Running a Scan

Starting from the Asset’s configuration, adjust any settings you want to apply only to this scan, then set the per-scan values and run the scan.

1. Asset configuration

Choose the Asset you want to scan. Review the target site settings stored on the Asset and, if needed, update them directly — your changes are saved back to the Asset.

Before you move on to the next step, Xint first checks whether it can reach the target URL. Once reachability is confirmed, you can continue to the next step.

2. Scan settings

The following Asset settings can be applied differently for just this scan. If you don’t change them, the scan uses the Asset’s settings; any changes you make here only apply to this scan.

• Scan scope: Narrow or widen the domain scope tested in this scan.
• Vulnerability Categories: Adjust which vulnerability categories are tested in this scan.
• Allowed Scanning Time: Override the allowed scanning window for this scan only.

For details on what each option means and how to fill it in, see Creating an Asset.

The Target URL and Target Options can’t be changed at scan creation time. To change those values, edit the Asset directly.

3. Authentication

When no authentication is required

If the site doesn’t need any authentication to be scanned, select “Public Access” and move on to the next step.

When authentication is required

Click the “Add Credential” button under the “Authenticated” tab to enter credentials.

• Give the credential a name so you can easily identify it.
• Choose the permission level the authenticated account holds.
• Pick how you want to enter the credential and move on.

Enter credentials

1. Depending on the authentication method the site uses, enter the appropriate ID and password / cookies / local storage values.

2. Xint’s AI will attempt to log in with the credentials to verify them. This may take a few minutes.

3. Use the screenshot to confirm that login succeeded.

   If login looks correct, click “Confirm & Use this credential”. Otherwise, click “Cancel” and review the credential.

   If login fails even though the credentials are correct, please reach out via the in-app support form or contact@xint.io.

Login Recorder

For sites where login can’t be completed with just an ID and password, try the login recording feature.

With this feature, you perform the login yourself in a recorded session, and Xint converts that recording into credentials it can use.

Caution

• The login recording feature requires a device with a resolution of at least 1280 x 778.
• Logins that navigate outside the site, such as SSO, are not supported.

1. When you choose login recording, Xint sets up the environment needed for recording. This may take a few minutes.

2. When everything is ready, click the “Open Window” button to open the recording popup.

3. Click the “Start Recording” button to perform the login, then click the “End Recording” button to finish entering the credential.

The more accounts you register with varied permission levels, the more vulnerabilities Xint can find.

Once you’ve reviewed every registered credential, you can move on to the next step.

4. API Document (optional)

If you upload an OpenAPI document for the service you’re scanning, Xint can learn the endpoint structure, parameters, and authentication scheme in advance — leading to broader and more accurate results.

The upload is optional; you can start a scan without one.

5. Scan mode

Safe Mode

You can choose whether to enable Safe Mode, which prioritizes operational stability.

Caution

Enabling Safe Mode may limit the detection of certain vulnerabilities. We recommend using this option only in live production environments where stability is critical.

6. Review & Create

Review the values you entered in the previous steps. When you’re done, click the “Start Scan” button at the bottom to start the scan.

A new scan enters the Queued state and transitions to Running as soon as a slot frees up.