Instructions for use of PP Invicti

31 March 2023 3 minutes Author: Endpool

Features and capabilities of Invicti

Invicti is a product designed to help automate work in finding vulnerabilities in a web application, web service, website. Invicti can scan all types of web applications, regardless of the platform or language in which they are built. It also performs automatic vulnerability assessment, which helps prioritize troubleshooting. The function of automatic detection of current web resources is available to avoid resource-consuming manual procedures. Benefits of using Invicti: Time savings for the cybersecurity team. The scanner works according to an automated script to find vulnerabilities; the scanner does not require the user to have in-depth knowledge of cyber security. Scan reports will detail all vulnerabilities found. For example, if it is a sql injection, the scanner will indicate the name of the table and a potentially infected field; for QA testers, it is a useful advisor for reasoning to the development team in finding a vulnerability or backdoor. Most importantly, the product scans and automatically checks all types of legacy and modern web applications, such as HTML5, Web 2.0 and Single Page Applications (SPAs), as well as password-protected web resources.

To highlight potential damage and urgency, each vulnerability is automatically assigned a severity level at which it should be addressed. The Internet is continuously scanned by the asset discovery service to identify assets assigned to the user based on IP addresses, top level and second level domains, and SSL certificate information. Vulnerabilities found by Invicti – Blind SQL Injection, Server-side Template Injection, SQL Injection, Blind Command Injection, Local File Inclusion (LFI), Injection via Local File Inclusion, Boolean SQL Injection, Remote File Inclusion (RFI), Command Injection, XML External Entity (XXE) Injection, Remote Code Evaluation. Invicti also includes built-in team management and vulnerability management features that can be used to create roles, assign issues, review remediation processes, and retest after completion.


1. Add a site to scan.

The site can be anything, depending on what site you want to test (scan for vulnerabilities in a web application, web service, website).

2.Configure scanning.

Select the Extensive Security Checks certificate.
To view all threats covered by the certificate.

3. Overview of the scan result

4. Create a scan report


The name of the vulnerability found. Degree of danger. Description of the threat and possible consequences of neglecting the found vulnerability.



Cross-site script

1. Prompt when installing malicious code



2. Address scanning

3. For the correct operation of the scanner, you need to complete the settings


Select the OS of the machine

1. Select the machine’s web server

2. Select the server MP

3. Select the server database

When scanning with a policy that includes SSRF-based security checks, Invicti Standard may contact the server to detect the existence of some vulnerabilities. There is absolutely zero identifiable information in the requests that can trace the request back to the customer. In this case, you can refuse by clicking Clear and Next or agree and click Next.

4. Choosing the type of web application:

5. Choosing which files the scanner should scan.

6. Checking the entered data for scanning selected at the previous stages. If everything is ok then Next.

7. Choice of storage location and report format.


Executive Summary Report

This type of report is more generalized and shows only the final stage of the scan with all the collected statistics and a description of possible scenarios about the website.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.