Netsparker recognized as Gartner Peer Insights Customers' Choice.
SUPPORT

Contact Support

OPEN A TICKET

Advanced

In the Advanced tab in Netsparker Standard, you can configure multiple options in multiple categories such as browsing, attacking, logging within the application. Performance and coverage can be achieved with the help of these options, which may vary depending on the scanned target.

To view the Advanced tab, press the CTRL key and click Options.

Advanced Option Categories

This table lists and explains the various types of task categories available in Advanced.

The list is sorted A-Z. Click the category icon to sort the items by category instead.

Category

Description

Attacker

These are options about Netsparker attacker, which can change attack behaviours.

Crawler

These are options about Netsparker crawler, which can change performance and coverage.

Logging

These are options about logging, which includes logging level, logging HTTP requests, and performance analysis.

Misc

These are non-categorized options, and includes actions in proxy, report and auto-update.

Scan

These are options about scan action that can affect scan performance and the information scans produce.

UI

These are options about the Netsparker Standard UI, such as Theme, Language, and Netsparker Assistant.

Advanced Options

This table lists and describes the options available in Advanced.

Option

Description

AnalyzeAttacks

If set to ‘False’, Netsparker will not parse responses from attacks (such as responses from SQL Injections) to find new links.

If set to 'True', Netsparker will do this, assuming other conditions are met. This will significantly increase CPU use during attacks.

The default value is: ‘False’.

AnalyzeParameterSubsetRelations

If set to ‘True’, Netsparker will analyze subset relations between parameter sets, i.e. Netsparker will not attack the second link, as the first link contains all the parameters of the second one. For example:

1./search?name=john&surname=smith&city=london

2./search?name=john&surname=smith

The default value is: ‘True’.

ApplicationDocumentRootPath

This sets the root path where Netsparker will store its scan, log and configuration data.

The default value is: ‘{MyDocumentsPath}\{AssemblyProduct}\)’.

AssistantEnabled

This enables Netsparker Assistant.

The default value is: ‘True’.

AssistantLevel

This sets the minimum severity that will be used by Netsparker Assistant to notify users.

The default value is: ‘5’.

AssistantOptimizerLinkPoolThreshold

This sets how many collected unique links it takes to trigger the Assistant Auto Optimizer.

The default value is: ‘50’.

AssistantOptimizerTimeout

This determines the hard timeout (in seconds) after which the Assistant Auto Optimizer will be triggered to optimize the current scan policy.

The default value is: ‘600’.

AutoCloudUpdate

If set to 'True', finished scans will be automatically uploaded to Netsparker Enterprise.

The default value is: ‘False’.

AutoFollowRedirect

If set to ‘True’, the requester automatically follows redirect responses.

The default value is: ‘False’.

AutoPilotExitAfterCrawlOnly

If set to ‘True’, (when ForceAutoPilot is also set to 'True') Netsparker will conduct a crawl-only scan, without attacking, and exit after the scan is finished.

The default value is: ‘False’.

AutoSaveInterval (min)

This determines the interval (in minutes) after which Netsparker auto-saves the scan status to the AutoSave.nss file.

The default value is: ‘15’.

AutoUpdate

If set to ‘True’, automatic update checks are made once daily.

The default value is: ‘True’.

BuiltInPoliciesSuggestionStatus

This specifies whether the scan policy optimization is suggested for scans that use built-in policies.

The default value is: ‘Always’.

CategorySwitchLevels

This continues the state of performance logging configuration for categories in the Logging tab in the Options dialog.

CheckPublicSuffixForEmailDisclosure

If set to ‘True’, Netsparker checks the PublicSuffix list for detected email disclosures.

The default value is: ‘True’.

ClientCertificateStoreLocation

This specifies the location of the X.509 certificate for client certificate authentication. The options are 'CurrentUser' and 'LocalMachine'.

The default value is: ‘CurrentUser’.

CloudAPIToken

This is the API Token for integration.

CloudServerURL

This is the URL of the on-premises server.

The default value is: empty.

