Last updated: October 20, 2023
Read time: 2 Minutes
You can use this function to analyze how many static and dynamic URLs a target web application contains, and how many parameters each URL takes. This can help you to assess how much effort penetration testing is likely to involve, and can help you decide where to focus your attention.
To access this feature:
- Go to Target > Site map.
- Select one or more hosts or branches from the site map.
- Right-click and select Engagement tools > Analyze target.
The Target Analyzer dialog contains the following tabs:
- Summary - This shows the total number of dynamic URLs, static URLs, parameters, and unique parameter names. To save the analysis results as an HTML report, click Save report.
- Dynamic URLs - This lists the URLs that accept parameters. The preview pane shows the full request and response for the selected item, and details of the request parameters.
- Static URLs - This lists the URLs that do not accept parameters. The preview pane shows the full request and response for the selected item.
- Parameters - This lists each parameter and shows how many URLs each parameter appears in. To display a list of these URLs, select a parameter. If you then select a URL, you see the full request and response.
- The Target analyzer only analyzes the content already captured within the site map. Make sure that you have fully mapped all the application's content and functionality before you run this function.
- URLs are classified as static if they don't accept any parameters in the URL or message body. However, the responses from these URLs may still be dynamically generated by the application.
Was this article helpful?
An error occurred, please try again.