ADVANCED WEBSITE CRAWLING

Think you can’t scan there? Think again.

Script-heavy sites. Custom forms. Single-page applications.

These features of modern web applications block most crawlers from creating a complete map of your web assets. That means your vulnerability scans miss entire branches of your applications, leaving them wide open to attacks.

Now you can crawl and scan every potential entry point for attackers with advanced crawling technology. Even if other tools have failed to handle your script-heavy sites, custom forms, or authentication methods.

Crawl every link, form and UI element — even if your site is JavaScript heavy

If you have script-heavy sites, you’ve probably run into issues with other scanning tools. Their crawlers can’t handle dynamically generated content, which leads to entire branches of your site going unchecked.

Invicti’s crawlers behave just like a user to explore all links, forms, and interactive elements on your pages. And with its dedicated JavaScript engine, Invicti can parse, execute, and analyze Javascript output.

That means you can accurately scan single-page applications (SPAs) that rely heavily on client-side scripting. This includes page content that is entirely dynamically generated with popular frameworks such as jQuery and AngularJS.

Make things easier with advanced crawling features

Get more visibility, security, and usability from Invicti’s advanced crawling features:

  • Crawl sites with anti-CSRF. Easily crawl and scan websites that use anti-CSRF (Cross-Site Request Forgery) tokens or another type of CSRF attack protection.
  • Discover unknown domains. If previously unknown domains are discovered while crawling links and forms, Invicti adds them to your discovery module to give you more visibility into your web assets.
  • Easily set up custom error pages. Automatically detect and scan custom 404 error pages to separate them from your scan results. This keeps the noise out of your results without any manual effort.
  • Maximize your coverage with URL rewriting. The crawler detects URL rewrites and intelligently infers rewrite rules. This ensures all your web application parameters are crawled and scanned.

Easily crawl assets that require authentication

If you have web assets that require authentication, you may have noticed that most vulnerability scanners struggle with custom forms and single sign-on (SSO).

You can easily set up Invicti to fully access protected web applications and website sections. Supported authentication methods include:

  • Automated login form submission (including multi-field custom forms)
  • OAuth2
  • NTLM/Kerberos
  • Basic HTTP Authentication

See all supported authentication methods

Now you can scan the authentication-requiring web assets that block most crawlers.

Run authenticated scans on production-ready applications

Business-critical pages and admin panels are primary targets for attackers. But less advanced scanners often skip restricted sections, potentially leaving unknown vulnerabilities.

Now you can test applications in their ready-to-run configuration in both staging and production environments, thanks to Invicti’s extensive support for authenticated scanning.

Invicti scans your entire application the same way a real-life attacker would probe it after breaking in — even when restricted areas would block other scanners. So you can have full confidence in your scan results.

See how Invicti scans where other tools can’t

Get a demo