1. Home
  2. Docs
  3. Support
  4. Scans
  5. Starting a New Scan (Single Target)

Starting a New Scan (Single Target)

After logging you’ll be located at Kayran Dashboard , the Platform’s main page, in the left part is the main menu, please enter the “Scan” section and click on “New Scan” :

Inside the Start a New Scan window, you can observe all of the options you have in order to set and modify your scan :

In the displayed screen, you may start a New Scan.

Note : Remember to adjust any Modifiers before initiating the Scan.

Crawler tab modifiers –

Kayran is capable of ingesting HAR files to perform deeper crawling activity against your web assets.

HAR – short for HTTP Archive, is a format used for tracking information between a web browser and a website, doing so, will “Assist” Kayran in performing a more efficient Scan.

How to Export an HAR file?

Using Enumeration – by enabling it, Kayran will begin “Brute Forcing”, overloading the server and will start “Inserting” random Parameters and Paths for testing,

Pay attention – enabling Enumeration will Significantly extend the Scan time.

The “Level Deep” gauge is responsible for determining the depth of the Scan in the website, or in other words, how many files and directories related to it will be scanned.

By using the “Single Scan” option only the given page will be scanned, without taking into account other pages related to it, doing so, will disable the “Crawler”.

Settings tab modifiers –

If there is a need to use a certain Login Profile or\and a proxy you can pick the setup that you want in the Settings window, please make sure to load the Login Profile (you created via the “Login Authentication” section).

Proxy (you created via the “Proxy” section).

And Project (you created via the “Projects” section).

Controlling the Speed affects Kayran’s behavior during the Scan, we recommend leaving “Auto Speed” enabled since Kayran will calculate resources Dynamically, and “Shift down” respectively.

Advanced tab modifiers –

The Advanced screen gives you the option to use more advanced features that Kayran possess such as :

  • Using a crafted header in your scan.
  •  Adding an API Target in order to test the APIs your web assets are connected to (please notice that this isn’t scanning the URLs as a target, this allows Kayran to test vulnerabilities between your web asset to the API it’s communicating with).
  • Excluding specific Path or File, so that the Scan will leave them out.
  • You can also use the “Schedule” option, which allows you to create a pre-scheduled scan, based on your preferences.

If you would like to schedule your scan, make sure to turn the “Schedule” option on and pick your desired scan periods.

Note : if we’ll enter a negative time coefficient (0 or <0) the scan will not be initialized

You also have the option of adding new Headers, Excluded Domains and New API Targets (by clicking on the “ + ” next to it) :