Skip to content

Scope permissions per-URL

Define what actions are allowed for each URL in the scope during the pentest configuration:

  • Out of Scope: The url will not be accessed at all by our agents.
  • Detect: Crawl, fetch, and interact non-destructively.
  • Exploitation: Actively attempt exploitation where safe and permitted. Finds most vulnerabilities at low false-positive rate. Warning: In Exploitation mode the agents may compromise system availability!

Tips:

  • Allow Exploit on test environments: Exploitation significantly reduces false-positives and and finds more vulnerabilities.
  • Go safe: In case you are uncertain, use the Detect mode.
  • Permissions: You must set any detected URLs outside your own ownership to Out of Scope in order to ensure you don't compromise other property.
? SQUR