Command Line Interface

Invicti Standard has a command line interface that you can use to launch a scan. It can be used to integrate automated web application security scans, for example to trigger a scan via a third party application once new source code is submitted to a project. You can also use the command line feature to automate scan operations, including complex scan sequences that target many domains.

Command Line Arguments

When using the command line interface, you can use arguments to pre-configure the web vulnerability scanner and also specify post scan tasks, such as the generation of a scan report. Here is a list of all the available arguments:

Name: Autopilot Mode

Argument: /a, /auto

For: When this argument is used, Invicti Standard will execute the designated scan, generate a report in the specified location using the specified report template and then exit.

The autopilot option is most commonly used when Invicti Standard is invoked as part of a batch process.

Name: Scan Profile Name

Argument: /p, /profile        

For: Use this argument to specify the name of the Scan Profile that should be used during the scan. If not specified, the default Scan Profile will be used.

Scan Profiles provide a powerful and convenient mechanism to pass complex sets of scan configuration data during command line execution. For example, a profile allows the following scan settings to be defined within Invicti Standard, and accessed as a single named configuration:

• The target URL and the scope of the scan, relative to that URL
• The range of selected security tests, through selected Scan Policy
• The number of threads used for crawling and attacking through selected Scan Policy
• Authentication settings required to scan the target.
• The active parsers and how their extracted links will be interpreted
• The target back-end database by selecting an optimized policy.

Scan Profiles also support advanced scanning concepts, such as the ability to manually import links or add HTTP requests. For further information, refer to Overview of Scan Profiles.

Name: Target URL

Argument: /u, /url

For: Use this option to specify the address (URL) of the target web application or web service. This is a mandatory argument unless a Scan Profile which includes a URL has been specified.

If a Scan Profile is specified, Invicti Standard will derive its target URL from the Scan Profile. If a Scan Profile is specified and the URL configuration parameter is also specified, Invicti Standard will ignore the Scan Profile and derive its target URL from the target URL parameter.        

Name:  Report Path

Argument: /r, /report

For: Use this option to either specify the filename or the path where the report should be saved. If only the filename is specified, the report will be created in the folder from which Invicti Standard is launched. If the target path contains space characters, the path must be specified in double quotes.

This argument should always be used in conjunction with the /auto argument.

Name: Report Template Name

Argument: /rt, /reporttemplate

For: Use this argument to specify the name of the report template. If not specified, the Default Scan Report will be used. You can also use this argument multiple times to export several reports using different templates.

Name: Vulnerability

Argument: /v "conf,unconf,var"

For: Use this option to export confirmed/unconfirmed vulnerabilities or variations in reports.

Note: If the parameter is missing, Confirmed and Unconfirmed vulnerabilities will be exported. The parameter can be used as follows:

• /v "conf,unconf"
• /v "conf"
• /v "unconf,var"

or

• -v "conf,unconf"
• -v "conf"
• -v "unconf,var"

Name: Help
Argument: /h, /help
For: Use this argument to see a list of all the available arguments.

Name: Silent Mode

Argument: /silent

For: Use this argument to suppress error messages. This argument is ideal for scheduling scans and automated jobs.

Name: Authentication Credentials

Argument: /auth

For: Use this argument to specify a combination of username, password and domain information that Invicti Standard should use with Basic, Digest and NTLM authentication.  Some examples follow:

/auth username password

/auth username password "host or domain"

/auth username@domain password

/auth host\username password

If the username, password or domain contain a space character, they must be specified in double quotes, as shown in these examples. As an alternative to using the /auth argument, credentials can be configured as part of a Scan Profile.

Name: Log HTTP Requests

Argument: /lr, /logrequests

For: Use this option to log all HTTP requests that the Invicti Standard scanner sends and receives during a web application security scan. The HTTP requests will be saved in a file called “HttpRequests.saz” and will be located within the current scan directory. You can use Fiddler to view the contents of the log file.

Name: Setting Invicti log level from CLI

Argument: /loglevel [1-6]

For: Use this option to set Invicti Standard's logging level. /loglevel must be followed with an argument value and it must be between 1 and 6.

