Global Scanner Configuration

Scan configuration allow you to send custom request headers, enforce the vulnerability scanners to follow a rate limit or specify a custom timeout setting.

Custom HTTP request headers

Custom HTTP request headers can be set to help comply with target-specific requirements. Custom headers allow you to pass authentication data such as the “Cookie” or “Authorization” request header.

By default, only a generic User-Agent is sent by the scanner with the intent to help limit detection by Web Application Firewalls (WAFs) and other custom network filters responsible for rejecting incoming request from bots that your target may use.

Rate limiting settings

A delay, a numerical value submitted in milliseconds, instructs the scanner how long it must wait between each sent HTTP request. A delay can help to adhere to a rate limit and avoid overwhelming a target server.

The default delay value is set to 0. As mentioned in the best practices, you may need to adjust this parameter in case your target is not capable of accepting concurrent requests.

A delay may never be a negative digit. It may also never exceed 15.000 milliseconds (or 15 seconds).

Timeout settings

A timeout, a numerical value submitted in milliseconds, dictates how long a single HTTP request may take before the scanner closes the HTTP connection and moves on to the next target item.

The default timeout is set to 7000. As mentioned in the best practices, you may need to adjust this parameter in case your target takes longer to return a response.

A timeout may never be a negative digit. It may also never exceed 180.000 milliseconds (or 180 seconds).

VPN connection settings

A VPN Connection can help your scanner reach internal networks. It can also help to mask the public IP of our scanners.

Learn more about how to create and use a VPN Connection Profile.

Best Practices

We recommend you to follow the best practices we’ve lined up here.

Was this page helpful?

Pentesting ToolsSubdomain Takeover Scanner