Table of contents
- Installing Acunetix
- Sanning a website(gui)
- Scanning a website (command line)
- Analysing Scan results
- Scanning Web services
- Generating Reports
- Acunetix Reports
- Scheduling Scans
Acunetix web vulnerability scanner is a tool designed to discover security holes in your web applications that an at- tacker would likely abuse to gain illicit access to your systems and data. It looks for multiple vulnerabilities including SQL injection, cross site scripting, and weak passwords.
The application can be used to perform scanning for web and application vulnerabilites and to perform penetration testing against the identified . Mitigation suggestions are then provided for each weakness and can be used to increase the security of the webserver or application being tested.
You can download from official website : http://www.acunetix.com/vulnerability-scanner/download/
and intall like commons software .
Note: After you entered information to download , you don’t received link download maybe range ip in your location not support ,
you can change ip to US through extension on firefox : anonymosX .
Acunetix only run on Window Operation.
This is user interface when you start acunetix.
Acunetix Web Vulnerability Scanner allows you to secure your website quickly and efficiently.
It consists of the following components
- Web scanner
The Web Scanner launches an automatic security audit of a website. A website security
scan typically consists of two phases:
1. Crawling – Making use of Acunetix DeepScan, Acunetix Web Vulnerability Scanner
automatically analyzes and crawls the website in order to build the site’s structure.
The crawling process enumerates all files and is vital to ensure that all the files of
your website are scanned.
2. Scanning – Acunetix Web Vulnerability Scanner launches a series of web vulnerability
checks against each file in your web application – in effect, emulating a hacker. The
results of a scan are displayed in the Alert Node tree and include comprehensive
details of all the vulnerabilities found within the website.
- Port scanner
The Port Scanner performs a port scan against the web server hosting the scanned website.
Where open ports are found, Acunetix Web Vulnerability Scanner will perform network level
security checks against the network service running on that port. These include DNS Open
Recursion tests, badly configured proxy server tests, weak SNMP community strings, and
many other network level security checks.
- Target Finder
The Target Finder is a scanner that allows you to locate web servers (generally on ports 80,
443) within a given range of IP addresses. If a web server is found, the scanner will also
display the response header of the server and the web server software. The port numbers to
scan are configurable.
- Subdomain Scanner
Using various techniques, the Subdomain scanner allows fast and easy identification of
active sub domains of a toplevel domain. The Subdomain Scanner can be configured to use
the target’s DNS server or any other DNS server specified by the user
- Blind SQL injector
Ideal for penetration testers, the Blind SQL injector is an automated database data extraction
tool with which you can make manual tests to further analyze SQL injections reported during
- HTTP editor
The HTTP Editor allows you to create, analyze, and edit client HTTP requests and server
responses. It also contains an encoding and decoding tool to encode / decode text and URL’s
to MD5 hashes, UTF7 formats and many other formats.
- HTTP sniffer
The HTTP Sniffer acts as a proxy and allows you to capture, examine and modify HTTP
traffic between an HTTP client and a web server. You can also enable, add or edit traps to
capture traffic before it is sent to the web server or back to the web client.
- HTTP Fuzzer
The HTTP Fuzzer enables you to launch a series of sophisticated fuzzing tests to audit the
web application’s handling of invalid and unexpected random data. The HTTP Fuzzer also
allows you to easily create input rules for further testing in Acunetix Web Vulnerability
- Authentiation Tester
With the Authentication Tester you can perform a dictionary attack against login pages that
use both HTTP (NTLM v1, NTLM v2, digest) or form based authentication. This tool uses two predefined text files (dictionaries) containing a list of common usernames and passwords.
You can add your own combinations to these text files.
- Webservice Scanner and webservice editor
The Web Services Scanner allows you to launch automated vulnerability scans against
WSDL based Web Services. Web Services are commonly used to exchange data and
generally vulnerabilities in Web Services can easily be exploited in order to leak sensitive
In this post, I’ve show you introduction and overview about Acunetix Vulnerability Scanner , I hope it’s userful . The next post I’ll show you how to install and sanning a website with Acunetix .
- Web scanner