Objects¶
AlertModel¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
severity | SEVERITY | True | Severity of the alert | SEVERITY |
name | string | True | Name of the alert | |
context | string | True | Context of the alert | |
category | CATEGORY | False | Category of the alert | CATEGORY |
description | string | False | Description of the alert | |
remediation | string | False | Remediation of the alert | |
compliance | Compliance | False | Compliance standards violated by this alert | Compliance |
Compliance¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
owasp | string | False | ||
pci-dss | string | False | ||
gdpr | string | False | ||
soc2 | string | False | ||
psd2 | string | False | ||
iso27001 | string | False | ||
nist | string | False | ||
fedramp | string | False | ||
nis2 | string | False | ||
hipaa | string | False | ||
owasp_llm | string | False | ||
cwe | string | False |
CrudDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | CRUD | False | Condition is the request is this CRUD operation | CRUD |
is_not | CRUD | False | Condition is the request is not this CRUD operation | CRUD |
in | CRUD | False | Condition is the request is in this list of CRUD operations (exact match) | CRUD |
if | Const[helpers.request.crud] | False | Use this to select against the detected CRUD operation of the request. |
HTTPRAWSeeder¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
protocol | Const[http] | False | The HTTP seeder allows you to send a request at the start of the scan. | |
raw | string | True | The raw HTTP request in nuclei format. | |
user | string | False | The user to use for the request. If not provided, the request is sent without authentication. |
LogicalAndDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
and | `CrudDetector | LogicalAndDetector | LogicalNotDetector | LogicalOrDetector |
if | Const[and] | False | Use this to apply a logical and on a list of detectors. |
LogicalNotDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
not | `CrudDetector | LogicalAndDetector | LogicalNotDetector | LogicalOrDetector |
if | Const[not] | False | Use this to apply a logical not on a detector. |
LogicalOrDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
or | `CrudDetector | LogicalAndDetector | LogicalNotDetector | LogicalOrDetector |
if | Const[or] | False | Use this to apply a logical or on a list of detectors. |
MethodDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | HTTP_METHOD | False | Condition is the request is this CRUD operation | HTTP_METHOD |
is_not | HTTP_METHOD | False | Condition is the request is not this CRUD operation | HTTP_METHOD |
in | HTTP_METHOD | False | Condition is the request is in this list of CRUD operations (exact match) | HTTP_METHOD |
if | Const[request.method] | False | Use this to select against the request HTTP method. |
MethodMutator¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
key | Const[request.method] | False | You can use this mutator to change the HTTP method of the | |
value | HTTP_METHOD | False | The value to set. | HTTP_METHOD |
values | HTTP_METHOD | False | The values to set, generates multiple queries. | HTTP_METHOD |
Middleware¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
trigger | `CrudDetector | LogicalAndDetector | LogicalNotDetector | LogicalOrDetector |
mutate | `MethodMutator | RequestBodyJSONMutator | RequestBodyTextMutator | RequestHeadersMutator |
ObjectMatcher¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
type | ObjectTypeMatcher | False | Object scalar type to match | ObjectTypeMatcher |
name | StringMatcher | False | Object scalar name to match | StringMatcher |
value | StringMatcher | False | Object scalar value to match | StringMatcher |
ObjectMutate¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
value | string | False | The value to set. | |
values | string | False | The values to set, generates multiple queries. | |
regex_replace | RegexReplace | False | Regex replace pattern. | RegexReplace |
ObjectTypeMatcher¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | OBJECT_TYPE | False | Object type is exactly this type | OBJECT_TYPE |
is_not | OBJECT_TYPE | False | Object type is any this type except this one | OBJECT_TYPE |
in | OBJECT_TYPE | False | Object type is in the following list | OBJECT_TYPE |
RESTSeeder¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
protocol | Const[rest] | False | The REST seeder allows you to send a request that adapts to the host of your current scan. | |
user | string | False | The user to use for the request. If not provided, the request is sent without authentication. | |
path | string | False | ||
method | HTTP_METHOD | False | HTTP_METHOD | |
headers | Dict[string, string] | False | ||
body | string | False | ||
params | Dict[string, string] | False |
RegexReplace¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
pattern | string | True | The regex pattern to match. | |
replacement | string | True | The replacement, use \1, \2, ... to refer capture groups. |
RequestBodyJSONDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | Any | False | Condition is this exact JSON | |
is_not | Any | False | Condition is not this exact JSON | |
in | Any | False | Condition is in this list of JSON | |
