Step 1: Configuring the Path

There are three options available for when you are specifying a URL, all of which are listed and explained below.


Entered Path and Below

When you select Entered Path and Below Netsparker will only crawl and attack the target path and all the URLs under that path. Therefore if you enter the URL https://example.com/testfolder/ the following URLs will be crawled:

  • https://example.com/testfolder/test.php
  • https://example.com/testfolder/test/modify.php
  • https://example.com/testfolder/test/

The following URLs will not be crawled:

  • http://example.com/test.php; this URL is not under the given target.
  • http://test.example.com; this URL is of a different domain.

Note on using the trailing slash: If you do not enter a trailing slash in the target URL Netsparker presumes that the target URL ends with the last available slash in the URL and will alert you with the following notification:

Only Entered URL

When you select Only Entered URL Netsparker will only crawl the target URL and no external links are followed. This function is quite useful if you want to only test one page and all the parameters in that page without testing the whole web application. Therefore if you enter https://example.com/testfolder/test.php the following URLs will be crawled:

  • https://example.com/testfolder/test.php
  • https://example.com/testfolder/test.php?id=1

The following URLs will not be crawled:

  • https://example.com/testfolder/register.php; the URL path is different than the one in the target URL.
  • http://example.com/testfolder/test.php; the protocol is different. Target URL was HTTPS

Note: If you enter http://example.com/test, URLs such as http://example.com/testx will also be crawled. In this case the second URL is scanned because it contains the target URL.

Whole Domain

When you select Whole Domain Netsparker will start crawling and scanning the target URL and all the URLs beginning with the same hostname, regardless of the scheme and port number. Therefore if you enter https://example.com/testfolder/test.php the following URLs will be tested:

  • https://example.com/index.php
  • http://example.com/register/
  • https://example.com/testfolder/test.php
  • http://example.com/testfolder/test/test.php?id=1
  • http://example.com:81

Previous Page Next Page