Steps to perform Penetration Testing
Initial steps to start the scan are as
- Choose the Penetration Testing from the left navigation bar.
- Enter the URL which you want to scan.
- Select the browser as per your preference from the list.
- You can also choose the Any Browser(Manual Configuration) to connect the browser with manual configuration. Choosing this option will not open any browser. It will only open the proxy port.
- Enter the PORT and click on
- After the browser is launched, crawl all the pages of the website and interact with all input of the pages.
To intercept the request follow these steps
- Go to intercept tab and turn ON the intecept.
- Now you will start intercepting the request.
- Here you can edit the request and to send it to server click on
Send to Server.
- To drop te request click on the
- To get the response and edit it before displaying to front end click on
Break on Response
- To use the request later for testing send it to compose by clicking on
Send to Compose
To use the compose feature follow these steps
- You can add the request in compose by intercepting the request and sending it by clicking on
Send to Compose
- You can also add the request to compose from the history table by right clicking the request and send to compose
- Click on the compose tab to view all the available request.
- From here you can edit the request and use it as per your need.
To start the scan follow these steps
- After the crawling of pages is done, right click on the left tree node (on your host) and click
- On the click of scan you will get 3 pop up, provde input in all of them.
You will get these 4 pop up to provide details
- Scan Configuration
- CSRF Token Generation
Concurrent Request to send the number of parallel request,
Web Crawler Timeout lets you set timeout for the crawling request send,
Scan Request Timeout lets you set the timeout for the scan.
Crawler: If you click on yes then it will start crawling the website. Our crawling mechanism performs in-depth scanning in your website. You can identify the webpages exposed on the website.
Authentication: For authentication we have several mode which are as follows
- Fetch session cookie from proxy.
- Manually enter session cookie.
- Simple form authentication.
- Complex authentication
CSRF Token Generation: This module is to bypass the CSRF token, if your scanning website have the CSRF provide the token key and value and click on
Check & Save then click
Scan. If CSRF check is not available click on
Skip & Scan
- After the scan is completed, you can generate the report and save the data externally.
To generate the report follow these steps :
- Right-click over the scanned host and click
- This will generate the report in the html format.
- Save the file in your prefferred location.
Saving scan externally
There we have two option to save the scanned data extenally. To save the scan data follow these steps
- After the completion of the scan we get notification to save the data. To save click on ok and choose the preffered location and save the data.
- To save afterwards Right-click over the scanned host and click on the
Saveand choose the preffered locaiton.