Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Additional step for scanner options when launching active scanner.

Cláudio André Mar 06, 2015 10:59AM UTC

It would be awesome to have an additional step when launching an active scan, for configuring what are the parameters that we want to scan without have to mess with the general config.

For example: Lets say that for this scan I only want to test MySQL SQL Injections in URL parameters or only want to test for XSS in Body Parameters.


Dafydd Stuttard Mar 09, 2015 10:57AM UTC Support Center agent

Thanks for this request. We do plan to support per-item configuration in future, so you’ll be able to configure specific insertion points or scan checks for specific items that are sent for scanning. We can’t currently provide an ETA for this feature, sorry.


mak Mar 11, 2015 03:49PM UTC
Is this still planned ?

Dafydd Stuttard Mar 12, 2015 08:59AM UTC Support Center agent

Yes, our plans haven’t changed in the last 3 days!


Cláudio André Mar 13, 2015 02:21PM UTC
Thnks for the feedback Dafydd.

Smeege Security Mar 30, 2015 03:29PM UTC
You may already know OP, but you can do this on a per-request basis. Just send your request(s) to intruder and mark which parameters you want to active scan, then right click the request and select 'Actively scan your defined insertion points' from the context menu. Obviously this only handles one request at a time which may be tedious especially when you want to active scan an entire application, but I find it works really well to avoid useless/duplicate active scan requests, and allows me as a tester to use my own knowledge of the application to determine the best active scanning configuration.

Mark jayson Alvarez Sep 14, 2015 11:48AM UTC
The problem with using the Intruder is that you still have no control over what kind of tests can be done with the marked parameters. The OP wants to test certain parameters only for XSS or SQL injection. The Scanner options can be customized but the effect is global.

Post Your public answer

Your name
Your email address
Answer