Invicti is a product designed to help automate work in finding vulnerabilities in a web application, web service, website. Invicti can scan all types of web applications, regardless of the platform or language in which they are built. It also performs automatic vulnerability assessment, which helps prioritize troubleshooting. The function of automatic detection of current web resources is available to avoid resource-consuming manual procedures. Benefits of using Invicti: Time savings for the cybersecurity team. The scanner works according to an automated script to find vulnerabilities; the scanner does not require the user to have in-depth knowledge of cyber security. Scan reports will detail all vulnerabilities found. For example, if it is a sql injection, the scanner will indicate the name of the table and a potentially infected field; for QA testers, it is a useful advisor for reasoning to the development team in finding a vulnerability or backdoor. Most importantly, the product scans and automatically checks all types of legacy and modern web applications, such as HTML5, Web 2.0 and Single Page Applications (SPAs), as well as password-protected web resources.
To highlight potential damage and urgency, each vulnerability is automatically assigned a severity level at which it should be addressed. The Internet is continuously scanned by the asset discovery service to identify assets assigned to the user based on IP addresses, top level and second level domains, and SSL certificate information. Vulnerabilities found by Invicti – Blind SQL Injection, Server-side Template Injection, SQL Injection, Blind Command Injection, Local File Inclusion (LFI), Injection via Local File Inclusion, Boolean SQL Injection, Remote File Inclusion (RFI), Command Injection, XML External Entity (XXE) Injection, Remote Code Evaluation. Invicti also includes built-in team management and vulnerability management features that can be used to create roles, assign issues, review remediation processes, and retest after completion.
The site can be anything, depending on what site you want to test (scan for vulnerabilities in a web application, web service, website).
Select the Extensive Security Checks certificate.
To view all threats covered by the certificate.
When scanning with a policy that includes SSRF-based security checks, Invicti Standard may contact the server to detect the existence of some vulnerabilities. There is absolutely zero identifiable information in the requests that can trace the request back to the customer. In this case, you can refuse by clicking Clear and Next or agree and click Next.
This type of report is more generalized and shows only the final stage of the scan with all the collected statistics and a description of possible scenarios about the website.