Scan Profiles
Configure scan intensity and scope for different use cases.
Built-in Profiles
Quick
~5-10 minutesFast surface-level scan for rapid feedback.
- • Basic vulnerability checks
- • Top 20 attack vectors
- • Ideal for: PR checks, frequent testing
Standard
RecommendedComprehensive testing for most applications.
- • Full vulnerability coverage
- • Smart crawling and discovery
- • ~30-60 minutes
- • Ideal for: Regular security testing
Deep
~2-4 hoursExhaustive analysis for critical applications.
- • Maximum payload coverage
- • Extended fuzzing and enumeration
- • Business logic testing
- • Ideal for: Pre-release, compliance
Custom Profiles
Create custom profiles for specific needs:
{
"name": "API Only",
"description": "Focus on API endpoints",
"settings": {
"crawl_depth": 3,
"max_requests_per_second": 10,
"timeout": 30,
"follow_redirects": true
},
"modules": {
"enabled": ["sqli", "idor", "auth_bypass", "api_security"],
"disabled": ["xss", "csrf"]
},
"scope": {
"include": ["/api/*"],
"exclude": ["/api/health", "/api/version"]
}
}Profile Settings
| Setting | Description | Default |
|---|---|---|
| crawl_depth | Max link depth to crawl | 5 |
| max_requests_per_second | Rate limit for requests | 20 |
| timeout | Request timeout in seconds | 30 |
| safe_mode | Avoid potentially disruptive tests | false |
Using Profiles
Specify a profile when creating scans:
# Using built-in profile
hackerbot scan --target https://example.com --profile deep
# Using custom profile
hackerbot scan --target https://example.com --profile "API Only"