Excluding File Types From a Scan
By default, Netsparker ignores some URLs that do not need to be scanned, using a list of excluded file types or extensions, from scans. It is possible to modify this list of excluded file types from the Extensions tab when configuring a Scan Policy.
Excluding Binary Files
By default, Netsparker does not crawl and analyze binary files during a scan. They are outside the scope of scanning a web application for vulnerabilities. In fact the Netsparker scanners have a built-in mechanism to check if HTTP responses are binary responses; if they are, they will be excluded from scans.
If you have a number of binary files on your website, add their extension to this Extensions list, so that when the Netsparker scanners identify them they do not have to make the binary check. The advantage is that this shortens the scan duration.
Crawl and Attack Options
This table lists and describes the crawl options in Netsparker.
|Do not Crawl||Netsparker does not crawl file links and adds them to the Out of Scope with Extension Blacklisted reason.|
|Crawl||File links will be crawled.|
|Crawl Only Parameter||File links will be crawled if they have any Query String parameters. Otherwise they will be added to the Out of Scope with Extension Blacklisted reason.|
This table lists and explains the attack options in Netsparker.
|Do not Attack||This is a name for your reference.|
|Attack Parameters||File links will be analyzed if they have a parameter. For example:
|Attack Parameters and Query String||File links will be analyzed if they have a parameter or Query String.
How to Exclude File Types From a Scan in Netsparker Cloud
- Do one of the following (see Configuring and Managing Scan Policies in Netsparker Cloud):
- From the main menu, click Policies:
- Next to a existing policy, click Clone
- From the main menu, click Policies, then New Scan Policy.
- You can create a new exclusion or edit an existing one. Either:
- Click New. This will create a new, blank Extensions row.
- Enter the extension you want to exclude in the EXTENSION field
- Select an existing item by clicking into the Extension field.
How to Exclude File Types From a Scan in Netsparker Desktop
- From the Home ribbon, click New. The Start a New Website or Web Service Scan dialog is displayed.
- From the Scan Policy section, click the ellipsis () to open the Scan Policy Editor.
- Do one the following (see Scan Policy Editor):
- From the list at the top of the dialog, select an existing Scan Policy (avoid the default ones as they can't be customised)
- Alternatively, select an existing Scan Policy and click Clone
- Click New
- Click into the last (blank) row in the Extensions table
- In the Extension field, enter the extension you want to exclude
- Select an existing item by clicking into the Extension field