SUPPORT

Contact Support

OPEN A TICKET

Imported Links

The Imported Links feature enables you to add links to the Link Pool collated by Netsparker scans during the Crawling stage. This means the scanner has a head start and achieves greater coverage during the Scan stage.

As a black-box security scanner, Netsparker crawls the target website to reach maximum coverage. When you launch a scan, Netsparker acts as a search engine bot, visiting every link that it detects and making requests to all input points in detected resources including the URLs used to reach these resources.  

However, there may be parts of the website that are not linked from the website. This can prevent Netsparker from achieving maximum coverage and identifying all vulnerabilities on the target website.

  • The Imported Links feature in Netsparker enables you to add links to determine web pages that you want scanned.
  • You can also ensure that Netsparker includes data already captured by using other tools into the scan.

For further information, see Imported Links for Netsparker Enterprise and Scan Settings Imported Links for Netsparker Standard.

What Files Types Can Be Imported into Netsparker?

A Netsparker scan can be fed using output from the following tools:

  • ASP.NET Project File (.csproj, .vbproj.)
  • Burp – (.*)
  • Comma Separated Values (CSV) - (.csv)
  • Fiddler – (.saz files)
  • HTTP Archives – HAR files
  • I/O Docs – (.json, .zip)
  • Netsparker Session File – (.nss)
  • OWASP ZAP  – (.txt)
  • Postman – (.json)
  • RAML – (.raml)
  • Open API – (.json, .yaml, .yml)
  • Web Application Description Language (WADL) – (.wadl)
  • Web Service Definition Language (WSDL) – (.wsdl, .xml)
  • WordPress REST API – (.json)

ASP.NET Project File (.csproj, .vbproj)

ASP.NET project files can be used in the previous version of ASP.NET, prior to ASP.NET Core. This project file can store resource links that are used in an ASP.NET project, for example JavaScript files; CSS files; and multimedia resources such as images or static contents.

You can add to the Netsparker Link Pool by importing ASP.NET Project Files. In addition, if Netsparker encounters a .csproj or .vbproj file during crawling, it will parse and extract new URLs from those files too.

Burp

You can use Burp Suite to save links in order to add them to Netsparker for vulnerability scanning.

First, make sure that Burp is configured to listen to the proxy.
How to Export URLs from Burp
  1. Open Burp.
  2. Visit the URLs at the target website after configuring it to listen to the proxy.
  3. Navigate to the Sitemap tab.
  4. Right-click to select and save the targets, and click Save Selected Items. A dialog box is displayed.
  5. Enter a filename, and click Save.

For further information on how to import links for additional websites in both Netsparker Enterprise and Netsparker Standard, see Configuring Additional Websites.

Comma Separated Values

You can use an Excel document to create a list of URLs in a CSV file that you can import into a vulnerability scan. This is a manual process that lets you include URLs that are unlinked from the target website.

How to Use Microsoft Excel to Create a CSV Upload File
  1. Open Microsoft Excel.
  2. In a blank document, type each URL into a separate cell in one column.

  1. Save the document as a CSV file.

For further information on how to import links for additional websites in both Netsparker Enterprise and Netsparker Standard, see Configuring Additional Websites.

Fiddler

Fiddler is a debugging proxy server application that captures HTTP and HTTPS traffic, and logs it for you to review. Since the program is able to capture the traffic, you can save the URLs to import into Netsparker for vulnerability scanning.  

First, ensure that Fiddler is configured to listen to the proxy
How to Export URLs from Fiddler
  1. Open Fiddler.
  2. Visit the URLs at the target website.
  3. From the Session List tab, select your targets.

  1. Right-click, and select Save>Selected sessions>in ArchiveZIP. A dialog box is displayed.
  2. Enter a filename, and click Save.

For further information on how to import links for additional websites in both Netsparker Enterprise and Netsparker Standard, see Configuring Additional Websites.

HTTP Archives

HAR (HTTP Archive) is a file format that logs session data between the client and the server. It is a JSON-formatted archive file that saves the information of all web responses and requests made with the browser, which helps detect performance issues. Since you can log your session, you can easily export URLs that you visited into Netsparker for scanning.

