www.invicti.com
Open in
urlscan Pro
44.194.146.156
Public Scan
Submitted URL: http://r87.me/
Effective URL: https://www.invicti.com/support/hawk-vulnerabilities/
Submission: On April 04 via manual from US — Scanned from DE
Effective URL: https://www.invicti.com/support/hawk-vulnerabilities/
Submission: On April 04 via manual from US — Scanned from DE
Form analysis 1 forms found in the DOM
GET https://www.invicti.com/support/
<form role="search" method="get" id="searchform" action="https://www.invicti.com/support/" __bizdiag="115" __biza="WJ__">
<label class="screen-reader-text" for="s">Search in support</label>
<input type="text" value="" name="s" id="s" placeholder="Search in support">
<button type="submit">
<svg width="19" height="19" viewBox="0 0 19 19" fill="none" xmlns="http://www.w3.org/2000/svg">
<path
d="M16.625 16.625L13.0736 13.0673L16.625 16.625ZM15.0416 8.31254C15.0416 10.0972 14.3327 11.8088 13.0707 13.0708C11.8088 14.3327 10.0972 15.0417 8.31248 15.0417C6.52779 15.0417 4.8162 14.3327 3.55424 13.0708C2.29228 11.8088 1.58331 10.0972 1.58331 8.31254C1.58331 6.52785 2.29228 4.81626 3.55424 3.5543C4.8162 2.29234 6.52779 1.58337 8.31248 1.58337C10.0972 1.58337 11.8088 2.29234 13.0707 3.5543C14.3327 4.81626 15.0416 6.52785 15.0416 8.31254V8.31254Z"
stroke="currentColor" stroke-width="2.08333" stroke-linecap="round" stroke-linejoin="round"></path>
</svg>
</button>
</form>Text Content
Netsparker is now Invicti
Get a demo
AppSec with Zero Noise Get a demo
* Product
* Overview
* Features
* Why Us?
* Solutions
* Industries
* IT & Telecom
* Government
* Financial Services
* Education
* Healthcare
* Roles
* CTO & CISO
* Engineering Manager
* Security Engineer
* DevSecOps
* Comparison
* Case studies
* Customers
* Testimonials
* Plans
* About Us
* Our Story
* In the news
* Careers
* Contact us
* Resources
* Blog
* White Papers
* Webinars
* Resource Library
* Invicti Learn
* Partners
* Channel
* MSSP
* Support
Home / Support / Scans / Introduction to Scan Policies / How Invicti Hawk finds
vulnerabilities
Support
Search in support
Support Categories
* Getting Started
* Introduction
* Glossary
* What is Invicti?
* Invicti Editions
* Quick start guide
* Installation
* Configuring Invicti Enterprise for Linux on Amazon Web Services (Ubuntu)
* Installing Invicti Standard
* Updating Invicti Standard
* Installing and Configuring Invicti Enterprise On-Premises
* Installing Invicti Enterprise On-Premises in Silent Mode
* Security Hardening for Invicti Enterprise On-Premises
* Updating Invicti Enterprise On-Premises
* Migrating data in Invicti Enterprise On-Premises
* Configuring Invicti Enterprise for Amazon Web Services
* Installing Invicti Hawk internally
* Orientation
* Logging in to Invicti
* Navigation in Invicti
* Dashboards
* Introduction to the Dashboards
* Application and Service Discovery
* Application and Service Discovery
* Managing Discovery Service in Invicti Enterprise
* Creating Websites via Discovery Service
* Websites
* Adding a website in Invicti Enterprise
* Importing websites in Invicti Enterprise
* Managing websites in Invicti Enterprise
* Verifying Website Ownership in Invicti Enterprise
* Managing website groups in Invicti Enterprise
* Scans
* Introduction to Scanning
* Overview of Scanning
* Working with Scans
* Managing scans
* Creating a New Scan
* Recent Scans
* Manual Crawling in Proxy Mode
* Excluding Parts of a Website From a Scan
* Excluding and Including Links from the Sitemap After Crawling
* Configuring Additional Websites
* Scanning Applications in an IP Range
* URL Rewrite Rules
* Pre-Request Scripts
* Using business logic recorder
* Scan Time Window
* PCI DSS Scanning in Invicti
* Importing and Exporting Scan Sessions in Invicti Standard
* Reviewing Scan Results and Imported Vulnerabilities
* Scan Groups in Invicti Enterprise
* Scheduling Scans
* Scheduling Scans
* Scan Profiles
* Overview of Scan Profiles
* Introduction to Scan Policies
* Overview of Scan Policies
* Scan Policy Editor
* Configuring Scan Policies
* Scanning Single Page Applications
* Scanning Parameter-Based Navigation Websites
* Scan Policy Optimizer
* Excluding Parameters From a Scan
* Configuring Predefined Web Form Values
* How Invicti Hawk finds vulnerabilities
* Security Checks
* Identifying MongoDB injection vulnerabilities
* Security Checks
* BREACH Attack
* Forced Browsing
* Login Page Identifier
* Malware Analyzer
* WAF Identifier
* Custom Scripts for Security Checks
* Custom Scripts for Security Checks in Invicti Enterprise
* Custom Security Checks via Scripting
* GraphQL Library Detection
* HTTP Request Builder
* HTTP Request Builder
* Command Line Interface
* Command Line Interface
* Authentication
* Configuring Form Authentication in Invicti Standard
* Overview of Authentication
* Configuring and Verifying Form Authentication in Invicti Enterprise
* Form Authentication API
* Custom Scripts for Form Authentication
* Authentication Profiles
* Verifying the Form Authentication Configuration in Invicti Standard
* Configuring Basic, Digest, NTLM/Kerberos and Negotiate Authentication
* Configuring Header Authentication
* Configuring Client Certificate Authentication
* Configuring Smart Card Authentication in Invicti Standard
* Configuring OAuth2 Authentication
* HMAC Authentication via Scripting in Invicti Standard
* Manual Authentication
* Logout Problems
* Logout Detection
* Interactive Logins in Invicti Standard
* Working with Scan Scopes
* Scan Scope
* Excluding file types from a scan
* Issues
* Working With Issues
* Managing Issues
* Viewing Issues in Invicti Enterprise
* Viewing Issues in Invicti Standard
* Generating Exploits for Vulnerabilities in Invicti Standard
* Exporting a Vulnerability to an Issue Tracking System
* Assigning an Issue to Another Team Member
* Disabling the Assigning of Issues in Invicti to the Code Committer
* Viewing the HTTP Request and Response of an Issue
* Updating the Status of an Issue in Invicti Enterprise
* Tagging in Invicti Enterprise
* Technologies
* Technologies dashboard
* Viewing Recent Technologies
* Explanations
* Error messages in scan failures
* Invicti Licensing
* Filtering in Invicti Enterprise
* Fingerprinting Libraries
* How Invicti approaches to FIPS
* Performance Analysis in Invicti
* Stages of Scanning
* Scanning Production Environments
* Vulnerability Editor in Invicti
* Web Application Security Scanning Flow
* How Invicti identifies Out-of-date Technologies
* Troubleshooting Inconsistent Web Security Scan Results
* Vulnerability Severity Levels
* FAQ
* How Does Invicti Licensing Work?
* Log4J FAQ
* Tutorials
* Detecting Log4j vulnerability with Invicti
* Team Management
* Introduction to Team Management
* Managing members in Invicti Enterprise
* Managing teams in Invicti Enterprise
* Managing roles in Invicti Enterprise
* User Permissions
* Viewing your roles and teams
* Activity Logs
* Configuring user mappings
* Configuring roles in Invicti Enterprise
* Settings
* Introduction to Settings
* Overview of Options in Invicti Standard
* Overview of Settings in Invicti Enterprise
* Configuring Settings
* General Settings
* Encryption Settings
* Configuring Login Warning Banner
* Single Sign-On Settings
* Authentication Verifier Settings
* Security settings
* Database settings
* Email settings
* SMS Settings
* Service Credentials settings
* IP Restrictions Settings
* Licensing settings
* Cloud Provider Settings
* Options
* Advanced
* Send To Actions
* Logging
* Invicti Assistant
* Enterprise Integration
* Proxy
* Internal Proxy
* Scan Policy
* Auto Update
* Storage
* General
* Notifications
* Introduction to Notifications in Invicti Enterprise
* Introduction to Notifications in Invicti Enterprise
* Configuring Notifications in Invicti Enterprise
* Creating notifications
* Configuring the User Profile for Notifications
* Managing Notifications
* Managing Notification Priorities
* Previewing Notifications
* Configuring Notifications to Report Vulnerabilities to an Issue Tracking
System
* Integrations
* Introduction to Integrations
* Integrating Invicti into Your Vulnerability Management System
* Integrating Invicti Enterprise into Your Existing SDLC
* Issue Tracking Systems
* Integrating Invicti Enterprise with Jira
* Integrating Invicti Enterprise with ServiceNow Incident Management
* Integrating Invicti Enterprise with DefectDojo
* Integrating Invicti Enterprise with Jazz Team Server
* Integrating Invicti Enterprise with Pivotal Tracker
* Integrating Invicti Enterprise with Splunk
* Integrating Invicti Enterprise with YouTrack
* Integrating Invicti Enterprise with Freshservice
* Integrating Invicti Enterprise with GitLab Issues (Issue Tracking)
* Integrating Invicti Enterprise with Bitbucket
* Integrating Invicti Enterprise with Azure Boards
* Integrating Invicti Enterprise with Unfuddle
* Integrating Invicti Enterprise with Shortcut
* Integrating Invicti Enterprise with TFS
* Integrating Invicti Enterprise with PagerDuty
* Integrating Invicti Enterprise with GitHub
* Integrating Invicti Enterprise with Kenna
* Integrating Invicti Enterprise with Kafka
* Integrating Invicti Enterprise with Bugzilla
* Integrating Invicti Enterprise with Redmine
* Integrating Invicti Enterprise with FogBugz
* Project Management
* Integrating Invicti Enterprise with Trello
* Integrating Invicti Enterprise with Asana
* Integrating Invicti Standard with Trello
* Integrating Invicti Standard with Asana
* Continuous Integration Systems
* Integrating Invicti Enterprise with GitHub Actions
* Integrating Invicti Enterprise with UrbanCode Deploy
* Integrating Invicti Enterprise with the TeamCity Plugin
* Integrating Invicti Enterprise with Travis CI
* Integrating Invicti Enterprise with CircleCI
* Installing and Configuring the Invicti Enterprise Scan TeamCity Plugin
* Integrating Invicti Enterprise with Azure Pipelines
* Integrating Invicti Enterprise with GitLab CI/CD
* Integrating Invicti Enterprise with the Jenkins Plugin
* Accessing Continuous Integration Details in the Scan Report
* Integrating Invicti Enterprise with the Bamboo Plugin
* Viewing Continuous Integration Information in the Status Window
* Viewing Continuous Integration Information in the Issues Window
* Communication
* Integrating Invicti Enterprise with Mattermost
* Integrating Invicti Enterprise with Microsoft Teams
* Integrating Invicti Enterprise with Slack
* Single Sign-On Providers
* Configuring Azure Active Directory Integration with SCIM
* Configuring Okta Integration with SCIM
* Troubleshooting SSO Issues
* Configuring SAML-Based Single Sign-On Integration
* Configuring Okta Single Sign-On Integration with SAML
* Configuring Microsoft Active Directory Federation Services Integration
with SAML
* Configuring Ping Identity Single Sign-On Integration with SAML
* Configuring Google Single Sign-On Integration with SAML
* SAML Authentication Services
* Configuring PingFederate Single Sign-On Integration with SAML
* Configuring Azure Active Directory Integration with SAML
* Send To Actions
* Integrating Invicti Standard with Jazz Team Server
* Integrating Invicti Standard with Pivotal Tracker
* Integrating Invicti Standard with Kenna
* Integrating Invicti Standard with YouTrack
* Integrating Invicti Standard with Freshservice
* Integrating Invicti Standard with Webhooks
* Integrating Invicti Standard with TFS
* Integrating Invicti Standard with Zapier
* Integrating Invicti Standard with Unfuddle
* Integrating Invicti Standard with GitHub
* Integrating Invicti Standard with GitLab
* Integrating Invicti Standard with Jira
* Integrating Invicti Standard with Email
* Integrating Invicti Standard with Bugzilla
* Integrating Invicti Standard with Shortcut
* Integrating Invicti Standard with FogBugz
* Integrating Invicti Standard with Microsoft Teams
* Integrating Invicti Standard with Redmine
* Integrating Invicti Standard with Azure Boards
* Integrating Invicti Standard with Bitbucket
* Configuring the User Interface for Custom Send To Actions in Invicti
Standard
* Configuring Auto Send To Actions in Invicti Standard
* Configuring Integrations
* Integrating Invicti Standard with Invicti Enterprise
* XML Report and Vulnerability Mapping in Invicti Standard
* Integrating Invicti Standard with Jenkins
* Integrating Invicti Standard with GoCD Automation Server
* Managing Integrations
* Integrating Invicti Enterprise with an issue tracking system
* Secret and Encryption Management
* Integrating Invicti Enterprise with Azure Key Vault
* Integrating Invicti Enterprise with CyberArk Vault
* Integrating Invicti Enterprise with HashiCorp Vault
* API
* Integrating Invicti Enterprise with Webhooks
* Integrating Invicti Enterprise with Zapier
* Reports
* Introduction to Reports
* Overview of Reports
* Types of Reports
* OWASP Top Ten 2021 Report
* OWASP API Top Ten 2019 Report
* NIST SP 800-53 Compliance Report
* DISA STIG Compliance Report
* ASVS 4.0 Compliance Report
* F5 BIG-IP ASM WAF Rules Report
* WASC Threat Classification Report
* ModSecurity WAF Rules Report
* Trend Matrix Report
* OWASP Top Ten 2017 Report
* Executive Summary Report
* Knowledge Base Report
* Comparison Report
* SANS Top 25 Report
* PCI DSS Compliance Report
* OWASP Top Ten 2013 Report
* ISO 27001 Compliance Report
* HIPAA Compliance Report
* Detailed Scan Report
* Technical Report
* Report Templates
* Lists
* Custom Reports
* Built-In Reports
* Web Application Firewall Reports
* Generating FortiWeb WAF Rules from Invicti Standard
* Generating Imperva SecureSphere WAF Rules from Invicti Standard
* Generating Cloudflare WAF Rules from Invicti Standard
* Generating Amazon Web Services WAF Rules From Invicti
* Generating F5 BIG-IP Application Security Manager WAF Rules From Invicti
Standard
* Web Application Firewall Support in Invicti
* Generating ModSecurity WAF Rules from Invicti Standard
* Working with Reports
* Overview of Report Policies
* Custom Report Policies
* Chart Reports
* Knowledge Base Nodes
* Invicti Shark Node
* Software Composition Analysis (SCA) Node
* Crawling Performance Node
* Web Services (SOAP) Node
* Web Pages With Inputs Node
* URL Rewrite Node
* SSL Node
* Site Profile Node
* Slowest Pages Node
* Scan Performance Node
* REST APIs Node
* Proofs Node
* Out of Scope Links Node
* Not Founds Node
* MIME Types Node
* JavaScript Files Node
* Interesting Headers Node
* Incremental Scan Node
* Google Web Toolkit Node
* Form Validation Errors Node
* File Extensions Node
* External Scripts Node
* External Frames Node
* External CSS Files Node
* Embedded Objects Node
* CSS Files Node
* Comments Node
* Attack Possibilities Node
* AJAX/XML HTTP Requests Node
* Email Addresses Node
* Cookies Node
* Knowledge Base Nodes
* Your Account
* Account Options
* Early Access
* Account
* License
* What’s New
* About
* Managing Your Account Settings and Password
* API Overview
* Two-Factor Authentication
* Invicti Shark (IAST and SCA)
* Deploy Invicti Shark
* Configuring Invicti IAST Bridge
* Deploying Shark (IAST) in Invicti Enterprise On-Premises
* Deploying Shark (IAST) in Invicti Enterprise On-Demand
* How Invicti Shark enriches vulnerability reports
* Analyzing software composition with Invicti Shark (IAST)
* Shark for PHP
* Deploying Invicti Shark for PHP - Docker
* Deploying Invicti Shark for PHP - AWS Elastic Beanstalk
* Deploying Invicti Shark for PHP
* Shark for Java
* Deploying Invicti Shark (IAST) for JAVA - Windows (Jetty 10.0.10 + WAR
file)
* Deploying Invicti Shark (IAST) for JAVA - Linux (WebSphere + WAR file)
* Deploying Invicti Shark (IAST) for JAVA - Windows (Wildfly 26.1.1.Final
Standalone + WAR file)
* Deploying Invicti Shark (IAST) for JAVA - Linux (Wildfly 26.1.1.Final
Standalone + WAR file)
* Deploying Invicti Shark (IAST) for JAVA - Windows (JBOSS 7.4 Standalone +
WAR File)
* Deploying Invicti Shark agent for Java websites
* Deploying Invicti Shark agent for Java - Windows
* Deploying Invicti Shark agent for Java - Ubuntu Linux
* Deploying Invicti Shark agent for Java - Centos 8.1 and RHEL 8.1
* Deploying the Shark agent for Java - Docker Generic
* Deploying Invicti Shark agent for Java - Docker Spring Boot
* Deploying the Shark agent for Java - Docker and WAR File
* Scanning an application in AWS Elastic Beanstalk using Invicti Shark for
Java
* Shark for .NET
* Deploying Invicti Shark for .NET - AWS Elastic Beanstalk
* Deploying Invicti Shark agent for .NET Core
* Deploying Shark for .NET in Invicti Enterprise On-Premises
* Deploying Shark for .NET in Invicti Enterprise On-Demand
* Shark for Nodejs
* Deploying Invicti Shark for Node.js
* Deploying Invicti Shark (IAST) for Node.js - Docker
* Deploying Invicti Shark agent for Node.js - AWS Elastic Beanstalk
* Agents
* Scanner Agents
* Internal agents version
* Installing a scanner agent via dockerization
* Installing scanner agent via OpenShift
* Agents in Invicti Enterprise On-Premises
* Internal Agents in Invicti Enterprise
* Installing scanner agents on Windows
* Malware Analysis with ClamAV in Invicti Enterprise
* Installing a scanner agent on Linux (Debian Distribution)
* Installing a scanner agent on Linux (RedHat Distribution)
* Configuring internal agents for secrets management services
* Authentication Verifier Agents
* Managing Authentication Verifier Agents in Invicti Enterprise
* Installing Authentication Verifier Agents
* Installing Authentication Verifier Agent on Linux (Debian Distribution)
* Installing Authentication Verifier Agent on Linux (RedHat Distribution)
* Scanning APIs
Scans
HOW INVICTI HAWK FINDS VULNERABILITIES
This document is for:
Invicti Standard, Invicti Enterprise On-Premises, Invicti Enterprise On-Demand
Hawk is the infrastructure the Invicti web application security scanner uses to
detect Server Side Request Forgery (SSRF), and all other kinds of blind,
asynchronous and second order vulnerabilities that require data to be sent over
out-of-band channels.
> For more information on what Invicti Hawk does, why it was built, and the
> types of vulnerabilities it finds, watch as Invicti’s former CEO Ferruh
> Mavituna talks about it on Paul’s Security Weekly #506. Ferruh explains in
> detail how Hawk can find out-of-band vulnerabilities and why it uses DNS
> lookups to determine if the target web application is vulnerable.
>
> https://www.youtube.com/watch?v=yGiAX_irw04
WHY USE INVICTI HAWK?
