Scanning The Websites That Are Linked To From the Target

Category: Product Docs & FAQS - Mon, 03 Oct 2016 - by Robert Abela

Note: This FAQ applies for both Netsparker Desktop and Netsparker Cloud web scanners. Visit the support page for more documentation.

By default both the Netsparker Desktop and Netsparker Cloud web application security scanners do not scan any domains that are different from those of the starting URL. Therefore when you are scanning http://example.com, if there is a link to http://api.example.com, Netsparker will not follow and scan the website or links to http://api.example.com. Instead it reports them as Out of Scope Links in the Knowledge Base node:

Out of scope links in Netsparker Knowledge Base node

Configuring the Additional Websites to Scan

If you want the Netsparker scanner to scan the websites which are linked to from the target specified in the wizard you need to specify them in the section Additional Websites in the Start a New Website or Web Service Scan dialogue box, which is shown in the below screenshot.

Configuring the additional websites in Netsparker web vulnerability scanner

When specifying a new website you need to enter a full URL including the protocol and the port if the target is running on a non default port, such as http://api.example.com and http://docs.example.com:8043. Please note that you can only add websites that are allowed by your license.

Configuring Canonical Websites

The Netsparker scanner treats canonical links as target website’s links and applies the same scan settings. Therefore if for example http://example.com and http://www.example.com point to the same website enable the Canonical checkbox next to the website listing as seen in the above screenshot. When this option is enabled, when the Netsparker scanner detects a link to canonical domain such as http://www.example.com/blogs/foo-bar, it will be converted to  http://example.com/blogs/foo-bar and scanned via this URL.

The Scan Profile & Settings Used for the Additional Websites

Note: For more information on Scan Profiles refer to documents about configuring and managing Scan Profiles in Netsparker Desktop and Netsparker Cloud.

Scan Scope

The configured Scan Scope settings do not apply for the Additional Websites. Instead the Whole Domain scan scope will always apply. This means that all of the detected pages and sub folders on the additional website will be scanned.

Include / Exclude URLs

The configured Include/Exclude URLs do apply for Additional Websites. Therefore if an additional website’s links contains exit or endsession keywords, they will be excluded from the scan as per the below configuration.

Including or excluding links in Netsparker Desktop

Imported Links

You can also add Imported Links which will be applied to the Additional Websites.

Imported links configuration in Netsparker Cloud

URL Rewrite Rules

The URL rewrite configuration also applies for Additional Websites. Therefore if the heuristic URL rewrite technology is used, the scanner will try to automatically identify the URL Rewrites on the target website. If custom URL Rewrite rules are configured, they will also apply to Additional Websites as well.

Configuring URL rewrite rules in Netsparker Cloud
Therefore if an Additional Website contains a link that matches the pattern configured above, for example http://api.example.com/products/1, the URL Rewrite parameter(s) will detected automatically.

Authentication

It is not possible to configure authentication settings for Additional Websites via the scan settings.

Reporting Scan Activity and Issues Identified in Additional Websites

The configured Additional Websites will have a node each in the Site Map window, as can be seen from the below screenshot.

The Site Map window in Netsparker showing two hosts

During a scan, in the scan dashboard the full URLs are shown in the activity panel, and the URLs are sorted in alphabetical order.

Multiple domains reported in the scan dashboard during the scan

A new entry was also added to the reports, in which all the configured additional websites that were scanned will be listed.

The additional websites are also reported in the reports when scanned.

The URLs in the reports are reported in full so you can see in which site the issue is, as opposed to just reporting the path and query component, as it was before.

Netsparker lists the full URLs when reporting issues in the report


Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

DOWNLOAD DEMO TRY ONLINE SCAN