SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

Scheduling Scans

Netsparker enables you to schedule scans in advance. Both Full and Incremental scans can be scheduled. You can schedule one-off and recurrent scans, both individual scans and group scans. In Netsparker Standard, you can also send a web security report when a scheduled scan is completed.

Scheduled Scan Fields

This table lists and explains the columns in the Scheduled Scans window.

Field

Description

Name

This is the name of the scheduled scan.

Website/Group

This is the website or group name for the websites scheduled for scanning.

Type

This is the type of object to be scanned.

Run Type

This is the frequency of the scan.

Last Scan

This is the time when the website was last scanned.

Next Execution Time

This is the time in days, hours and minutes when the next scan in the schedule will take place.

Scheduling Scans in Netsparker Enterprise

In Netsparker Enterprise, you can schedule any scan. This includes both full and incremental scans, as well as group scans. You can schedule a scan from any start time, and have it repeated on a fixed or customized basis. All the same options – such as fixing the maximum scan duration and scan time window – are available with scheduled scans.

Netsparker Enterprise Scheduled Scan Fields

This table lists and explains the columns in the Scheduled Scans window.

Field

Description

Scan Type

This indicates what type of scan will run. The options are:

  • Full
  • Incremental

Name

This is the name of the scheduled scan.

Start Time

This is the start date and time of the scheduled scan.

Schedule

This is the frequency of the scheduled scan. The options are:

  • Once
  • Daily
  • Weekly
  • Monthly
  • Yearly
  • Quarterly
  • Biannually
  • Custom

You can configure a bi-weekly schedule using the Custom option.

How to View Scheduled Scans in Netsparker Enterprise

From the main menu, click Scheduling, then Scheduled Scans. The Scheduled Scans window is displayed.

How to Schedule a Full Scan in Netsparker Enterprise

  1. From the main menu, click Scheduling, then Schedule Scan. The New Scheduled Scan window is displayed.

  1. Complete the fields.
  2. In the Scan Type field, select Full (default).
  3. In the Name field, enter a name.
  4. In the Start Time field, select the date and time.
  5. From the Schedule dropdown, select the required option.

  1. Complete the remaining Scan Options.
  2. Click Schedule.

How to Schedule an Incremental Scan in Netsparker Enterprise

  1. From the main menu, click Scheduling, then Schedule Scan. The New Scheduled Scan window is displayed.
  2. In the Target URL field,enter the URL, including the path.
  3. In the Scan Type field, click Incremental. (This hides the Scan Options section.)

  1. Complete the Scheduling Options as explained in How to Schedule a Full Scan in Netsparker Enterprise.
  2. Click Schedule.

How to Create a Scheduled Group Scan in Netsparker Enterprise

  1. Open Netsparker Enterprise.
  2. From the main menu, click Scheduling, then Schedule Group Scan. The New Scheduled Group Scan window is displayed.

  1. Complete the fields.
  2. Then, in the Scheduling Options section:
    • In the Name field, enter the new scheduled group scan name
    • In the Start Time field, click on the calendar symbol, and select the date and time
    • From the Schedule dropdown, select the relevant option

  1. Enable the Customize Max Scan Duration checkbox, if required

  1. Enable the Customize Scan Time Window checkbox, if required.

  1. Click Schedule.

Scheduling Scans in Netsparker Standard

In Netsparker Standard, you can schedule any scan. This includes both full and incremental scans, as well as scans on new or multiple instances of Standard. You can restrict a web security scan to run during a specific time. Additionally, Netsparker Standard allows you to configure and send automated web security reports on completion of a scheduled scan.

Netsparker Standard Scheduled Scan Fields

Field

Description

Previous Settings

From this drop down, you can select one of Netsparker's predefined scan profiles, or your own saved profiles.

How to Schedule a Full Scan in Netsparker Standard

  1. Open Netsparker Standard.
  2. From the ribbon, click the Home tab, then Schedule. The Schedule a New Scan dialog is displayed.

  1. Complete the Schedule a New Scan dialog.
  2. Click Schedule. The Schedule a Scan dialog is displayed.

  1. In Scheduled Task section:
    • In the Name field, enter the name of the scan
    • In the Run as User field, enter the user's name
    • In the Password field, enter the password
  1. Enable the Run only when user is logged on checkbox, if required.
  2. In the Recurrence section:
    • In the Run Scan on field, enter the date and time
    • In the and repeat dropdown, select the recurrence option:
    • Never (Scan will run ONE TIME)
    • DAILY
    • WEEKLY
    • MONTHLY
  1. Enable the After scan, export these reports checkbox to activate scan exports, then from the dropdown, select which type of Report to export.
  2. In the Save location box, enter an alternative location, if required. Otherwise, the report will export to the default location on your local machine (C:\Users\[username]\Documents\Netsparker\Reports\[report name] (Default-[date][time]).[ext]).
  3. Click Save.

How to Schedule an Incremental Scan in Netsparker Standard

  1. Open Netsparker Standard.
  2. On the Home tab, click Schedule Incremental. The Import dialog is displayed.
  3. In the Import dialog, select the filename of your already completed scan and click Open. The Schedule a New Scan dialog is displayed.
  4. Complete the fields.
  5. From the Schedule Scan dropdown, click Schedule Scan.

How to Restrict Web Security Scans in Netsparker Standard to Run During a Specific Time

  1. Download and install AutoHotkey, an open source utility that can be used to find the running instance of Netsparker Desktop, and trigger the keys that resumes and pauses scans.
  2. Download these AutoHotKey scripts, which will be used to pause and resume the web security scans.
  1. Configure all the scan parameters (such as Target URL, Scan Policy and Reports Policy).
  2. Launch the scan.
  3. Pause the scan as soon as it starts.
  4. Once the scan is paused configure two Windows Task Schedules:
    • one for resumenetsparker.ahk at the scan starting time
    • one for pausenetsparker.ahk at the scan finishing time

The scan will be resumed automatically when the first scheduled task starts, and if it is not finished by the finishing time, it will be paused automatically by the scheduled task.

You should have a single instance of Netsparker Standard running. If you have more than one, the AutoHotKey scripts will work only one that you’re running, not necessarily the one you want to resume/pause.

Sending Web Security Reports in Netsparker Standard

Once a Scheduled Scan has been completed, you can email a web security reports. This is done using Window's Powershell scripting, which automatically emails an attachment on completion of a Scheduled Scan.

How to Configure Automated Scheduled Scan Email Reports in Netsparker Standard

  1. Download the files ScanAndMail.ps1 and urls.txt files from Netsparker.
  2. Copy the files ScanAndMail.ps1 and urls.txt files to the Netsparker installation folder on your local machine.
  3. Open ScanAndMail.ps1 with a text editor and specify the SMTP server and mail settings from lines 3 to 11.
  4. Open urls.txt with a text editor, and specify the URL of the web application you would like to scan and the path of where to save the scan report, separated with a semicolon. To scan multiple websites, specify the same parameters for each website in a new line.
  5. Once all the settings are configured, use Powershell to execute the script, which creates a Windows Scheduled Task and launches the scan(s):

Powershell –ExecutionPolicy Unrestricted –File "C:\Program Files (x86)\Netsparker\ScanAndMail.ps1

The installation folder of Netsparker Standard in a 32 bit Window installation is C:\Program Files\Netsparker.
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO