Screenshot 3 – The Site Map
In the Site Map, a list of all the directories and files that the scanner crawled will be populated. Identified vulnerabilities, security flaws and vulnerable parameters are also listed in the Site Map underneath the vulnerable file. For example, from the below screenshot you can see that the file nslookup.php might be disclosing internal IP addresses, and the param parameter in the file nslookup.php is vulnerable to Command Injection, Blind Command Injection and possibly discloses an internal path.
Screenshot 4 – Details about the vulnerabilities of identified file nslookup.php
Click on a node in the sitemap to go to the Vulnerability view of the selected item. Double click will take you to HTTP Request / Response view directly. You can also select a view and move next or previous items by using up and down keys on your keyboard.