Deep Scans

What are Deep Scans?

Contrary to a Quick Scan, Deep Scan is a scan that is executed once in a workflow-like method to uncover vulnerabilities in your selected target or URL.

Starting a Deep Scan on a single URL

To start or launch a Deep Scan:

  • Navigate to /scans/new
  • Select Deep Scan
  • Select URL in case this option is not selected

Next, under the Target URL section, enter your URL to scan. Example: https://example.com/.

Afterwards, select what web security vulnerabilities you’d like to scan for. As we already defined our target URL to scan, we would not have to perform any kind of asset discovery (except content discovery, more on this later).

Deep Scans Options

And finally, click on Run Scan to run the scan. You will be redirected in a moment to the results page.

Live Results: The scanner is capable of saving the first results as soon as they are available. This may mean that your scan is marked as “finished” but still has a few scans running in the background.

You can consult the Scans tab in your Deep Scan result page to view the status of each individual child process launched.

What is happening now after I start a Deep Scan?

The workflow is optimized to uncover as much many vulnerabilities as possible. The scanner first starts off with a thourough content discovery scan. This scan (performed by SPIDER X) is responsible for gathering all possible paths, app routes, files, and possible (query) parameters through various methods like:

  • Headless crawling (including listening for browser events and enumerating app routes from well-known technologies in global Window Objects)
  • JavaScript Code Analysis
  • HTTP Response Analysis
  • Public Web Archives
  • Common Config Files (like robots.txt and sitemap.xml)
  • And soon also targeted bruteforcing with dynamically generated wordlists based on a few key parameters (like technologies, language, common naming patterns, etc.)

After the content discovery scan finishes, it will automatically pass the data to the next scanners to scan for for example CWE-79 (XSS) or CWE-601 (Open URL Redirects).

More scanners will be added over time.

WAYPOINTS Integration

WAYPOINTS is our new template-based scanner which allows you to define scanner rules and find all sorts of security vulnerabilities. This can significantly help increase the discovery of 0-day and 1-day security vulnerabilities (often used to gain initial foothold into an organisation’s network).

By default, all private templates created and tagged with “DEEPSCAN” will be ran by default on the selected URL(s). Learn more about WAYPOINTS and Creating a Template.

Why Nova Security ScannerWAYPOINTS Template-based Scanner