With browsers, you can save HAR files. No additional program is required. In this procedure, Google Chrome is used to create a HAR file.
Make sure the Preserve Log box is checked and Network traffic (red dot) is logged. Before visiting URLs, first delete the traffic already appearing in the window.
How to Export URLs from Chrome
  1. Open Chrome.
  2. Press F12 on your keyboard to open Developers tools, and then click the Network tab.

  1. Visit the URLs at the target website.

  1. Right-click, and select Save all as HAR with content. A dialog box is displayed.
  2. Enter a filename, and click Save.

For further information on how to import links for additional websites in both Netsparker Enterprise and Netsparker Standard, see Configuring Additional Websites.

I/O Docs

I/O Docs is a live, interactive documentation system for RESTful web APIs. When the method, resources and parameters of APIs are defined in JSON format, I/O Docs will automatically generate a JavaScript client interface to test exposed API functions. URLs can be imported from I/O Docs files to feed the Netsparker link pool.

Netsparker Session File

URL Importing allows you to upload a Netsparker Session File. You can upload an AutoSave file created by Netsparker Standard or a report file generated by either Netsparker Enterprise or Netsparker Standard. The scanner identifies any URLs in these files and imports them into Netsparker.

How to Import URLs as a Netsparker Session File from Netsparker Enterprise
  1. Log in to Netsparker Enterprise.
  2. From the main menu, click Scans, then New Scan. The New Scan window is displayed.

  1. Click the Imported Links tab.
  2. From the Import Links dropdown, select Netsparker Session File, then upload the saved file.
  3. You can view the imported links when the upload is successful.

How to Import URLs as a Netsparker Session File from Netsparker Standard
  1. Open Netsparker Standard.
  2. In the Home tab, click New. The Start a New Website or New Service Scan dialog is displayed.
  3. Click the Imported Links tab.

  1. From the Imported Links dropdown, select Netsparker Session File, then upload the saved file.

  1. You can view the imported links when the upload is successful.

Postman Collections

Postman is an API testing tool that offers integration capacity with the CI/CD pipeline. It also helps you to create mock-up tests and API documentation.

You can create request collections and API test suites in Postman. You can also use request collections prepared in Postman in Netsparker when you're auditing your web application or API security.

Please note that Netsparker Standard and Netsparker Enterprise support these formats.
How to Export URLs in Postman
  1. Open Postman.
  2. Create a request collection and requests individually. (If you already have collections, go to the next step.)
  3. Next to your request collection, click the ellipsis button to display the menu.

  1. Click Export. The Export Collection dialog is displayed.
  2. Select the required format, and click Export.

  1. In the window that opens, select a location, and click Save.

RAML

The RESTful API Modeling Language (RAML) is a way to describe RESTful APIs so that both humans and computers can read them. It describes resources, methods, parameters, responses, and media types in a clear way. Providing a structured and clear format for API, RAML makes it easy to manage the entire API lifecycle. RAML can also describe those APIs that do not obey all the constraints of REST.

Open API

Open API is a technical specification that describes certain APIs. It allows humans and computers to discover and understand the capabilities of a service that does not require access to source code, additional documentation, or the inspection of network traffic.

Web Application Description Language

WADL (the Web Application Description Language) is an XML description of HTTP-based web services that a machine can read. Aiming to simplify and promote the reuse of web services based on the existing HTTP, WADL describes the resources provided by a service and the relationships between them.

Web Services Description Language

WSDL (Web Services Description Language) is an XML file that tells the client application what the web service does. It also provides all the information necessary to connect to the web service and use all the functionality provided by the web service.

WordPress REST API

WordPress is a popular open-source content management system. With JSON (JavaScript Object Notation) format, WordPress REST API provides an interface for other websites and software to interact with your WordPress site in sending and receiving data.

For further information on how to import links for additional websites in both Netsparker Enterprise and Netsparker Standard, see Configuring Additional Websites.

Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO