Working With Scope

In this tutorial you will lean how to use the scoping mechanism in order to allow or restrict scanning activities in specific locations. This scoping mechanism is available in multiple tools such as the Scanner, the Spider and many others.

Step 1

We will be making use of the Scanner in order to illustrate how the scope works. First, let's open the tool and setup any target. You don't have to do this step to configure the scope but it will be useful for testing purposes.

Screenshot 01

Step 2

Click on the scope button. This will open the scoping screen.

Screenshot 02

Step 3

In the scope we can define two types of rules: include and exclude regular expressions. Both are used depending on the situation. For example, imagine that we don't want the scanner to visit the logout url. To restrict this we simple enter logout\.php in the exclude URLs section.

Screenshot 03

Step 4

Because rules are defined as regular expressions mistakes may happen. This is why it is a good idea to test your setup before you proceed with the test. Use the testing area by entering any urls you like to test. Click on the test button. At the bottom of the screen you will see if the entered urls are in or out of scope. Keep in mind that all text areas accept multiple lines therefore you can make very complex setups easily in a single go.

Screenshot 04