Escape Documentation
Extractors
Initializing search
Log in to Escape
Home
Documentation
Release Notes
Blog
Not an Escape user yet? Book a demo
Escape Documentation
Log in to Escape
Home
Documentation
Documentation
ASM
ASM
Quick Start
Asset Management
Configuration Reference
ASM — FAQ
Integrations
Integrations
akamai-logo1-svg
Akamai
Icon_24px_AppigeeAPIPlatform_Color
Apigee
AWS
Axway
Azure DevOps
Azure
Bitbucket
Cloudflare
GCP
GitHub
GitLab
Kong Gateway
Kong Konnect
Kubernetes
mulesoft-logo
Mulesoft
Postman
Wiz
DAST Scanning
DAST Scanning
Start a new Scan
Understanding Results
Schedule Scans
LLM Tests
DAST in CI/CD
DAST in CI/CD
DAST in GitHub Action
DAST in GitLab CI
DAST in Bitbucket
DAST in CircleCI
DAST in Jenkins
DAST in Azure DevOps
DAST in Travis CI
Override configuration
Command Line
Authentication
Authentication
AWS Cognito
Basic
Browser Actions
Browser Agent
Browser Use
cURL
cURL Sequence
Digest
GraphQL
Headers
HTTP
OAuth Authz Code Browser
OAuth Client
OAuth ROPC
Advanced Workflows
Authentication Reference
WebApp DAST
WebApp DAST
Technology
Tuning Guide
WebApp DAST — FAQ
Configuration Reference
Custom Rules
Custom Rules
Alerting
Detectors
Seeders
Extractors
Custom Rules Reference
API DAST
API DAST
Analyze Coverage
Rate Limiting
Blocklist & Hotstart
API Custom Payloads
Tenant Isolation & Access Control
Scan Internal Applications
Data Types Reference
GraphQL
Rest Configuration Reference
GraphQL Configuration Reference
Custom Rules
Custom Rules
Alerting
Detectors
Transformations
Mutators
Seeders
Extractors
Custom Rules Reference
Supported Security Tests
Supported Security Tests
LLM Endpoint Detection
LLM Excessive Agency
LLM Insecure Output Handling
LLM Insecure Plugin Design
LLM JailBreak
LLM Model Denial of Service
LLM Model Theft
LLM Overreliance
LLM Prompt Injection
LLM Sensitive Information Disclosure
LLM Supply Chain Vulnerabilities
LLM Training Data Poisoning
Airflow Config Exposure
Alibaba Canal Leak
Ansible Config Exposure
Agentic Issue
Appspec Exposure
Appveyor Config Exposure
Arbitrary Token Scope
Auth Bypass
AWS Access Token
AWS Config Exposure
AWS Docker Config Exposure
AWStats Config Exposure
AWStats Exposure
Azure Tenant Id Exposure
Broken Object Level Authorization
Command Injection
Content Security Policy
CORS
Crashing Page
CRLF Injection
CSRF Get Based
CSRF Post Based
Debug mode
Directory listing
Directory traversal
Duplicated object
Error type inconsistency
Exposed JWT Token
Exposed MySQL Config
Exposed settings.php
Exposed Source Map
Exposed SQL Dumps
File disclosure
File inclusion
Forced Browsing
Leaked Sensitive Data in LocalStorage
Frontend Guessable Cookie Value
Access-Control-Allow-Origin Header
Cache Control Header
Content Security Policy Header
Content-Type header
Header leak
Cookie Security
Strict Transport Security
X-Content-Type-Options
X-Frame-Options header
Headers
High number of Custom Scalars
High number of PCI
High number of PHI
High number of PII
High number of Secrets
HTML Injection
Frontend HTTP Parameter Pollution
GraphQL IDE
Improper Input Validation Injection
Stored Improper Input Validation Injection
Introspection enabled
Invalid condition in allOf
Invalid parameters in path
Invalid Persisted Query
Invalid references
JWT algorithm confusion
JWT no algorithm
JWT Signature check
Large JSON input
Possible User Enumeration
Log4Shell
Mass Assignment
Mismatching persisted queries and schema
NoSQL Injection
NoSQL Injection Stored
Nuclei Issue
Port Remediation
Open redirection Forgery
Pagination missing
Password Field Autocompletion
Permissive JSON Input
Positive integer validation
Vulnerable Package
Private data
Private fields
Private IP
Public state-altering operation
Reflected URL Parameter
Request smuggling
Request URL Override
Resource limiting bypass
Response size
GraphQL Response Type Mismatch
Row Level Security Bypass
Custom security checks
Sensitive Comments
Sensitive endpoint bruteforce
Server Error
Software Component Leak
Springboot Actuator Disclosure of Thread Dump
Springboot Actuator Disclosure of Environment
Springboot Actuator Heapdump
Springboot Actuator Disclosure of Logfile
Springboot Actuator Disclosure of Mappings
Springboot Actuator Restart Misconfiguration
Springboot Actuator Shutdown Misconfiguration
Springboot Actuator Disclosure of Trace
SQL Injection
SSL enforced
SSL Certificate
Server Side Request Forgery
SSRF Injection in headers
SSTI (Server-Side Template Injection)
Stacktrace
Subresource Integrity Missing
Swagger rules
Tenant isolation
Security timeout
TLS Configuration Ciphers
TLS Protocol Configuration
TLS Configuration
TLS Configuration Server Defaults
TLS Configuration Server Preferences
TLS vulnerabilities
Typing misconfiguration
Undefined objects
Unhandled endpoint
Unreachable server
Unsafe Function Use
WAF Bypass
WordPress oEmbed Endpoint Exposure
WordPress RDF Feed Users Exposed
WordPress REST API Users Exposed
WordPress wp-cron Exposed
WordPress xmlrpc.php Exposed
XSS via Domain Takeover
XXE Injection
Zombie object
Console Error
Domain Takeover
Excessive Browser Permissions
Weak Flask Session Secret
Character Limit
GraphQL Alias Limit
GraphQL Automatic Persisted Queries
GraphQL Batch Limit
GraphQL Cyclic Recursive Query
GraphQL Content Type
GraphQL Depth Limit
GraphQL Directive Overloading
GraphQL Extension Disclosure
GraphQL Field Duplication
GraphQL Field Limit
GraphQL Field Suggestion
GraphQL Recursive Fragment
Response Format
GraphQL Width Limit
DNS record DKIM
DNS record DMARC
DNS record TXT length
DNS record TXT sensitive
DNSSEC not enabled
DNS record loopback
DNS record permissive SPF
Governance
Governance
Vulnerability Management
Compliance
Reporting
Automation & Ticketing
Automation & Ticketing
Email Notifications
Slack Notifications
Discord Notifications
Teams Notifications
Webhook Notifications
Jira Ticketing
Tooling
Tooling
Escape MCP Copilot
Public API
Escape CLI
Public Locations
Firewall Configuration
Private Locations
Private Locations
Prerequisites
Deployment Methods
Quickstart
Firewall Configuration
SSL Configuration
mTLS Authentication
Proxy Configuration
Logging & Monitoring
Repeater Migration
Deploying at Scale
Private Locations FAQ
Enterprise Features
Enterprise Features
Support & SLA
SSO & Identity Federation
Role-Based Access Control
Audit Logs
Rotating Encryption
Private Tenant
Extractors
Currently
Extractors
are only supported for API custom rules.
Back to top