Reference¶
Machine-readable material: every configuration schema Escape accepts, the full vulnerability catalog, authentication preset reference, custom-rules JSON Schema, and data-type scalars. Everything here is generated from source and regenerated on every change.
This section is excluded from site-wide search to keep results focused on guides. Use the in-page table of contents or jump directly from the product documentation that links here.
What's Here¶
- Configuration Schemas: per-scanner reference for ASM, REST API DAST, GraphQL API DAST, and WebApp DAST.
- Vulnerabilities: every security test Escape can run, searchable and filterable.
- Authentication Reference: the full authentication JSON Schema (every preset, every object, every enum).
- Custom Rules Reference: the merged API + WebApp custom-rules JSON Schema.
- Data Types: all scalar types Escape recognizes, with sensitivity classification.
Public API¶
The Escape Public API has its own interactive reference at https://public.escape.tech/v3/. For the narrative guide, see Public API under Automate.
AI Pentesting Configuration¶
The AI Pentesting Configuration reference is a placeholder pending auto-generator work. The authoritative source today is the AutomatedPentestingConfig Pydantic model.
Index¶
- Authentication Reference
- Custom Rules Reference
- Data Types Reference
Configuration Schemas¶
- AI Pentesting Configuration
- Reference (GraphQL API)
- Reference (REST API)
- Reference (ASM)
- Reference (WebApp)
Security Tests (289)¶
- Access Control Vulnerability
- Leaked Apache Airflow Configuration Page
- Leaked Alibaba Canal Config
- Leaked Ansible Configuration Page
- Leaked Appspec YML/YAML
- Leaked AppVeyor Configuration Page
- AWS Access Token
- Leaked AWS Configuration
- Leaked Dockerrun AWS Configuration Page
- Leaked AWStats Script Config
- Leaked AWStats Config
- Broken Object Level Authorization
- Command Injection
- Command Injection
- CORS
- ZenML ZenML Server - Improper Authentication
- Change Detection - Server Side Template Injection
- Veeam Backup & Replication - Unauthenticated
- Debug mode
- Directory Traversal
- Exposed JWT Token
- Leaked mysql.initial Config
- Leaked settings.php
- Leaked MySQL Dump Files
- File disclosure
- Misconfigured Cache Control Header
- Missing Content Security Policy Header
- Content-Type header
- Misconfigured Set-Cookie Header
- Misconfigured Strict-Transport-Security Header
- Misconfigured X-Content-Type-Options Header
- Misconfigured X-Frame-Options Header
- High number of Custom Scalars
- High number of Payment Card Industry Data
- High number of Personal Health Information
- High number of Personal Identifiable Information
- High number of Secrets
- JWT algorithm confusion
- JWT no algorithm
- JWT Signature check
- Possible User Enumeration
- LLM Command Injection
- LLM Insecure Output Handling
- LLM Prompt Injection
- LLM-Enabled Server-Side Request Forgery
- LLM System Prompt Leakage
- LLM Tool / Function-Calling Exposure
- Mass Assignment
- Multi User Access Control
- NoSQL Injection Stored
- Pagination missing
- Invalid integer format
- Private data
- Private IP Disclosure
- Response Size Exceeded
- Server Error
- Header Leak
- Leaked Actuator Spring Boot Dump
- Leaked Spring Boot Actuator Environment
- Leaked Actuator Spring Boot Heapdump
- Leaked Spring Boot Actuator Logfile
- Leaked Spring Boot Actuator Mappings
- Actuator Spring Boot Remote Restart
- Actuator Spring Boot Remote Shutdown
- Leaked Actuator Spring Boot Trace
- SQL Injection
- SQL Injection
- SSL Certificate
- SSL Certificate
- Server Side Request Forgery
- Server-Side Request Forgery
- SSTI (Server-Side Template Injection)
- Stacktrace disclosed
- Stored XSS Injection
- Triggered timeout
- Unreachable server
- WAF Bypass
- WordPress oEmbed Endpoint
- WordPress RDF Feed Users
- WordPress REST API Users
- WordPress wp-cron Exposed
- WordPress xmlrpc.php Exposed
- XSS Injection
- XXE Injection
- Adminer Default Login - Detect
- Apache Airflow Default Login
- Apache Airflow v3 Default Login
- Angular Development Build
- Apache Apollo - Default Login
- Apache Druid - Remote Code Execution (Apache Log4j)
- Apache Flink - Remote Code Execution
- Apache HertzBeat - Default Credentials
- Apache NiFi - Remote Code Execution
- Apache OFBiz - JNDI Remote Code Execution (Apache Log4j)
