Creating a Scan

You can navigate to the scan creation page by clicking the ‘Create Scan’ button on the Home screen or the Scans page.

Home screen

Scans screen - No scans created

Scans screen - Existing scans

The scan creation process is divided into 5 main stages:

1. Set target URL stage
2. Configure scan scope stage
3. Authentication information input stage
4. Configure scan control stage
5. Review configuration stage

1. Set Target URL

Enter the URL that will be the starting point of the scan and click the “Discover” button. When you click the button, Xint will verify whether the entered URL is accessible. Once the discovery is complete, you can configure recommended domains to add to the scan scope.

Advanced Settings

Accept Insecure TLS Certificate

Xint’s scan engine validates HTTPS certificates when connecting to a website. If there is an issue with the target website’s TLS certificate, the connection will be blocked for security reasons, causing the scan to fail.

Enabling this option bypasses certificate validation, allowing the scan to proceed despite security warnings.

When to enable this option

• Self-signed certificates: The certificate was not issued by a trusted Certificate Authority (CA).
• Expired certificates: The certificate has exceeded its validity period.
• Certificate hostname mismatch: The certificate’s domain does not match the target URL.

User Agent

You can set the User Agent header that Xint uses when sending HTTP requests during a scan.

This can be useful for testing with a mobile browser’s User Agent or inserting a specific string for server log identification.

HTTP Basic Authentication

If HTTP Basic Authentication is required to access the site, enable this option.

• Origin: If multiple URLs require Basic Authentication, set this value to cover all URLs that need authentication.

Vulnerability Category Settings

You can configure the vulnerability categories to be detected during the scan. Use this option when you want to scan for only specific vulnerability categories.

This option is disabled by default, in which case all vulnerability categories will be scanned.

Proxy Configuration

You can specify a Proxy URL to route all scan traffic through the configured proxy.

This option is useful when you need to perform scans against targets that are only accessible within internal networks or restricted environments.

2. Configure Scan Scope

After target URL verification is complete, you need to specify the scope of the scan that Xint will perform through scan scope settings. Since Xint only scans URLs within the scan scope, please configure the scan scope appropriately for your situation.

A recommended scan scope list based on the target URL is provided, and default values are automatically added.

Caution

• The scan scope must have at least one item.
• You can also allow scanning only for narrower areas by entering a Path.
  • e.g., example.com/api
  • If no Path is provided, scanning is performed on all Paths by default.
• Wildcard(*) can only be used to include all subdomains.
  • ✅ *.example.com
  • ❌ example*.com
  • ❌ example.com/*
• Since URL Schemes like http and https are added internally by Xint when creating a scan, please enter values excluding the URL Scheme in the scan scope stage.

3. Scan Authentication Information

No Authentication Required

If the site does not require separate authentication for scanning, select “Public Access” and proceed to the next step.

Authentication Required

Click the “Add Credential” button in the “Authenticated” tab to enter credentials.

• Assign a name to easily identify the credential.
• Select the permission level that the authentication account has.
• Select the method for entering the authentication information and proceed to the next step.

Enter Credentials

1. Depending on the authentication method required by the site, enter the appropriate ID and password / cookie / local storage information.

2. The AI will attempt to log in using the entered credentials to verify that they are valid. This process may take a few minutes.

3. Verify through the screenshot that the login was completed successfully.

   If the login was successful, click the “Confirm & Use this credential” button. Otherwise, click the “Cancel” button and review the credentials.

   If the login fails despite entering the correct information, please contact us through the in-app support form or at contact@xint.io.

Login Recorder

If the site is difficult to log in with just an ID and password, try the login recording feature.

This feature allows you to directly perform the login process on the site and record it. The recorded process is converted into authentication information that Xint can use.

Caution

• A device with a resolution of 1280 x 778 or higher is required to use the login recording feature.
• Logins that require navigation outside the site, such as SSO, are not supported.

1. When you select login recording, Xint will set up the environment needed for recording. This process may take a few minutes.

2. Once ready, click the “Open Window” button to open the recording popup.

3. Click the “Start Recording” button to proceed with the login, then click the “End Recording” button to finish entering the authentication information.

Once the confirmation of all registered credentials is complete, you can proceed to the next step.

4. Scan Control

Safe Mode

You can configure whether to enable Safe Mode, which prioritizes operational stability.

Caution

Enabling Safe Mode may limit the detection of certain vulnerabilities.

Allowed Scanning Time

If you want to allow scanning only on specific days and during specific time slots, you can control the scan through this setting.

Outside the configured allowed time, the scan will automatically pause, and it will automatically resume when the allowed time arrives.

Click “Customize time” below to set your preferred time. You can configure the schedule in 30-minute increments using drag-and-drop or clicking.

5. Review and Start Scan

Review the entered information, assign a name to your scan, and click the “Start Scan” button at the bottom to initiate the new scan.