You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory. Skips messages which originally resulted in a client or server error response status code.
This rule attempts to identify MongoDB specific NoSQL Injection vulnerabilities. It attempts various types of attacks including: boolean based, error based, time based, and authentication bypass. It does not include time based attacks. It will also attempt JSON parameter specific payloads if the scan is configured to include JSON parameter variants.
| Browser | AJAX Spider relies on an external browser to crawl the targeted site. You can specify which one you want to use. For more details on supported browsers refer to "Selenium" add-on help pages. | Firefox Headless |
18
-
| Number of Browser Windows to Open | You can configure the number of windows to be used by AJAX Spider. The more windows, the faster the process will be. | Num cores |
19
-
| Maximum Crawl Depth | The maximum depth that the crawler can reach. Zero means unlimited depth. | 10 |
20
-
| Maximum Crawl States | The maximum number of states that the crawler should crawl. Zero means unlimited crawl states. | 0 (unlimited) |
21
-
| Maximum Duration | The maximum time that the crawler is allowed to run. Zero means unlimited running time. | 60 minutes |
22
-
| Event Wait Time | The time to wait after a client side event is fired. | 1000 ms |
23
-
| Reload Wait Time | The time to wait after URL is loaded. | 1000 ms |
24
-
| Enable Browser Extensions | When enabled, any browser extensions added by other add-ons will be enabled in the browsers used for crawling. | False |
25
-
| Click Elements Once | When enabled, the crawler attempts to interact with each element (e.g., by clicking) only once. If this is not set, the crawler will attempt to click multiple times. Unsetting this option is more rigorous but may take considerably more time. | True |
26
-
| Use Random Values in Form Fields | When enabled, inserts random values into form fields. Otherwise, it uses empty values. | True |
27
-
| Click Default Elements Only | When enabled, only elements "a", "button" and "input" will be clicked during crawl. Otherwise, it uses the table below to determine which elements will be clicked. For more in depth analysis, disable this and configure the clickable elements in the table. | True |
28
-
| Select elements to click during crawl (table) | The list of elements to crawl. This table only applies when "click default elements only" is not enabled. Use "enable all" for a more in depth analysis, though it may take somewhat longer. | All enabled |
29
-
| Allowed Resources (table) | The list of allowed resources. The allowed resources are always fetched even if out of scope, allowing to include necessary resources (e.g. scripts) from 3rd-parties. ||
| Browser | AJAX Spider relies on an external browser to crawl the targeted site. You can specify which one you want to use. For more details on supported browsers refer to "Selenium" add-on help pages. | Firefox Headless |
18
+
| Number of Browser Windows to Open | You can configure the number of windows to be used by AJAX Spider. The more windows, the faster the process will be. | Num cores |
19
+
| Maximum Crawl Depth | The maximum depth that the crawler can reach. Zero means unlimited depth. | 10 |
20
+
| Maximum Crawl States | The maximum number of states that the crawler should crawl. Zero means unlimited crawl states. | 0 (unlimited) |
21
+
| Maximum Duration | The maximum time that the crawler is allowed to run. Zero means unlimited running time. | 60 minutes |
22
+
| Event Wait Time | The time to wait after a client side event is fired. | 1000 ms |
23
+
| Reload Wait Time | The time to wait after URL is loaded. | 1000 ms |
24
+
| Enable Browser Extensions | When enabled, any browser extensions added by other add-ons will be enabled in the browsers used for crawling. | False |
25
+
| Click Elements Once | When enabled, the crawler attempts to interact with each element (e.g., by clicking) only once. If this is not set, the crawler will attempt to click multiple times. Unsetting this option is more rigorous but may take considerably more time. | True |
26
+
| Use Random Values in Form Fields | When enabled, inserts random values into form fields. Otherwise, it uses empty values. | True |
27
+
| Click Default Elements Only | When enabled, only elements "a", "button" and "input" will be clicked during crawl. Otherwise, it uses the table below to determine which elements will be clicked. For more in depth analysis, disable this and configure the clickable elements in the table. | True |
28
+
| Select elements to click during crawl (table) | The list of elements to crawl. This table only applies when "click default elements only" is not enabled. Use "enable all" for a more in depth analysis, though it may take somewhat longer. | All enabled |
29
+
| Scope Check | How the scope is checked: * `Strict` - enforces that all requests need to be in scope to be accessed, with the exception of the Allowed Resources. * `Flexible` - allows all requests to be accessed. This scope check does not use nor require configuring the Allowed Resources for targets that need domains out of scope to work. This scope check has the side effect of allowing out of scope domains to be accessed, but not crawled. | Strict |
30
+
| Logout Avoidance | When enabled, the spider will avoid clicking common logout elements, which does not require manually excluding them. | False |
31
+
| Allowed Resources (table) | The list of allowed resources. The allowed resources are always fetched even if out of scope, allowing to include necessary resources (e.g. scripts) from 3rd-parties. ||
Copy file name to clipboardExpand all lines: site/content/docs/desktop/addons/ajax-spider/scandialog.md
+4Lines changed: 4 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -75,6 +75,10 @@ The time to wait after a client side event is fired.
75
75
76
76
The time to wait after URL is loaded.
77
77
78
+
### Scope Check
79
+
80
+
How the scope is checked, for more information refer to the Options AJAX Spider screen.
81
+
78
82
### Allowed Resources
79
83
80
84
The list of allowed resources. The allowed resources are always fetched even if out of scope, allowing to include necessary resources (e.g. scripts) from 3rd-parties.
0 commit comments