CloudType

This is the Connection Type number. It determines the type of integration, whether it is for Netsparker Enterprise On-Demand or Netsparker Enterprise On-Premises.

The default value is: ‘0’.

CloudUserID

This is the user ID for integration.

The default value is: empty.

CompactLargeObjectHeap

If set to ‘True’, the Large Object Heap (LOH) of the .NET framework is compacted periodically.

The default value is: ‘True’.

CsvlmportSeparator

This specifies the delimiter character to use when importing links from CSV files.

The default value is: ‘,’.

CustomRootCertificatePath

This sets the path of the custom root certificate to be used by the internal proxy.

The default value is: empty.

DisableContentOptimization

If set to ‘True’, Content Optimization is disabled. This prevents Netsparker from performing some passive checks for the same HTTP responses.

The default value is: ‘False’.

DisableGUILogs

If set to ‘True’, logs in the GUI are not shown.

The default value is: ‘False’.

DisableHawkCommunication

If set to ‘True’, this disables communication with Netsparker Hawk, meaning Out-of-Band SSRF engines are disabled even when they are selected in a scan policy.

The default value is: ‘False’.

DisableIgnoreCookieChecks

If set to ‘True’, Netsparker does not send requests without cookies (custom or not). (Normally, Netsparker does this to increase coverage and determine the behaviour of the application when no cookie is sent.)

The default value is: ‘False’.

DisableIriParsing

If set to ‘True’, Netsparker converts some characters in the URL automatically. This conversion causes failure for some websites, which expect unchanged characters. If a website returns an error after changing the URL, this option needs to be False.

The default value is: ‘False’.

DisablePassiveEngines

This disables passive security checks.

The default value is: ‘False’.

DisableRecrawling

This disables the Recrawling phase of scans.

The default value is: ‘False’.

DisableRequestParametersReordering

If set to ‘True’, Netsparker will send query parameters in the order that were originally captured, otherwise parameters will be ordered alphabetically

The default value is: ‘False’.

DomParserClearAllIntervalsTimeout (ms)

This clears all setInterval callbacks after this timeout (in milliseconds).

The default value is: ‘0’.

DomParserDisableGpu

This disables GPU acceleration in the DOM Parser simulation.

The default value is: ‘False’.

DomParserForceTimeouts

If set to ‘True’, the DomParser will force setTimeout and setInterval callbacks to execute without waiting for a timeout.

The default value is: ‘False’.

DomParserMaxFormInputsCount

This determines the maximum number of inputs the DOMParser will parse in a single form.

The default value is: ‘100’.

DomParserMaxFormsCount

This determines the maximum number of forms the DOM Parser will parse in a document.

The default value is: ‘100’.

DomParserMaxLinksCount

This determines the maximum number of links the DOM Parser will parse in a document.

The default value is: ‘1000’.

DomParserNonDfsTraversalReversed

This is a reverse traversal order of DOM elements that are not in the SmartDFS sub-simulation.

The default value is: ‘False’.

DomXssSingleAttackTimeout (ms)

This sets the single attack timeout (in milliseconds) for the DOM XSS Scanner.

The default value is: ‘20000’.

DomXssTotalAttackTimeout (ms)

This sets the total attack timeout (in milliseconds) for the DOM XSS Scanner.

The default value is: ‘600000’.

DoNotShowScanFinishedDialog

If set to ‘True’, no dialog is displayed when a scan is finished.

The default value is: ‘False’.

DoNotShowScopeExtensionWarning

If set to ‘True’, this disables the warning message shown when Netsparker cannot figure out the root path for a scan whose Scope has been set to Entered Path and Below.

The default value is: ‘False’.

EnableAggressiveCaching

This enables the aggressive caching of resources that are hosted on external domains.

The default value is: ‘True’.

EnableAssistOptimizer

This enables the Netsparker Assistant Scan Policy Optimizer.

The default value is: ‘True’.

EnableAutoSort

This enables auto sorting in the Issues panel.

The default value is: ‘True’.

EnableBrowserStorageTracking

This enables the collection of items from localStorage and sessionStorage in the browser.

The default value is: ‘True’.

EnableConsoleLogCollection

This enables console log message collection.

The default value is: ‘True’.

EnableContextAwareXssAnalyzer

If set to ‘True’, the Context Aware XSS analyzer is enabled. It runs before any XSS analysis. If it detects a vulnerability, the XSS engine won’t make any additional attacks.

The default value is: ‘True’.

EnableExpert100

If set to ‘True’, 100-Continue behaviour is used for HTTP Requests.

The default value is: ‘False’.

EnableGzipAndDeflate

This enables GZip and Deflate decompression for compressed HTTP Responses.

The default value is: ‘True’.

EnableLinkDiagnostics

This enables parent link detection for links with CSRF tokens.

The default value is: ‘False’.

EnablePerformanceAnalysis

If set to ‘True’, Netsparker will generate performance logs if the log level is set high enough.

The default value is: ‘False’.

EnableSounds

This enables sounds to play when certain events occur during the scan.

The default value is: ‘False’.

EnableStaticVDB

This enables Version Disclosure vulnerabilities to be reported.

The default value is: ‘True’.

EnableTimingTracing

If set to ‘True’, Netsparker will log JSON formatted information to the disk. Enabling this option will cause increased disk use and make Netsparker generate another log file to the hard drive along with regular scan logs.

The default value is: ‘False’.

EnableWeakSignatureAlgorithmChecks

This enables SSL certificate chain analysis for weak signature algorithms.

The default value is: ‘True’.

ErrorReportingServiceUrl

This specifies the web service URL to which unhandled errors are reported.

The default value is: ‘http://www.netsparker.com/support/error-reporting.asmx’. 

FileExtensionRegex

This specifies the RegEx that is used to find links that end with a file extension.

The default value is: ‘as[ap]x?|php[35]?|cf[cm]|pl|[psx]?html?|as[chm]x|config|dll|cgi|inc(?:lude)?|jsp?’.

ForceAutoPilot

If set to 'True', this silent mode will not display error messages.

The default value is: ‘False’.

ForceQueryBasedScope

If set to ‘True’, Netsparker includes all files in a scan, regardless of the restricted extension in the scope.

The default value is: ‘False’.

FormAuthenticationMaxWaitAfterLoginForBearerToken (ms)

This sets the maximum time (in milliseconds) to wait after logging in to intercept Bearer tokens.

The default value is: ‘2000’.

FormAuthenticationPageLoadTimeout (ms)

This sets the maximum time (in milliseconds) to wait while trying to load a page during form authentication.

The default value is: ‘30000’.

FormAuthenticationWaitAfterLoginFormLoad (ms)

This sets the time (in milliseconds) to wait after a login form is loaded.

The default value is: ‘2000’.

HideBrowserViewHint

If set to ‘True’, the hint on the Browser View tab is hidden.

The default value is: ‘False’.

LastUsedScanProfile

This specifies the name of the scan profile that was used last.

The default value is: empty.

LightSQLInjectionChecks

If set to ‘True’, this increases the speed of SQL Injection checks by decreasing the coverage.

The default value is: ‘False’.

LogExtremeDetail

This enables performance analysis in detail. This will slow down the scan process.

The default value is: ‘False’.

LogFilesQuestionBinded

If set to ‘True’, the log files are submitted through error reporting when a crash happens.

The default value is: ‘True’.

LoggingEnabled

If set to ‘True’, this enables logging. Otherwise all logging will be disabled.

The default value is: ‘True’.

LogHttpRequests

If set to ‘True’, HTTP requests made during a scan are saved into the scan folder using the Fiddler session file format.

The default value is: ‘False’.

LogTracedActivityToXml

If set to 'True', trace logs are written as XML files. Otherwise, they are written as CSV files.

The default value is: ‘False’.

LogRunningRegexTimeout (ms)

This sets the maximum time (in milliseconds) that is allowed for long-running Regex operations.

The default value is: ‘30000’.

MaxDepth

This sets the maximum depth for crawling links. The depth is calculated using the number of navigations required to access it. For example, if you need to click two links to access a link, the depth of that link is two.

The default value is: ‘5’.

MaxDocumentSizeKB

This sets the maximum size of the document in kilobytes (KB). Netsparker will cut the response and cancel the connection when a document HTTP read reaches this size.

The default value is: ‘3072’.

MaxDomParserCount

This sets the maximum number of DOM Parser instances that run during a scan. It defaults to three-quarters of the logical processor count.

Otherwise, the default value is: ‘3’.

MaxDomXssScannerCount

This determines the maximum number of DOM XSS scanner instances that run during a scan.

It defaults to three-quarters of the logical processor count. Otherwise, the default value is: ‘3’.

MaxEmailAddressReport

This sets the maximum number of email addresses to report.

The default value is: ‘100’.

MaxHardFailRetry

This sets the maximum amount of hard fails before Netsparker will stop. Hard fails refer to serious connection problems, such as Connection Timeout, DNS Failure, TCP Reset or Proxy Connection is not Available.

The default value is: ‘10’.

MaxHardLogoutCount

This sets the maximum logout count before Netsparker gives up the scan.

The default value is: ‘1000’.

MaximumRedirect

This sets the maximum redirect count.

The default value is: ‘4’.

MaximumResponseHeadersLength

This sets the maximum allowed length in kilobytes (1024 bytes) of the response headers. A value of -1 means that no limit is imposed on the response headers. A value of 0 means that all requests will fail.

The default value is: ‘64’.

MaximumRetry

This sets the maximum number of reattempts when Netsparker fails to get a response from a page.

The default value is: ‘3’.

MaxKnowledgeItemCount

This sets the maximum number of items that will be displayed in the Knowledge Base nodes.

The default value is: ‘500’.

MaxLength

This sets the maximum character length to parse. If a document is larger than this, Netsparker will cut it off before parsing.

The default value is: ‘500000’.

MaxRedirectBodySize

This determines the maximum expected body size of the Redirect Response (in characters).

The default value is: ‘450’.

MaxThreadCountPerPool

This determines the maximum number of threads in each thread pool.

The default value is: ‘24’.

MaxVulnerabilityThreshold

This sets the maximum number of vulnerability reports for the same type. Netsparker will not report the same vulnerability more than this number of times.

The default value is: ‘150’.

MaxVulnerabilityThresholdForActiveEngines

This sets the maximum number of vulnerability reports for the same type for active security checks such as SQLi and XSS, for example. Netsparker will not report the same vulnerability more than this number of times.

The default value is: ‘1000’.

MaxWebViewReuseCount

This sets the maximum reuse number of embedded browser instances.

The default value is: ‘100’.

MinCspNonceEntropyLimit

This sets the allowed metric entropy of the base64 decoded nonce in the Content Security Policy engine. The setting is between 0 and 1.

The default value is: ‘0.15’.

NotifiedExpiringLicences

If enabled, the user of any expiring licenses is notified.

OnlyFillUpPost

If set to ‘True’, Netsparker will not use a default value for the empty GET parameters.

The default value is: ‘False’.

ParallelAttacksStartLink

This sets the amount of links that Netsparker will crawl before it starts attacking, if Crawl and Attack is also enabled. 

The default value is: ‘20’.

ParserParameterLimit

This sets the maximum number of parameters to parse in a FORM field.

The default value is: ‘200’.

PasswordEncryptionScope

This specifies the scope for password encryption. The alternatives are CurrentUser or LocalMachine.

The default value is: ‘CurrentUser’.

PerformanceLogLevel

This sets the level for performance logging.

The default value is: ‘3’.

PreventSleepModeDuringScan

If set to 'True', this prevents the computer from entering sleep mode during the scan.

The default value is: ‘False’.

ProductName

This is the name of this product.

The default value is: ‘Netsparker’.

ProxyAddress

This is the application proxy address.

The default value is: ‘127.0.0.1’.

ProxyAuthenticationEnabled

If set to 'True', the application proxy authentication is enabled.

The default value is: ‘False’.

ProxyDomain

This is the application proxy domain.

The default value is: empty.

ProxyMode

This is the application proxy mode.

The default value is: ‘1’.

ProxyPassword

This is the application proxy password.

The default value is: empty.

ProxyPort

This is the application proxy port.

The default value is: ‘8080’.

ProxyUseDefaultCredentials

If set to 'True', the application proxy uses default credentials.

The default value is: ‘False’.

ProxyUserName

This is the application proxy user name.

The default value is: empty.

RecentURLs

This stores the list of URLs that have recently been scanned.

RecoverSessionPaths

This stores the paths to session files that have crashed while using a previous Netsparker instance.

ReportExportLastFolder

This stores the path to the folder to which the last report was exported.

The default value is: empty.

ReportExportOnlyConfirmed

This is the Export Only Confirmed option in the Save Report dialog.

The default value is: ‘False’.

ReportExportPdf

This is the last Export as PDF option value.

The default value is: ‘True’.

ReportExportVariations

This is the last Export All Variations option value.

The default value is: ‘False’.

ReportGenerationTimeout (s)

This determines the time (in seconds) to wait before report generation is cancelled when triggered from the command line.

The default value is: ‘120’.

ReportOpenAfter

This is the last Open Generated Report option value.

The default value is: ‘True’.

ReportPolicyAllowEdit

If set to ‘True’, this enables users to add and edit vulnerability profiles in the Report Policy Editor. Administrator privilege is required to modify the Default Report Policy.

The default value is: ‘False’.

RequestBuilderMaxFileSize

This determines the maximum file size (in megabytes) that can be used as a File Parameter in the Request Builder.

The default value is: ‘10’.

RequestHeaderDebugInfo

If set to 'True', a header named X-Netsparker-Debug (diagnostic debug information) is added to HTTP requests made by Netsparker scans.

The default value is: ‘False’.

RequiresUpgrade

If set to 'True', the current installation requires a one-time upgrade to be executed.

The default value is: ‘True’.

ResourceFinderThreadCount

This determines the thread count used by the Resource Finder.

The default value is: ‘5’.

SavePermanentXSSAttacks

If set to ‘True’, this saves permanent XSS attacks, so that they can be identified later.

If set to 'False', Netsparker may not find the injection point for identified permanent XSS issues but will access the HDD (hard disk drive) much less during XSS attacks.

The default value is: ‘True’.

SenderMailAddressBinding

This specifies the mail address that error reports are sent to following a crash.

The default value is: empty.

SendToActions

This is a list of registered Send To Actions.

ShortRunningRegexTimeout (ms)

This sets the maximum time (in milliseconds) that is allowed for short-running Regex operations.

The default value is: ‘15000’.

ShowAllLoggingCategories

If set to ‘True’, all log categories in the Logging tab in the Options dialog are displayed.

The default value is: 'False'.

ShowAttackPossiblityList

If set to ‘True’, the Attack Possibilities node in is displayed in the Knowledge Base panel.

The default value is: ‘False’.

ShowOptions

If set to ‘True’, the Start a New Website or Web Service Scan dialog opens with the Options panel expanded.

The default value is: ‘False’.

SmartDfsEnabled

If set to ‘True’, SmartDFS is enabled in the DOM simulation.

The default value is: ‘True’.

SmartDfsMaxSampleCount

This sets the maximum sample count for SmartDFS filtered DOM elements.

The default value is: ‘5’.

SmartDfsMinElementCount

This sets the minimum number of elements to trigger SmartDFS.

The default value is: ‘5’.

SmartDfsMinTagGroupCount

This sets the minimum number of HTML tag groups to trigger SmartDFS.

The default value is: ‘3’.

SmartDfsSimilarityDistance

This sets the similarity distance between 0 and 1 for SmartDFS.

The default value is: ‘0.1’.

SqlHackerAvoidSpaces

This replaces the space used by hackers to bypass some IDSes (intrusion detection systems) in SQL Injection exploitation with something else, including several checks.

The default value is: ‘True’.

