This crawler executes JavaScript, waits for async calls, fills out forms dynamically, and maps the entire DOM. It doesn't just scan page.php?id=1 ; it scans /#/dashboard/user/settings and every hidden API endpoint triggered by a button click.
By placing a tiny sensor agent inside the target application (Java, .NET, PHP, or Node.js), Acunetix moves from "black-box" guessing to "gray-box" certainty. acunetix vulnerability scanner
While the scanner sends malicious requests, the sensor monitors the code's internal execution. It sees exactly which line of code was reached, which sanitization functions failed, and whether a database query was actually altered. This crawler executes JavaScript, waits for async calls,
When testing for blind vulnerabilities, Acunetix generates unique payloads that trigger a DNS lookup or HTTP callback to Acunetix's own infrastructure. If that callback occurs, the scanner knows the vulnerability exists, even if the application's response looked perfectly normal. While the scanner sends malicious requests, the sensor
You can discover a critical SSRF vulnerability without crashing the server or waiting for logs to rotate. 4. Smart Authentication: Login Sequence Recording Scanning an authenticated area is traditionally a nightmare. Token rotation, CSRF tokens, multi-step logins, and CAPTCHAs break most scanners.