All Collections
Scanning
Settings
How to customize a scan profile
How to customize a scan profile

Learn how to create custom scan profiles to adjust and fine-tune scans for your targets.

Jaime Vasconcelos avatar
Written by Jaime Vasconcelos
Updated over a week ago

Probely provides a variety of built-in scan profiles to choose from and define how your targets are scanned. Each of these built-in scan profiles is, in fact, a group of scanning conditions that are pre-configured by Probely to provide certain pre-defined scanning behaviors.

Probely also allows the customization of scan profiles if you need to adjust and fine-tune the scans for your targets.

Watch this video for an overall view of Custom Scan Profiles.

Customize a Scan Profile

In the Probebly app, customize a scan profile as follows:

  1. Open the dropdown menu on the top-right corner of the navigation bar and click on Scan Profiles.

  2. On the Scan Profiles screen, you have three options to customize a scan profile:

    1. Add - Click on the ADD CUSTOM PROFILE button to create a new custom scan profile starting from a blank configuration.

    2. Clone - Click on the Clone button of a scan profile in the list to create a new custom scan profile based on an existing configuration and adjust it to your needs.

    3. Edit - Click on the Edit button of a scan profile in the list to adjust its configuration. This option is unavailable for built-in scan profiles, which can only be cloned.

  3. In the form that follows, configure the custom scan profile:

    1. Type the name.

    2. Type a description (optional).

    3. Customize the scanning behavior, divided into three sections:

      1. GLOBAL

        1. Target type - Choose the type of target for which this scan profile is available: Web applications or standalone APIs.

        2. HTTP methods - Choose the type of HTTP methods to be used in scanning requests. It will allow the choice of an ideal set of methods for targets with websites or applications that are in production.

        3. Scan Speed - Choose the throughput of scanning requests regarding the target’s response time to avoid overloading the target with too many requests and optimizing the resources consumed by a scan.
          Regardless of the scan speed, if Probely detects that the target is not able to handle the requests throughput during a scan, the scanner will automatically throttle down to attain the optimal performance.

        4. Request Delay - Set the time delay (in milliseconds) between requests for each scanning thread. It is an approximate value and is more accurate for slower Scan speed settings.

          The maximum delay allowed is 5000ms. If not defined, there is no delay between requests.

        5. Limit scan duration - Set the maximum time the scan is allowed to run. If not set, there is no limit. The usage of this setting might cause the scan to miss vulnerabilities.

      2. CRAWLER

        1. Crawler deduplication - Probely uses a Simhash algorithm to detect similar pages and scan only a few of them. A page is considered similar if it shares the same HTML element structure.

          This feature is enabled by default. Unticking the checkbox turns it off and can increase the scan duration significantly.

        2. URL pattern detection - Probely detects patterns in URLs identifying similar pages and scans only a few of them. For instance, pages like /2023-10-08-probely-scanner-finds-another and /2022-03-18-cibersecurity-is-important share the pattern /YYYY-MM-DD- followed by several words separated by a hyphen. This feature is enabled by default. Unticking the checkbox turns it off and can increase the scan duration significantly.

        3. Maximum URLs crawled - Set the maximum number of URLs the crawler visits.

          The maximum value available is 50.000. The default is 5.000, a good compromise between coverage and scan time.

      3. SCANNER

        1. Scanner Payloads - Choose the diversity of payloads and headers used for testing vulnerabilities to fine-tune the number of scanning requests made to each URL of the target.
          Regardless of the scanner payloads, the vulnerabilities considered for testing are the same.

        2. Vulnerabilities - Choose the vulnerabilities to be verified by the scanner: all or a specific subset.

  4. Click on SAVE to finish the customization of the scan profile.

Once created, custom scan profiles are available in the list of profiles in the target settings. You only have to switch the scan profile of the target to the desired custom scan profile.

Finally, you can delete a custom scan profile by clicking the Delete button on the list of scan profiles, and Probely will prompt you to confirm your action. If one or more targets still use the profile to be deleted, Probely also indicates which will be the replacement scan profile to set in those targets.

Did this answer your question?