Creating a Scan

You can navigate to the scan creation page by clicking the ‘Create Scan’ button on the Home menu or the Scans menu.

Home menu

Scans menu - without scans

Scans menu - with scans

The scan creation process is divided into 4 main stages:

1. Set target URL stage
2. Configure scan scope stage
3. Authentication information input stage
4. Review configuration stage

Scan Target URL

Enter the URL that will be the starting point of the scan and click the ‘Discover’ button. When you click the button, Xint will verify whether the entered URL is accessible.

Advanced Settings

Accept Insecure TLS Certificate

Xint’s scan engine validates HTTPS certificates when connecting to a website. If there is an issue with the target website’s TLS certificate, the connection will be blocked for security reasons, causing the scan to fail.

Enabling this option bypasses certificate validation, allowing the scan to proceed despite security warnings.

When to enable this option

• Self-signed certificates: The certificate was not issued by a trusted Certificate Authority (CA).
• Expired certificates: The certificate has exceeded its validity period.
• Certificate hostname mismatch: The certificate’s domain does not match the target URL.

Proxy Configuration

Caution

This feature is currently experimental and may cause unexpected issues during use.

You can specify a Proxy URL to route all scan traffic through the configured proxy.

This option is useful when you need to perform scans against targets that are only accessible within internal networks or restricted environments.

Configure Scan Scope

After Target URL analysis is complete, you need to specify the scope of the scan that Xint will perform through scan scope settings. Since Xint only scans URLs within the scan scope, please configure the scan scope appropriately for your situation.

A suggested scan scope based on the target URL is provided, and default values are automatically added.

Caution

• The scan scope must have at least one item.
• You can also allow scanning only for narrower areas by entering a Path.
  • e.g., example.com/api
  • If no Path is provided, scanning is performed on all Paths by default.
• Wildcard(*) can only be used to include all subdomains.
  • ✅ *.example.com
  • ❌ example*.com
  • ❌ example.com/*
• Since URL Schemes like http and https are added internally by Xint when creating a scan, please enter values excluding the URL Scheme in the scan scope stage.

Scan Authentication Information

Public Pages Only

Authentication Needed

Please enter the authentication information required for the scan.

For sites that do not require authentication, please skip this stage.

Supported Authentication Types

• Login Credentials: ID and password used for login
• Cookie Credentials: Cookie values used for website authentication
• Local Storage Credentials: Key, Value stored in browser Local Storage

Review Configuration

You can review the information provided for the scan and proceed to configure the report settings.

• Scan Name: Assign a name to your scan so that it can be easily identified. By default, the scan’s Target URL is used as the name.
• Report Language: Set the language for the final generated report. By default, the language configured for your organization will be used.

Finally, review the entered information. Once confirmed, click the ‘Start Scan’ button below to initiate the new scan.