Scripts

The Scripts section provides information about all of the scripts that were found on your targets, as well as where they are hosted.

Use Cases

• Keep track of additions or changes to scripts on your website. If you don't recognize a script or a change that was made, you should verify that it is legitimate.

• Verify that third-party site hosting scripts are safe. Find out if sites that host your scripts have previously been flagged for serving malware, phishing, or adult content.

Detection

Every script tag that is discovered during the crawling process is cataloged.

Risk

Risk is assigned by verifying that the script is loaded over HTTPS and the host does not serve malware, phishing, or adult content.

• High (● Red): The host serving the script has been flagged for malware or phishing content.

• Medium (● Yellow): A script is being loaded over a plaintext HTTP connection.

• Low (● Green): No significant risks are associated with the script.

Scripts rated High or Medium risk will create issues.

Monitoring

Scripts can be monitored for changes by toggling their monitor status on the List page. This is useful for keeping an eye on scripts that are involved in sensitive areas of an application such as shopping carts and checkout flows. If a change is detected it will trigger a website-script-monitor-change event so you can be immediately notified.

Learn more about events at:

Pages

• Overview: General information about scripts that were found including risk rating, most common names, download size, and geographical location of hosts.

• Summary: Summary of all scripts and which hosts they were found on, including out-of-scope hosts.

• List: List of scripts.

• Search: Allows you to search for a string within any of the scripts that were located.

• Changes: Display changes made to scripts between current and prior scans and pull up differences that were found.