To start with AmourZero's Vulnerability Scanner, simply add a domain that you intend to find any possible weaknesses and vulnerabilities in that web application.
Step 1: Add a domain
1. Go to left menu and select Domains under MANAGE section.
Notes: Depending on your plan, you can add more than 1 domain.
2. Click "Add Domain" and add the domain with https:// or http:// that you intend to scan for vulnerability. You have to read the procedure carefully as this scan is a simulation of attacks in order to identify possible vulnerabilities in your domain.
3. Click on the acknowledgement box and "Add Domain" once you confirmed.
Step 2: Verify domain
After you add a domain, you need to verify that you are the owner or authorised domain admin before the scan is allowed to execute.
1. Click on the three dots action icon on the domain that you intend to scan, select "Verify Domain".
2. There are 2 methods to verify the domain.
Verify Over HTTP/HTTPS
a. An unique verification token will be automatically create for you.
b. Use a Text Editor or Notepad to create a file named based on the unique verification token provided.
c. Upload the file to your web server.
Verify Over DNS Record
a. An unique verification token will be automatically create for you.
b. Create a new DNS Record with the unique verification token provided.
3. Accept the terms and conditions and click "Verify Domain" once you confirmed.
Step 3: Check domain verification status
1. If step 2 is successfully completed and done, the status will be automatically changed to Verified as ArmourZero's ScoutTwo will automatically reach out to the domain to verify the permission and authorisation before perform the automated penetration assessment to the web application.
You can trigger the automated penetration assessment scan once the domain verified. However the time to complete the scan depending on the size of web application
Notes: If the status remain Pending Verification, please check again the Step 2 especially on the unique verification token.