Netsparker / Invicti scanner
Netsparker, rebranded as Invicti, is a commercial dynamic application security testing (DAST) scanner. It crawls a target web application and actively tests inputs for vulnerabilities such as injection and misconfiguration, producing a security report. It is a security-testing tool meant to be run against your own sites with authorization, not a search engine, and its traffic looks like aggressive crawling plus probe requests.
What this means
Invicti (formerly Netsparker) is a dynamic application security testing platform. It crawls an application to map its surface, then sends crafted requests to detect vulnerabilities like SQL injection, cross-site scripting, and misconfiguration, confirming findings where possible.
This is active security testing, intended to be run with authorization against applications you control. It is not a search engine and not benign content crawling — it deliberately probes inputs.
How it identifies itself
Netsparker/Invicti scans typically carry a configurable scanner user-agent referencing the product, which security teams often set explicitly so scans are recognisable in logs. Match on the documented scanner identity and the probe pattern rather than assuming a fixed string.
Because the user-agent is configurable and can be copied, treat it as a claim. An authorized scan should correlate with a test you scheduled.
- Operator: Invicti (formerly Netsparker) DAST scanner
- Behaviour: crawl plus active vulnerability probing
- User-agent is configurable; correlate with authorized scans
robots.txt considerations
A security scanner you run is usually configured to ignore robots.txt so it can test the whole application. robots.txt therefore is not a reliable way to limit an authorized scan, and it certainly will not stop an unauthorized one — robots.txt is a request to compliant crawlers, not an access control.
If you see scan traffic you did not authorize, treat it as a security event rather than a robots.txt question.
How it appears in analytics and logs
An Invicti/Netsparker pattern means a DAST scanner crawled and probed your application for vulnerabilities. If you authorized it, it is expected security-testing traffic; if not, it warrants investigation. Either way it is bot traffic, not a human visit or a search-index crawl.
Diagnostic use case
Recognise an Invicti/Netsparker security scan in logs, confirm it is an authorized test of your own application, and distinguish DAST scanning from search indexing or hostile probing.
What WebmasterID can help detect
WebmasterID classifies Netsparker/Invicti scan traffic server-side as security-scanning bot activity and surfaces it on the bot-intelligence surface, so authorized (or unexpected) scans stay separate from human analytics.
Common mistakes
- Assuming robots.txt will stop a DAST scanner — authorized scans typically ignore it.
- Mistaking your own authorized security scan for a hostile attack, or vice versa.
- Counting scanner probe requests as human visits in analytics.
Privacy and accuracy notes
Identification uses only the request user-agent and scan pattern. No visitor identity is involved. WebmasterID records the activity as a bot event, separate from human analytics, and never attaches it to a profile.
Related pages
- SSL Labs / Qualys SSL scanner
SSL Labs is a free TLS/SSL assessment service from Qualys that probes a server's HTTPS configuration — protocols, ciphers, certificate chain, and known vulnerabilities — and produces a letter-grade report. It runs on demand when someone tests a hostname, connecting to the public HTTPS endpoint rather than crawling page content. It appears in logs as TLS handshakes and probes against port 443, not as content indexing.
- Qualys web application scanner
Qualys operates security scanning that assesses web applications and infrastructure for vulnerabilities and misconfigurations. Some Qualys scanning is authorised by the site owner (an internal security assessment); some is part of broader internet measurement. It is a security tool, not a search crawler, and its probes appear in logs as scanning rather than content fetching for ranking.
- Security scanners vs search crawlers
Security scanners (Censys, Shodan, BinaryEdge, Qualys and similar) probe hosts, ports, and application surface to assess exposure and find vulnerabilities. Search crawlers (Googlebot, Bingbot) fetch and index content to rank it. Confusing the two leads to wrong robots.txt decisions and misread logs: robots.txt governs content crawling, not port scanning, and scan traffic should never be counted as audience.
- Website observability
See security scanners and probes reaching your site, recorded server-side.
Sources and verification notes
- Invicti (formerly Netsparker) — DAST scannerDynamic application security testing tool; configurable scanner user-agent documented.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.