Start Scan

It is used to resume a session (once paused)

Pause Scan

It is used to pause a session

Close Session

It is used to stop and abort a session

Threads #

This option allows you to control the number of simultaneous threads to be used within the engine (we do not recommend going much above the default limit as more computing resources will be needed and it may degrade the overall performance)

JS Behavior

Controls how N-Stalker's engine behavior against javascript code:

Allow External JS Request

Allow N-Stalker to request remote javascript code from external websites if a "script" reference is found

Process JS Events

Allow N-Stalker to process inline events such as "onLoad" and "onClick"

Parse Options

Controls what kind of technologies will be parsed by N-Stalker's engine:

Max URL Pages

Maximum number of web pages (URLs) to be crawled

Max Entries Per Node

Maximum number of variations per node (web pages). Variations can be, for example: /index.php?page=2 and /index.php?page=1

Max Depth

Maximum directory depth level to be crawled

Spider Black & White List

This option allows you to modify Spider's Black and White list within scan session. It also gives you the ability to check the effectiveness of your filters by comparing "hit statistics". See more details on Spider Filters/Rewrite

Manage Current Sessions

This option allows you to manage (view,edit,delete,add) all session tokens available during the scan session (cookies).

Encode URI (IDS)

Encode the requested URI using stealth techniques (such as localization, hexa-encoding, meta-characters inclusion, directory de-normalization). This can be useful if you want to test an Intrusion Detection/Prevention system.

Timeout

Set HTTP communication timeout.

Timeout Retries

Set the number of timeout attempts before giving up the entire request
(TCP timeout)

Reset Retries

Set the number of reset attempts before giving up the entire request
(TCP reset)

No Debug Enabled

HTTP Communication will not be stored. Debug is disabled.

Save Headers Only

Save all HTTP communication headers, including request and response headers. User will be asked for a file location to save information.

Save Header & Body

Save all HTTP communication, including request and response (headers and body). User will be asked for a file location to save information.

Disable Automatic 404 Filter

Disable automatic false-positive detection for non-standard "Not Found" responses (sometimes they do not carry HTTP 404 status code). This might be useful if you have detected a misbehavior in the automatic filter.

Disable Extension Filter

N-Stalker has an automatic false-positive detection filter to every available file extension within the application. This option will disable this filter -- you may use if you have detected a misbehavior in the automatic detection.

Ignore Server String

N-Stalker detects different web servers by they provided server string. Sometimes web servers might follow a strange behavior of providing different strings for every request, causing N-Stalker to generate a huge amount of detected servers. You may use this option to avoid this misbehavior.

FP Keyword Filter

This option allows you to manage False-Positive Keyword Filter (view,add,edit,delete), including comparing "hits statistics" to measure filter effectiveness. See more details on False Positive Options.