Note: Meaning of integer values are:

1. Critical
2. Error
3. Warning
4. Information
5. Verbose
6. Activity Tracking

Command Line Examples

This section includes some examples of how the command line interface can be used in Invicti Standard.

How to scan a website and generate a report

1. Open a Command Prompt.
2. Change the current directory to the one in which netsparker.exe is installed.
3. Enter the following:

• Command: Invicti /a /url http://test23.example.com /rt "Detailed Scan Report" /r "C:\reports\scan report.html"
• Explanation: Scan http://test23.example.com and generate a report using the Detailed Scan Report template. Save the report to C:\reports\scan report.html.

• Command: Invicti /a /url http://test23.example.com /rt "Vulnerabilities List (JSON)" /r "C:\reports\scan report-1.json"
• Explanation: Scan http://test23.example.com and generate "Vulnerabilities List" report with JSON format

How to scan a website and generate two Reports

1. Open a Command Prompt.
2. Change the current directory to the one in which netsparker.exe is installed.
3. Enter the following:

• Command: Invicti /a /url http://test23.example.com /r "C:\reports\scan report-1.html" /rt "Detailed Scan Report" /r "C:\reports\scan report-2.html" /rt "OWASP Top Ten 2013 Report"
• Explanation: Scan http://test23.example.com and generate two reports; scan report-1.html using the Detailed Scan Report template, and scan report-2.html using the OWASP Top Ten 2013 Report template.

How to scan a website with NTLM Authentication

1. Open a Command Prompt.
2. Change the current directory to the one in which netsparker.exe is installed.
3. Enter the following:

• Command: Invicti /a /url http://test23.example.com /auth john.doe "secret password" example.com
• Explanation: Scan http://test22.example.com, and use the username john.doe and password secret password when challenged for credentials.

How to generate a report from a saved scan

1. Open a Command Prompt.
2. Change the current directory to the one in which netsparker.exe is installed.
3. Enter the following:

• Command: Invicti /silent /auto /generatereport MyScan.nss /r "Detailed Scan Report.htm" /rt "Detailed Scan Report"
• Explanation: Load the scan session file MyScan.nss and generate the report Detailed Scan Report.htm using the report template Detailed Scan Report.

How to set the Invicti Log Level

1. Open a Command Prompt.
2. Change the current directory to the one in which netsparker.exe is installed.
3. Enter the following:

• Command: Invicti /loglevel 3
• Explanation: Set the logging level to 3 (warning)

Scanning multiple websites using the command line interface

There are four steps to scanning multiple websites using the command line interface:

1. Create a text file with a list of targets
2. Create the scan profiles (optional)
3. Write the Microsoft PowerShell Script to Launch the Scans/Write the Microsoft PowerShell script to launch back-to-back scans
4. Launch the Security Scans

Each is explained below.

Create a text file with a list of targets

Create a text file with a list of all the URLs of the target websites you want to scan. For this example the text file will be called targets_list.txt. Each target URL should be on a line of its own, as shown in this example:

Create the scan profiles (optional)

If you are not using the default Scan Profile, create a new one for each website you want to scan using Invicti Standard. You need this if you want to configure Form Authentication or the Scan Policy Optimizer.

For this example we have the following scan profiles:

• Website: http://php.testsparker.com/

Scan Profile: php.testsparker.com

• Website: http://aspnet.testsparker.com/

Scan Profile: aspnet.testsparker.com

For further information, refer to Overview of Scan Profiles.

Write the Microsoft PowerShell script to launch the scans

Use Microsoft PowerShell script to trigger the security scans, replacing the sample variables used in this example with yours.

Write the Microsoft PowerShell script to launch back-to-back scans

For this section, it is the same as above, but using this script instead to run back-to-back scans.

PowerShell script variables

This table lists the PowerShell script variables.

Launch the Security Scans

Once you trigger the Microsoft PowerShell script, Invicti Standard will scan all the target websites and web applications listed in the text file created during the first step of this post, and create a Detailed Scan Report on each of the scans.

For further information, refer to Detailed Scan Report.