If you're in a hurry or if you just want to test a subset of your target, Probely allows you to run Partial Scans.
Partial Scans can be very helpful, especially on a CI/CD pipeline, since they provide faster feedback, allowing you to deliver code changes more frequently and reliably, without disregarding the security of your target.
You can run Partial Scans in different ways:
By defining the reduced scope of your target
By setting up navigation sequences within your target
By enabling incremental scans
For setting up the Reduced Scope, you just need to go to your target's settings and identify the URLs you want us to analyse during Partial Scans - please note that only the target's hostname and defined extra hosts are allowed. Assuming your target’s URL is https://example.com/, some examples of possible reduced scopes are as follows:
While identifying the reduced scope URLs, don't forget to add the wildcard character *, so that all pages under that scope are analysed and scanned as well; otherwise only the file/path itself will be scanned.
You can add as many URLs as you need in order to define the intended reduced scope.
If you have an API residing on a different hostname than your target (Extra Host), you can also add some of its URLs here. Once you are done, just go to your target page, press Scan Now and start a Partial Scan!
By limiting the scope of the scan, it is possible that some of the sub-scopes (URLs) defined are not found. The root of your target will always be visited by the crawler in order to find possible valid endpoints. If you want to test some endpoints that are not accessible through your target’s root, make sure to go to the “Seeds List” module on your target settings and add the URLs where those endpoints are present.
For instance, assuming you want to test the endpoint
https://example.com/users/*/edit, which allows you to edit your users’ information, you may need to add the list of users’ URL,
https://example.com/users, as a seed on your seeds list.
Another way to run Partial Scans is to define Navigation Sequences. Once you’ve added your intended sequences to your target’s settings, you can decide that your scans should only run navigation sequences.
This can be done by checking the following checkboxes on your target’s settings, under the “Navigation Sequences” module:
Once you are done setting up your navigation sequences, just go to your target page, press Scan Now and start a Partial Scan!
During the “Navigation Sequences only” scan, the crawler will navigate solely through the selected sequences, running their recorded actions and subsequent requests, instead of analysing the whole target. In other words, during these scans, all intercepted requests during the sequence will be analysed. If you need to reduce the scope, you can complement this setting with the reduced scope setting detailed above.
Besides using the Reduced Scope and Navigation Sequences to narrow down the scope of scans, you can also enable Incremental Scans. With incremental scans you are limiting your scans to new URLs - that is, pages that haven’t been scanned before -, and to updated URLs - which are pages that have changed since the previous scan.
Incremental Scans are a great way for you to understand the impact of new developments or changes made to your target, since they provide you with fast and meaningful feedback.
To enable Incremental Scans, just go to your target’s settings, locate the “Partial Scans: Incremental” module, and activate this feature. Once you are done, just go to your target page and press Scan Now to start an Incremental Scan!
You can deactivate these features at any time by going to your target’s settings and disabling them.