Entrypoint URL
The entrypoint URL tells the scanner where it should start all of it's crawling and scanning from. Most often this will be the root of your web application. Which in our example would be http://178.79.154.6/
. Please note, the entrypoint is not a sub-path of the web app- it should end with a /
, which you should include if you want the full application to be scanned.
There are times when you won't want to scan from the root of the application, instead you might want to scan a subset. For example, when you have multiple applications running on the same target, but which live at different paths. For our example:
http://178.79.154.6/DVWA/
http://178.79.154.6/MyOtherApp/
http://178.79.154.6/SecretApp/
In this case, you would want to add 3 separate authentications each using one of the paths in the list.
Logout URL
The easiest way to find this would be to login to the application and find the Logout button on your page (it may say Log Out
or Sign Out
or something similar). If you hover over the button you'll see the Logout URL in in the bottom of your page, you can also right click and 'Save link address', then paste into Intruder.