Adding paths via Import Files / API Definitions

You can add paths to your targets via import files or API definitions to guide the Acunetix crawler. This is useful when there are parts of a site that are not linked to the main target. By specifying paths for the crawler to add to the scan, you can ensure that any unlinked pages and directories are scanned.

There are two options available to achieve this:

  • Import a file: Accepted file formats are listed at the end of this article.
  • Link a URL: This is useful if the file is hosted so you can be sure the latest file is always used (e.g. API definitions hosted on the target’s URL or another URL).

NOTE: Linked URLs are accessed by the engine. This means the engine or internal agent (if using one for the target) needs to have access to any linked URLs.  

How to add import files/API definitions to a target

Import files/API definitions are applied to individual targets, and a target can have multiple files imported/linked URLs. Follow the instructions below to import a file to a target or link a URL to a target:

  1. Prepare the file(s)/URL(s) that you want to import to a target.
  2. Log in to Acunetix and select Targets from the left-side menu.

  1. Click on the target address that you want to import paths to. The Target Settings page will open.

  1. Scroll down to the Import Files / API Definitions section.
  2. Use your preferred option:
  • Import a file: Click the upload icon in the Choose File field. Locate and select the file you want to import to the target. Your file will upload automatically and be listed in the Import Files / API Definitions section of the Target Settings.
  • Link from a URL: Click Link From URL, enter the URL where your API definitions are hosted, and then select Link API definition. The URL is now listed in the Import Files / API Definitions section of the Target Settings.

TIP: To remove an imported file or URL from a target, click the trash icon next to the item you have imported.

Restricting scans to import files

When importing a file or linking a URL, you can also specify whether scans of the target should be restricted to only the paths contained in your imported or linked file(s).

  • ENABLED: If you enable Restrict scans to import files, then the crawler will add to the scan ONLY the paths listed in the import file, ignoring all other parts of the target.

  • DISABLED: If you disable Restrict scans to import files, then the crawler will crawl the target as usual and use the import file to add other paths listed in the import file, EVEN if no other part of the target links to them (orphaned folders/files).

Illustrative scenario

For example, if you create a target with the URL http://www.example.com and use an import file containing the following data:

  • http://www.example.com/main/sub1/
  • http://www.example.com/extra/sub3/

Then, depending on whether the option Restrict scans to import files is enabled or disabled, you will get the following behavior:

Restrict Option

Will crawl and scan

Will NOT crawl and scan

Enabled

http://www.example.com/main/sub1/

http://www.example.com/extra/sub3/

http://www.example.com/main/sub2/

http://www.example.com/extra/sub1

http://www.example.com/new/

http://www.example.com/

Disabled

http://www.example.com/

http://www.example.com/extra/sub1

http://www.example.com/extra/sub3/

http://www.example.com/main/sub1/

http://www.example.com/main/sub2/

http://www.example.com/new/

Accepted file formats

You can add paths to a target using output from the following tools:

  • Text files with lists of URLs (.txt)
  • Telerik Fiddler: Session archives (.saz)
  • Swagger / OpenAPI: Used to describe RESTful APIs (.json, .yaml, and .yml files)
  • RAML: (.raml)
  • Web Services Definition Files: Used to describe SOAP web services (.wsdl)
  • Burp: Saved items (.xml) and state files
  • Selenium IDE: Scripts used to automatically test web applications (.html and .side)
  • Web Application Description Language: Used to describe restful APIs (.wadl)
  • ASP.NET Web Forms project files (.csproj and .vbproj)
  • Paros log files (.session.data)
  • Postman collections v2 (.json)
  • GraphQL files (.graphql and .json)
  • HTTP Archives: Can be exported from various tools, including developer tools included with major browsers (.har)

NOTE: Currently Acunetix does not support multiple related API files with dependencies/links between them.

« Back to the Acunetix Support Page