jq | string | False | JQ query to match and use as boolean | |
if | Const[request.body.json] | False | Use this to select and compare the request body when detected as JSON, using jq-like syntax. |
RequestBodyJSONMutator¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
key | Const[request.body.json] | False | You can use this mutator to change the JSON body of the request before resending it. | |
jq | string | False | JQ query to apply to the JSON body. Seestedolan.github.io |
RequestBodyTextDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | string | False | Condition is this exact string | |
is_not | string | False | Condition is not this exact string | |
in | string | False | Condition is in this list (exact match) | |
contains | string | False | Contains this string | |
regex | string | False | Condition is matched on this regex with fullmatch | |
if | Const[request.body.text] | False | Use this to select and compare the request body as text, using string compare. |
RequestBodyTextMutator¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
value | string | False | The value to set. | |
values | string | False | The values to set, generates multiple queries. | |
regex_replace | RegexReplace | False | Regex replace pattern. | RegexReplace |
key | Const[request.body.text] | False | You can use this mutator to change the body (as text) of the request before resending it. |
RequestHeadersDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
key | StringMatcher | False | Key to match | StringMatcher |
value | StringMatcher | False | Value to match | StringMatcher |
if | Const[request.headers] | False | Use that to select and compare the request headers in a key value dictionary. |
RequestHeadersMutator¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
value | string | False | The value to set. | |
values | string | False | The values to set, generates multiple queries. | |
regex_replace | RegexReplace | False | Regex replace pattern. | RegexReplace |
key | Const[request.headers] | False | You can use this mutator to change the headers of the request before resending it. | |
name | string | True | The header name to match, supports regex. | |
delete | boolean | False | Delete the matched headers. |
RequestIsAuthenticatedDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | boolean | False | Condition is true | |
is_not | boolean | False | Condition is false | |
if | Const[request.is_authenticated] | False | Use this to select whether or not whether the request is authenticated. |
RequestObjectDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
type | ObjectTypeMatcher | False | Object scalar type to match | ObjectTypeMatcher |
name | StringMatcher | False | Object scalar name to match | StringMatcher |
value | StringMatcher | False | Object scalar value to match | StringMatcher |
if | Const[request.object] | False | Use this to select and compare the detected object scalars (including custom scalars) in the request, with their kind, name and value. |
RequestObjectMutator¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
key | Const[request.object] | False | The detected object scalars (including custom scalars) in the request, with their kind, name and value. | |
select | ObjectMatcher | True | ObjectMatcher | |
mutate | ObjectMutate | True | ObjectMutate |
RequestUserDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | string | False | Condition is this exact string | |
is_not | string | False | Condition is not this exact string | |
in | string | False | Condition is in this list (exact match) | |
contains | string | False | Contains this string | |
regex | string | False | Condition is matched on this regex with fullmatch | |
if | Const[request.user] | False | Use this to string compare the configured user for the request. |
RequestUserMutator¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
value | string | False | The value to set. | |
values | string | False | The values to set, generates multiple queries. | |
regex_replace | RegexReplace | False | Regex replace pattern. | RegexReplace |
key | Const[request.user] | False | You can use this mutator to change the user of the request before resending it. | |
drop_user | boolean | False | Remove the user authentication from the request. |
ResponseBodyJSONDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | Any | False | Condition is this exact JSON | |
is_not | Any | False | Condition is not this exact JSON | |
in | Any | False | Condition is in this list of JSON | |
jq | string | False | JQ query to match and use as boolean | |
if | Const[response.body.json] | False | Use this to select and compare the response body when detected as JSON, using jq-like syntax. |
ResponseBodyTextDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | string | False | Condition is this exact string | |
is_not | string | False | Condition is not this exact string | |
in | string | False | Condition is in this list (exact match) | |
contains | string | False | Contains this string | |
regex | string | False | Condition is matched on this regex with fullmatch | |
if | Const[response.body.text] | False | Use this to select and compare the response body as text, using string compare. |
ResponseDurationDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | integer | False | Condition is this exact integer | |
is_not | integer | False | Condition is not this exact integer | |
in | integer | False | Condition is in this list of integers (exact match) | |
gt | integer | False | Condition is greater than this integer | |
lt | integer | False | Condition is less than this integer | |
if | Const[response.duration_ms] | False | Use this to compare the duration of the request in milliseconds. |
ResponseHeadersDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
key | StringMatcher | False | Key to match | StringMatcher |
value | StringMatcher | False | Value to match | StringMatcher |
if | Const[response.headers] | False | Use that to select and compare the response headers in a key value dictionary. |
ResponseIsSuccessfulDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | boolean | False | Condition is true | |
is_not | boolean | False | Condition is false | |
if | Const[helpers.response.is_successful] | False | Use this to check whether the response is successful. |
ResponseObjectDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
type | ObjectTypeMatcher | False | Object scalar type to match | ObjectTypeMatcher |
name | StringMatcher | False | Object scalar name to match | StringMatcher |
value | StringMatcher | False | Object scalar value to match | StringMatcher |
if | Const[response.object] | False | Use this to select and compare the detected object scalars (including custom scalars) in the response, with their kind, name and value. |
ResponseStatusCodeDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | integer | False | Condition is this exact integer | |
is_not | integer | False | Condition is not this exact integer | |
in | integer | False | Condition is in this list of integers (exact match) | |
gt | integer | False | Condition is greater than this integer | |
lt | integer | False | Condition is less than this integer | |
if | Const[response.status_code] | False | Use this to compare the HTTP status code as an integer. |
ScanTypeDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | SCAN_TYPE | False | The scan type is exactly this | SCAN_TYPE |
is_not | SCAN_TYPE | False | The scan type is not this type | SCAN_TYPE |
in | SCAN_TYPE | False | The scan type is in this list | SCAN_TYPE |
if | Const[scan.type] | False | Use this to select against the type of the scan. |
SchemaNeedAuthenticationDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | boolean | False | Condition is true | |
is_not | boolean | False | Condition is false | |
if | Const[schema.need_authentication] | False | Use this to select whether or not the schema requires authentication. |
SchemaPathRefDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | string | False | Condition is this exact string | |
is_not | string | False | Condition is not this exact string | |
in | string | False | Condition is in this list (exact match) | |
contains | string | False | Contains this string | |
regex | string | False | Condition is matched on this regex with fullmatch | |
if | Const[schema.path_ref] | False | Use this to string compare the operation name in GraphQL or the path in REST. |
SchemaPathRefMutator¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
value | string | False | The value to set. | |
values | string | False | The values to set, generates multiple queries. | |
regex_replace | RegexReplace | False | Regex replace pattern. | RegexReplace |
key | Const[schema.path_ref] | False | You can use this mutator to change the operation name in GraphQL or the path in REST (keeping the domain) before resending it. |
SchemaUrlDetector¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | string | False | Condition is this exact string | |
is_not | string | False | Condition is not this exact string | |
in | string | False | Condition is in this list (exact match) | |
contains | string | False | Contains this string | |
regex | string | False | Condition is matched on this regex with fullmatch | |
if | Const[schema.url] | False | Use this to string compare the URL of the request. |
SchemaUrlMutator¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
value | string | False | The value to set. | |
values | string | False | The values to set, generates multiple queries. | |
regex_replace | RegexReplace | False | Regex replace pattern. | RegexReplace |
key | Const[schema.url] | False | You can use this mutator to change the URL of the request before resending it. |
StringMatcher¶
Property | Type | Required | Description | Reference |
---|---|---|---|---|
is | string | False | Condition is this exact string | |
is_not | string | False | Condition is not this exact string | |
in | string | False | Condition is in this list (exact match) | |
contains | string | False | Contains this string | |
regex | string | False | Condition is matched on this regex with fullmatch |
Enums¶
CATEGORY¶
ACCESS_CONTROL
CONFIGURATION
INFORMATION_DISCLOSURE
INJECTION
PROTOCOL
REQUEST_FORGERY
RESOURCE_LIMITATION
SCHEMA
CUSTOM
CRUD¶
CREATE
READ
UPDATE
DELETE
HTTP_METHOD¶
GET
POST
PUT
DELETE
HEAD
PATCH
OPTIONS
TRACE
CONNECT
OBJECT_TYPE¶
See Data Types Reference
SCAN_TYPE¶
GRAPHQL
REST
SEVERITY¶
HIGH
MEDIUM
LOW
INFO