SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

Configuring Additional Websites

By default, Netsparker does not scan domains that are different from those of the Target URL. Therefore, when you scan http://example.com, if there is a link to http://api.example.com, Netsparker will not follow and scan the website or links to http://api.example.com. Instead, it reports them as Out of Scope Links in the Knowledge Base Viewer.

In both Netsparker Enterprise and Netsparker Standard, you can use the Additional Websites feature to specify which other websites you want to scan.

How to Configure Additional Websites in Netsparker Enterprise

  1. Log in to Netsparker Enterprise.
  2. From the main menu, click Scans, then New Scan. The New Scan window is displayed.
  3. From the Scan Options section, select Additional Websites.

  1. Click New.

  1. In the URL field, enter the additional website.
  2. Enable Canonical, if required.

  1. Add as many Additional Websites as required.
  2. Click Launch.
Please note that you can only add websites that are allowed by your license.

How to Configure Additional Websites in Netsparker Standard

  1. Open Netsparker Standard.
  2. From the Home tab, click New. The Start a New Website or New Service Scan dialog is displayed.
  3. From the Scan Settings section, select Additional Websites.
  4. In the URL field, enter the additional website (including its protocol and port if the target is running on a non-default port), such as http://api.example.com and http://docs.example.com:8043.

  1. Enable Canonical, if required (if, for example, http://example.com and http://www.example.com point to the same website). When this option is enabled, when the Netsparker scanner detects a link to canonical domain such as http://www.example.com/blogs/foo-bar, it will be converted to  http://example.com/blogs/foo-bar and scanned via this URL.
  2. Click Start Scan.
The Netsparker scanner treats canonical links as target website's links and applies the same scan settings.

The Scan Profile and Settings Used for the Additional Websites

For more information about configuring and managing Scan Profiles in Netsparker Enterprise and Netsparker Standard, see Overview of Scan Profiles.

Setting the Scan Scope

The configured Scan Scope settings do not apply for the Additional Websites. Instead the Whole Domain scan scope will always apply. This means that all of the detected pages and sub folders on the additional website will be scanned.

Including and Excluding URLs

The configured Include/Exclude URLs apply for Additional Websites too. So, if an additional website's links contains exit or endsession keywords, they will be excluded from the scan.

Importing Links

You can add Imported Links which will be applied to the Additional Websites too. This setting allows you to specify pages that you would like to scan, which are not linked from anywhere on the website.

How to Import Links for Additional Websites in Netsparker Enterprise

  1. Open Netsparker Enterprise.
  2. From the Scans tab, click New Scan. the New Scan window is displayed.
  3. From the Scan options menu, select Imported Links. The Imported Links section is displayed.

  1. Specify pages:
    • By manually entering the URLs in the Enter Links field
    • By importing the URLs by uploading a supported file (e.g. a Fiddler file that includes, for each link, the URL, HTTP Request Header and Body) in the Import Links section:
      • Click Add File, then Browse to import additional files with more data
      • (Click Remove to delete imported files, if required)
  2. Click Launch.
  1. Open Netsparker Standard.
  2. From the Home tab, click New. The Start a New Website or New Service Scan dialog is displayed.
  3. From the Scan Settings options, select Imported Links.

  1. Specify pages:
    • By manually entering only the URL information for one or more URLs in the Imported Links field:
      • Select Enter Links. The Enter Links/HTTP Requests dialog is displayed.

      • Click the Link Format dropdown and select the appropriate option.

      • Add in the new link details.
      • Click OK.
    • By importing the URLs by uploading a supported file:
      • Click Import From File and select file.

      • From the Import Link dialog, select relevant file and click Open.
    • By adding the details of a single link or request:
      • Click Add. The Add New link dialogue is displayed.

      • Add the details for the whole request.
      • Enable the Enable Raw Request Body checkbox, to allow you to add a raw request body. If you enable this option, the POST parameters in the request form will be ignored.
      • Click Save.
  1. Click Start Scan.

URL Rewrites

The URL rewrite configuration also applies for Additional Websites. If the Heuristic URL rewrite technology is used, the scanner will try to automatically identify the URL Rewrites on the target website. If custom URL Rewrite rules are configured, they will also apply to Additional Websites as well.

Therefore if an Additional Website contains a link that matches the pattern configured above, for example http://api.example.com/products/1, the URL Rewrite parameter(s) will detected automatically.

For further information, see URL Rewrites.

Authentication

It is not possible to configure authentication settings for Additional Websites via the scan settings.

For further information, see Configuring Form Authentication in Netsparker Enterprise.

Reporting Scan Activity and Issues Identified in Additional Websites

The configured Additional Websites will have a node each in the Site Map window, as illustrated.

During a scan, in the scan dashboard the full URLs are shown in the activity panel, and the URLs are sorted in alphabetical order.

A new entry was also added to the reports, in which all the configured additional websites that were scanned will be listed.

The additional websites are also reported in the reports when scanned.

The URLs in the reports are reported in full, so that you can see which contains the issue.

Netsparker lists the full URLs when reporting issues in the report

For further information on Issues, see Viewing Issues in Netsparker Enterprise and Viewing Issues in Netsparker Standard.

Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO