Ir al contenido
1337skills 1337skills - Hojas de Trucos

Acunetix

Acunetix is a web vulnerability scanner automating discovery and remediation of OWASP Top 10 vulnerabilities across web applications.

Installation

Linux

# Download and install
wget https://releases.acunetix.com/acunetix/linux/acunetix_linux_x64.tar.gz
tar -xzf acunetix_linux_x64.tar.gz
cd acunetix && sudo ./install.sh

# Start service
sudo systemctl start acunetix
sudo systemctl status acunetix

Docker

# Pull and run official image
docker pull acunetix/acunetix
docker run -d -p 3443:3443 --name acunetix acunetix/acunetix

# Access: https://localhost:3443

Scan Configuration

Create Scan via API

# Get API token (from web UI)
API_TOKEN="your_api_token"
TARGET_URL="https://example.com"

# Create scan
curl -X POST "https://localhost:3443/api/v1/scans" \
  -H "X-API-CSRF: $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "address": "'$TARGET_URL'",
    "description": "Full scan",
    "profile_id": "1"
  }'

Scan Profiles

# Get available profiles
curl -s "https://localhost:3443/api/v1/scanning_profiles" \
  -H "X-API-CSRF: $API_TOKEN" | jq '.'

# Profile IDs:
# 1 - Full Scan
# 2 - High Risk Vulnerabilities
# 3 - Malware Detection
# 4 - Mobile Scan

Common Scanning Tasks

CommandDescription
Create full scanFull website audit with all checks
Crawl targetDiscover all pages and endpoints
Login scanScan authenticated portions
API scanTest REST/GraphQL endpoints
Compliance scanCheck PCI DSS, HIPAA requirements

Start Scan via API

# Start full scan on target
curl -X POST "https://localhost:3443/api/v1/scans" \
  -H "X-API-CSRF: $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "address": "https://target.com",
    "profile_id": 1,
    "schedule": {
      "disable": false,
      "start_date": "2025-03-30T10:00:00Z",
      "time_sensitive": false
    }
  }'

Stop/Resume Scans

# Pause scan
curl -X PATCH "https://localhost:3443/api/v1/scans/SCAN_ID" \
  -H "X-API-CSRF: $API_TOKEN" \
  -d '{"action": "pause"}'

# Resume scan
curl -X PATCH "https://localhost:3443/api/v1/scans/SCAN_ID" \
  -H "X-API-CSRF: $API_TOKEN" \
  -d '{"action": "resume"}'

# Delete scan
curl -X DELETE "https://localhost:3443/api/v1/scans/SCAN_ID" \
  -H "X-API-CSRF: $API_TOKEN"

Viewing Results

Get Scan Status

# List all scans
curl -s "https://localhost:3443/api/v1/scans" \
  -H "X-API-CSRF: $API_TOKEN" | jq '.scans[] | {id, status}'

# Get specific scan details
curl -s "https://localhost:3443/api/v1/scans/SCAN_ID" \
  -H "X-API-CSRF: $API_TOKEN" | jq '.scan'

Export Reports

# Generate HTML report
curl -X POST "https://localhost:3443/api/v1/scans/SCAN_ID/report" \
  -H "X-API-CSRF: $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"template_id": 1}' > report.html

# Export to PDF
curl -X GET "https://localhost:3443/api/v1/scans/SCAN_ID/report?template_id=2" \
  -H "X-API-CSRF: $API_TOKEN" -o scan_report.pdf

Vulnerability Details

# Get vulnerabilities in scan
curl -s "https://localhost:3443/api/v1/scans/SCAN_ID/vulnerabilities" \
  -H "X-API-CSRF: $API_TOKEN" | jq '.vulnerabilities[]'

# Filter by severity
curl -s "https://localhost:3443/api/v1/scans/SCAN_ID/vulnerabilities?severity=high" \
  -H "X-API-CSRF: $API_TOKEN" | jq '.'

Target Management

Add Target

# Create new target
curl -X POST "https://localhost:3443/api/v1/targets" \
  -H "X-API-CSRF: $API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "address": "https://myapp.com",
    "description": "Production application",
    "criticality": "3"
  }'

# Scan target immediately
curl -X POST "https://localhost:3443/api/v1/targets/TARGET_ID/scans" \
  -H "X-API-CSRF: $API_TOKEN" \
  -d '{"profile_id": 1}'

Target Groups

# Create group
curl -X POST "https://localhost:3443/api/v1/target_groups" \
  -H "X-API-CSRF: $API_TOKEN" \
  -d '{"name": "Production Apps"}'

# Add target to group
curl -X POST "https://localhost:3443/api/v1/target_groups/GROUP_ID/targets" \
  -H "X-API-CSRF: $API_TOKEN" \
  -d '{"target_id": "TARGET_ID"}'

Scheduling & Automation

Scheduled Scans

# Create recurring scan (weekly)
curl -X POST "https://localhost:3443/api/v1/scans" \
  -H "X-API-CSRF: $API_TOKEN" \
  -d '{
    "address": "https://target.com",
    "profile_id": 1,
    "schedule": {
      "disable": false,
      "start_date": "2025-04-01T02:00:00Z",
      "frequency": "weekly",
      "time_sensitive": false
    }
  }'

# List scheduled scans
curl -s "https://localhost:3443/api/v1/scans?type=scheduled" \
  -H "X-API-CSRF: $API_TOKEN" | jq '.'

Compliance & Policies

Compliance Scanning

# Get available compliance profiles
curl -s "https://localhost:3443/api/v1/compliance_profiles" \
  -H "X-API-CSRF: $API_TOKEN" | jq '.'

# Create PCI DSS scan
curl -X POST "https://localhost:3443/api/v1/scans" \
  -H "X-API-CSRF: $API_TOKEN" \
  -d '{
    "address": "https://payment.com",
    "profile_id": 5,
    "compliance": "pci_dss"
  }'

Exclusions & Settings

# Exclude URLs from scan
curl -X POST "https://localhost:3443/api/v1/targets/TARGET_ID/exclusions" \
  -H "X-API-CSRF: $API_TOKEN" \
  -d '{"pattern": "/admin/*"}'

# Set login credentials
curl -X POST "https://localhost:3443/api/v1/targets/TARGET_ID/credentials" \
  -H "X-API-CSRF: $API_TOKEN" \
  -d '{
    "username": "user@example.com",
    "password": "securepass",
    "type": "http_auth"
  }'

Advanced Operations

Custom Scan Profiles

# Create custom profile
curl -X POST "https://localhost:3443/api/v1/scanning_profiles" \
  -H "X-API-CSRF: $API_TOKEN" \
  -d '{
    "name": "Custom Scan",
    "checks": [
      "sql_injection",
      "xss",
      "csrf",
      "insecure_auth"
    ]
  }'

Integrations

# Webhook notification on scan complete
curl -X POST "https://localhost:3443/api/v1/webhooks" \
  -H "X-API-CSRF: $API_TOKEN" \
  -d '{
    "url": "https://my-server.com/webhook",
    "events": ["scan_completed"]
  }'

# Jira integration - post vulnerabilities
curl -X POST "https://localhost:3443/api/v1/integrations/jira" \
  -H "X-API-CSRF: $API_TOKEN" \
  -d '{
    "url": "https://jira.company.com",
    "username": "acunetix",
    "api_token": "TOKEN"
  }'

Command-Line Usage (if installed)

# Check version
acunetix --version

# Start service (Linux)
sudo systemctl start acunetix

# View logs
tail -f /var/log/acunetix/acunetix.log

# Configuration location
/etc/acunetix/conf.json
/var/www/acunetix/data/

Environment Variables

ACUNETIX_API_TOKEN="your_token"
ACUNETIX_URL="https://localhost:3443"
ACUNETIX_INSECURE="false"  # Skip SSL verification in dev

Troubleshooting

Service Issues

# Service won't start
sudo journalctl -u acunetix -n 50

# Reset to defaults
sudo systemctl stop acunetix
sudo rm -rf /var/lib/acunetix/*
sudo systemctl start acunetix

# Port already in use
sudo netstat -tulpn | grep 3443
sudo lsof -i :3443

API Authentication

# Get CSRF token for API
curl -s "https://localhost:3443/api/v1/account/profile" \
  -H "Cookie: PHPSESSID=<session>" | jq '.profile'

# Test connectivity
curl -k "https://localhost:3443" -v

Best Practices

  • Run scans during low-traffic windows to avoid impact
  • Exclude sensitive areas: /logout, /delete-account
  • Use separate targets for dev/staging/production
  • Schedule weekly or nightly automated scans
  • Review vulnerabilities promptly (CVSS > 7 first)
  • Integrate with CI/CD for pre-deployment scanning
  • Maintain exclusion lists for false positives
  • Keep Acunetix updated for new vulnerability checks
  • Use compliance profiles matching your industry
  • Archive historical reports for audit trails