Scan Web Applications for SQLI, RXSS, LFI, RFI, CRLF and 25+ more with Invicti Cloud Scanner

Your website security is essential to your online business. Having misconfiguration or not properly hardened your web/application servers can put your web applications at risk.

Thousands of websites get hacked every day and recent research by Invicti shows the top 3 most popular vulnerabilities are XSS, SQL Injection & File Inclusion.


As a website owner or security administrator, you should explore all options to ensure your online business is secure from hackers to avoid business loss and reputation.

In this article, I will explain how you could use the Invicti cloud to scan your website for security vulnerabilities so you can take action before someone else find it.

Following abbreviations are used below: –

  • SQLI – SQL Injection
  • RXSS – Remote Cross-Site Scripting
  • XSS – Cross-Site Scripting
  • LFI – Local File Inclusion
  • RFI – Remote File Inclusion
  • CRLF – Carriage Return and Line Feed

Let’s get it started…

Create either a TRIAL account or send an email to [email protected] if you are working on Open Source Project.

Once your account is ready, log in with your credential to Invicti Cloud. You will get the beautiful dashboard to set up your web URL to start the scan

  • Click on Scans >> New Scan at the left navigation
  • Enter your website details and click no Save
  • You will need to verify the ownership to avoid the abuse. You may either verify using Email, File upload, HTML tag, or DNS record.
  • Choose the verification method you prefer and click on verify
  • On next window, you will be given an option to configure the scan
  • Go through them and select the one you prefer.
  • Important to select the scope whether you want to scan only entered URL or the whole domain.
  • Once you are done with the configuration, click on Launch
  • Next screen, you will see the scan progress.

Time to take a coffee 🙂

Meanwhile, you can check out some other FREE Online Security Vulnerability Scanner.

Once the scan is started, an email with a link of will also notifies you “scan status view”. So don’t worry if you close the browser. You can always check your email and go to a status page.

  • The scan may take a few hours if you have selected to scan “Whole site” so keep patience. Once a scan is done, an email will notify you.
  • Upon login, you will also see those details in the nice dashboard with severities, vulnerabilities for you to take action.

You can also export the report by following in XML, CSV, PDF, or HTML format.

  • Detailed Scan Report
  • Vulnerabilities List
  • Crawled URLs
  • Scanned URLs

Here is how the executive summary looks like.


Not good, I got to fix them shortly.

How about you? Haven’t you done the scanning yet, go ahead and explore the vulnerabilities and fix them before bad guys find and make your website unavailable?