Is there a way for WRBINSPECT to scan all ports under the domain?

we are currently scanning our app using WEBINSPECT. Although we are using a lot of ports (in our application), WEBINSPECT scans only the single port that id used in the login URL.

Any suggestions how we can use WEBINSPECT tso it will scan all ports under the domain?

Tags:

  • Yes and no.

    By default, WebInspect will only scan the host as specified in the Target URL field of the scan wizard.  Off-site script includes will be requested from secondary hosts, but those other hosts will not be scanned overall.  These script includes are generally necessary to parse the current target's app effectively, but if you wish to disable that default side behavior you would find it under the Scan Settings > Content Analyzers > JavaScript/VBScript panel > "Reject script include...".

    If you wished to include secondary hosts in your scan, you may add them to the Allowed Hosts scan setting panel.  For example, when scanning our demo site zero.webappsecurity.com:80, WebInspect will not automatically "bleed out" and audit zero.webappsecurity.com:443 unless you add an Allowed Host entry for 443.  This is part of the suggested scan template used when that target is profiled.  Bear in mind that if you choose to use Allowed Hosts, there must be at least a single URL found in the current Target URL scope that leads the WebInspect scanner over to that secondary host.  If there are no links, then there is no Crawl to permit, etc.  You can pre-load such links using a Start Macro (Authentication scan settings panel) or by using one or more Workflow Macros in a Workflow-Driven scan wizard (in addition to the Allowed Hosts entries).  Most customers do not want all applications hosted on a single server to be scanned at on time.  It is generally also not a good idea to include too many Hosts in a single scan, or else you will run into very long scans or developer complaints about mixed findings/servers.  As an example of that, try scanning the DVWA demo application without using a Restrict To Folder setting, and watch WebInspect climb out of your targeted application and then down to all of the others installed with that suite.

    An alternative to bundling many Hosts in a single scan may be to use the Enterprise Scan wizard.  This is nothing more than a good way to line up numerous, discrete scans back-to-back.  The Scheduler tool in WebInspect is fairly basic, and if the prior scheduled scan is still active then the next one you defined and set may not begin at its assigned time.  The Enterprise Scan wizard gets around this by automatically running the defined scans one after the other in series, regardless of the time.  And it permits you to customize the scan type (Web Site or SOAP Web Service) as well as all of the scan settings for each defined target.