SqlInjectionAutoFollowRedirect

If set to ‘True’, the boolean SQL injection engine will follow HTTP redirects.

The default value is: ‘True’.

SQLInjectionDataLength

This sets the maximum number of characters to export in an SQL Injection exploit.

The default value is: 1000.

SsrfEnableCheckOnScanStart

If set to ‘True’, the Netsparker Hawk health check is enabled at the start of a scan.

The default value is: ‘True’.

StopSilentScanOnConnectionFailure

This prevents host connection errors from being shown when the /silent switch is used.

The default value is: 'False'

SuggestPolicyOptimization

If set to ‘True’, the Scan Policy Optimizer dialog will be displayed at the start of a scan.

The default value is: ‘True’.

SwitchToOptimizedPolicy

If set to ‘True’, this switches to auto-optimized Scan Policies automatically.

The default value is: 'False'.

TextParserMaxFormsCount

This sets the maximum number of forms the text parser will parse in a document.

The default value is: ‘100’.

TextParserMaxInputsCount

This sets the maximum number of inputs the text parser will parse in a document.

The default value is: ‘100’.

TextParserMaxJsStringsCount

This sets the maximum amount of JavaScript strings (including comments and literals) that can be parsed.

The default value is: ‘2000’.

TextParserMaxLinksCount

This sets the maximum number of links the text parser will parse in a document.

The default value is: ‘1000’.

Theme

This sets the preferred theme for the Netsparker application.

The default value is: ‘GloomGloom’.

UpdateChannel

This set the update channel for Auto Updates.

The default value is: 'empty'.

UpdateCheck

This stores the date that last Auto Update was made.

The default value is: ‘2000-01-01’.

UpdatePath

This specifies the URL where auto update checks are made.

The default value is: ‘http://www.netsparker.com’.

UseCustomRootCertificate

If set to ‘True’, the internal proxy uses the custom root certificate.

The default value is: ‘False’.

UseDatabase

If set to ‘True’, the scan results are saved into the session database.

The default value is: ‘True’.

UsePlusForSpaceEncoding

If set to ‘True’, the '+' sign is used to encoding spaces in URLs, instead of '%20'.

The default value is: ‘False’.

UserInterfaceLanguage

This sets the language code for the UI language.

The default value is: 'en'.

VdbLastUpdateCheck

This stores the date that the last VDB update check was made.

The default value is: ‘2000-01-01’.

VdbUpdateCheckURL

This sets the URL where the VDB update check is made.

The default value is: ‘http://www.netsparker.com/go/?ref=vdbversion’. 

VdbUpdateURL

This sets the URL from which the VDB update is made.

The default value is: ‘https://www.netsparker.com/go/?ref=vdb’. 

VdbUpdateVersion

This stores the VDB version received from the update server.

The default value is: empty.

VdbVersion

This stores the current VDB version.

The default value is: ‘201904051630’.

WebInspectorRemoteDebugPort

If set to ‘0’, the remote debug port for the web inspector is disabled.

The default value is: '0'.

WebServiceProtocolName

This sets the protocol used to access the described XML Web services. The allowed values are: SOAP, SOAP 12, HttpPost, HttpGet and HttpSoap.

The default value is: empty.

How to View and Find Advanced Options

  1. Open Netsparker Standard.
  2. In the Home tab, press the CTRL key, and click Options. The Options dialog is displayed, with the Advanced tab open in Alphabetical order.

  1. Enter the Advanced option you want in the search box. Alternatively, slide the scrollbar to search for it manually, then click on it when found.
  2. When you have completed configuring the Advanced option setting, click Save.

How to Prevent the Operating System From Going to Sleep While There is a Scan in Progress

  1. Open Netsparker Standard.
  2. In the Home tab, press the CTRL key, and click Options. The Options dialog is displayed.
  3. In the search dialog, enter ‘PreventSleepModeDuringScan’ and click when displayed.

Alternatively, slide the scrollbar down to ‘PreventSleepModeDuringScan’ a click once to highlight.

  1. In the dropdown option, select True. (The default is False.)

  1. Click Save.
Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO