Scanning multiple websites with Netsparker Desktop using the Command Line Interface

This post explains in an easy to follow step-by-step format how you can scan multiple websites for vulnerabilities using the command line interface of the Netsparker web application security scanner.

Note: Read the FAQ on how to use the Netsparker command line interface for more information about the different arguments available.

Create a Text File with a List of Targets

Create a text file with a list of all the URLs of the target websites you want to scan. For this example the text file will be called targets_list.txt. Each target URL should be on a line of its own, as shown in the below example:



Create the Scan Profiles (Optional)

If you won't be using the default web security Scan Profile, create one for each website you will scan using the GUI. You need a scan profile if for example you need to configure form authentication, optimize a Scan Policy etc. For this example we have the following scan profiles:

Scan Profile:

Scan Profile:

Write the Microsoft PowerShell Script to Launch the Scans

Use the below Microsoft PowerShell script to trigger the security scans, replacing the sample variables used in this example with yours (the detailed explanation of all the variables is below this script):

$NetsparkerExecPath = "C:\Program Files (x86)\Netsparker\Netsparker.exe"

# Variables
$URLs = "C:\Users\User1\Documents\targets_list.txt"
$NetsparkerReportPath = "C:\Users\User1\Documents\"
$NetsparkerReportTemplate = "Detailed Scan Report"

 foreach ($url in get-content $URLs) {
     $domain = ([System.URI]"$url").Host
     $report = $NetsparkerReportPath + $domain + "_" + (Get-Date -format "yyyyMMdHm")
     start-process -FilePath "$NetsparkerExecPath" -ArgumentList "/url ""$url"" /profile ""$domain"" /a /s /r ""$report"" /rt ""$NetsparkerReportTemplate"""


What are the variables in the script?

  • $URLs: the location of where the text file is saved.
  • $NetsparkerReportPath: the location where web security scan reports should be saved once the scans are ready.
  • $NetsparkerReportTemplate: the report template Netsparker Desktop should use for the reports.

Launch the Security Scans

Once you trigger the above Microsoft PowerShell script Netsparker Desktop will scan all the target websites and web applications listed in the text file created during the first step of this post, and create a Detailed Scan Report about each of the scans.


Dead accurate, fast & easy-to-use Web Application Security Scanner