ScanSuite
  • Introduction
  • Architecture
  • Installation
    • Technical Requirements
    • Install ScanSuite server
    • Set up DefectDojo
    • Troubleshooting
    • SSL/TLS Setup
  • Administration
    • Setup parameters and services
    • Configuring API keys for external systems
    • User administration
    • Security logs
  • Usage
    • Products
    • Performing a static code analysis
      • Git repository authentication
      • Scheduling Periodic and Incremental Scans
      • (Optional) Compiling the code
      • Executing the OpenAI scan
    • Managing scan execution
    • Working with scan results
      • Checking for exploitable vulnerabilities
      • Export to Securitm
      • (Optional) Parsing CSV exports
    • Performing dynamic web scanning
      • Authenticated scans
      • API scans
    • Running infrastructure tests
    • Scheduling the scan
    • Creating own scanning rules
  • Versions History
    • v 1.0
    • v 1.1
    • v 1.2
Powered by GitBook
On this page
  1. Usage

Performing dynamic web scanning

Previous(Optional) Parsing CSV exportsNextAuthenticated scans

Last updated 9 months ago

ScanSuite supports both authenticated and non-authenticated web scanning modes with various scanners.

It is recommended to create separate products for different scan types, and maybe even website groups as it will be easier to examine the results later.

To run the web scan, follow the Dynamic Scanning tab, enter the comma separated list of the URLs, choose the scanners you want to invoke.

As usual, ensure the right Engagement ID number is set so the results will be saved within the intended product folder and click Submit:

ScanSuite supports the concept of distributed workers which take each scanning task and execute it. The number of workers can be easily extended as needed, check the Setup parameters and services in Administration section for more information.

As depicted below on the History – Logs screenshot, several scans have been started almost simultaneously, meaning 3 scanning workers are up and processing the tasks:

Once all targets are scanned by all chosen scanners, the scanning will be marked as Finished:

Note: Dirbusting / Gobuster results will not be exported to DefectDojo because of the nature of the scan. The best way to view revealed paths is by checking the scan logs or to download the Report by the end of the scan and check the scan reports: