scan. For example if you want to exclude all the files under a specific URLsuch as /support/ highlight it and select Exclude this Branch from Attack.
Include Resources Back in the Scan (Reversing the Exclusion)
If you would like to reverse your action and include back a resource or branch in the scan, highlight the resource in question, right click and select Include in Attack or Include Branch in Attack.