Most common types of SQL Injection, Cross-site Scripting and similar
vulnerabilities can be detected fairly easily. The scanner sends a request to
the target web application. Once a response is received, it analyses this
response to determine whether the target is vulnerable. For example a typical
SQL Injection vulnerability can be identified from an error message or content
changes in the response, or the time the page takes to load.
Not all vulnerability detection, however, is as straightforward.
* For example, if the request sent to the web application is queued and
processed by another block of asynchronous code – even if the code that’s
processing the input is vulnerable to SQL Injection – there won’t be any
error messages, content differences, or time load differences in the
response.
* To detect vulnerabilities like this, the scanner forces the code to respond
via a different communication channel (‘out-of-band’).
* Invicti Hawk is the intermediary server (the different communication channel
that will receive these signals). The scanner communicates with it to confirm
these types of vulnerabilities.
WHAT VULNERABILITIES DOES INVICTI HAWK DETECT?
Invicti Hawk also finds vulnerabilities that benefit from out-of-band detection,
or can be only detected with this way, including the following:
* Out-of-Band SQL Injection
* Out-of-Band Remote File Inclusion
* Out-of-Band Code Injection
* Out-of-Band Code Evaluation
* XML External Entity (XXE) Injection
* Server-side Request Forgery (SSRF)
* Blind Cross-site Scripting
* Log4j vulnerability
HOW DOES INVICTI HAWK WORK?
This is how Invicti works.
1. During a web security scan, Invicti generates a custom hash and uses it in
the attack payload. For example, it sends the following request to the
target web application:
https://example.com/fetch?id=13&url=rc0shnxclpkdrp9oy-nibgsbz7u5ibyjddtzp0rezw4.r87.me/r/
2. If the target web application is vulnerable, it tries to resolve the URL by
contacting our DNS server.
3. On receiving the request, the DNS server hashes it and sends it to the
database server, together with the type of the request. For example:
d057a29eb9d43456054ff79b421c36a1d0678768bb7b01adae2f8b025add6df8, DNS
4. Next, the Invicti scanner queries the Hawk server, which checks with the
database server for the hashed record.
5. Once the scanner receives the hashed value, it applies the same hashing
algorithm to the local data that the DNS server used. If both the hashes of
the scanner and the DNS server match, it means that the target web
application is vulnerable. Invicti can confirm the vulnerability.
SECURITY AND SENSITIVE DATA
Invicti’s highly accurate approach to finding and confirming vulnerabilities
means that we are able to confidently confirm vulnerabilities. However, while
using this approach, none of our servers log any sensitive data about
vulnerabilities or about the target web application.
Tweet Share Share Email
Top Articles
What is Invicti?
Overview of Scan Policies
Scheduling Scans
Managing Integrations
Built-In Reports
INVICTI HELP CENTER
Our Support team is ready to provide you with technical help.
Go to Help Center This will redirect you to the ticketing system.
In this topic
1. Why use Invicti Hawk?
2. What vulnerabilities does Invicti Hawk detect?
3. How does Invicti Hawk work?
Invicti Security Corp
1000 N Lamar Blvd Suite 300
Austin, TX 78703, US
© Invicti 2023
* RESOURCES
* Features
* Integrations
* Plans
* Case Studies
* Advisories
* Invicti Learn
* USE CASES
* Penetration Testing Software
* Website Security Scanner
* Ethical Hacking Software
* Web Vulnerability Scanner
* Comparisons
* Online Application Scanner
* WEB SECURITY
* The Problem with False Positives
* Why Pay for Web Scanners
* SQL Injection Cheat Sheet
* Getting Started with Web Security
* Vulnerability Index
* Using Content Security Policy to Secure Web Applications
* COMPANY
* About Us
* Contact Us
* Support
* Careers
* Resources
* Partners
© Invicti 2023
* Legal
* Privacy Policy
* California Privacy Rights
* Terms of Use
* Accessibility
* Sitemap
By using this website you agree with our use of cookies to improve its
performance and enhance your experience. More information in our Privacy Policy.
OK
Feedback