- Apache Solr <=8.8.1 - Local File Inclusion
- Apache Solr 7+ - Remote Code Execution (Apache Log4j)
- Apache Solr 9.1 - Remote Code Execution
- Apache Apisix Admin - Default Login
- Arcade.php - SQL Injection
- ASP.NET ViewState Encryption
- ASP.NET ViewState MAC Validation Disabled
- BSPHP - Information Disclosure
- Apache CloudStack - Default Login
- CodiMD - File Upload
- Compromised Supply Chain
- Exposed JSON Configuration Files
- Console Error
- Crashing Page
- Apache Log4j2 Remote Code Injection
- DbGate Web Client - Unauthenticated Remote Command Execution
- Django Secret Key Exposure
- Apache DolphinScheduler Default Login
- Apache Doris - Default Login
- Drupal 7 Elfinder - Remote Code Execution
- Drupal Avatar Uploader - Cross-Site Scripting
- Apache Dubbo - Default Admin Discovery
- EasyImage down.php - Arbitrary File Read
- Fanwei OA E-Office - Information Disclosure
- ElasticSearch - Default Login
- Esafenet CDG mysql - File Read
- Excessive Browser Permissions
- Exposed Config File
- Exposed Source Map
- Weak Flask Session Secret
- Broken Object Level Authorization
- Command Injection
- CRLF Injection
- GET based CSRF
- POST based CSRF
- Domain Takeover
- Misconfigured Set-Cookie Header
- Insecure WebSocket Connection
- NoSQL Injection Stored
- Open redirection Forgery via Frontend
- Vulnerable JavaScript Library
- Frontend Server Error
- JavaScript Library
- SQL Injection
- Insecure HTTP Request
- Server Side Request Forgery via Frontend
- Triggered timeout
- XSS via Domain Takeover
- GeoVision Geowebserver <= 5.3.3 - Local File Inclusion / Cross-Site Scripting
- Git Metadata Directory Exposure
- Gitlab Default Login
- GLPI Default Login
- Grafana Default Login
- Frontend Guessable Cookie Value
- HTML Injection
- Frontend HTTP Parameter Pollution
- Client Side Prototype Pollution
- Template Injection
- XSS Injection
- XSS via Query Parameter
- XSS via Reflected Input
- Infoblox NetMRI < 7.6.1 - Remote Code Execution via Hardcoded Ruby Cookie Secret Key
- IoTaWatt Configuration App Exposure
- Jenkins Default Login
- Jolokia <= 1.7.1 Information Leakage
- Joomla! com_booking component 2.4.9 - Information Leak
- Joomla! com_fabrik 3.9.11 - Local File Inclusion
- Joomla
departments- SQL Injection
- Joomla! Component Easy Shop 1.2.3 - Local File Inclusion
- Joomla iProperty Real Estate 4.1.1 - Cross-Site Scripting
- Joomla JLex Review 6.0.1 - Cross-Site Scripting
- Joomla jMarket 5.15 - Cross-Site Scripting
- Joomla JoomBri Careers 3.3.0 - Cross-Site Scripting
- Joomla! Component com_sef - Local File Inclusion
- Joomla JVTwitter - Cross-Site Scripting
- Joomla MarvikShop ShoppingCart 3.4 - Sql Injection
- Joomla MarvikShop ShoppingCart 3.4 - Cross-Site Scripting
- Joomla Solidres 2.13.3 - Cross-Site Scripting
- Sensitive Data Leak in JavaScript Bundle
- Jupyter Notebook - Remote Command Execution
- Apache Kafka Center Default Login
- Apache Karaf - Default Login
- kkFileView 4.0.0 - Server-Side Request Forgery
- Apache Kylin Console - Default Login
- Lucee < 6.0.1.59 - Remote Code Execution
- Malwared BYOB - Unauthenticated Remote Code Execution
- Microsoft Access Database File - Detect
- Minio Default Login
- Nginx Server - Local File Inclusion
- Nginx Virtual Host Traffic Status Module - Cross-Site Scripting
- Nginx Proxy Manager - Default Login
- nginxWebUI ≤ 3.5.0 - Remote Command Execution
- nginxWebUI ≤ 3.5.0 runCmd - Remote Command Execution
- Node ecstatic Internal Path - Exposure
- Node-Red - Default Login
- OpenMediaVault - Default Login
- OpenSearch Dashboard - Default Login
- Password Field Autocompletion
- PHP Timeclock <=1.04 - Cross-Site Scripting
- Xdebug remote code execution via xdebug.remote_connect_back
- PHP 8.1.0-dev - Backdoor Remote Code Execution
- PHP LDAP Admin < 1.2.5 - Cross-Site Scripting
- phpMyAdmin - Default Login
- PhpMyAdmin - Unauthenticated Access
- PHPOK - SQL Injection
- phpwiki 1.5.4 - Cross-Site Scripting/Local File Inclusion
- Vulnerable Dependency Detected
- Private key exposure via helper detector
- RabbitMQ Default Login
- Ruby on Rails - CRLF Injection and Cross-Site Scripting
- Apache Ranger - Default Login
- React2Shell CVE-2025-55182 - Shell RCE
- React2Shell CVE-2025-55182 - Javascript RCE
- React Development Build
- Reflected URL Parameter
- Request URL Override
- Rundeck - Default Login
- Joomla! CMS <=3.4.6 - Remote Code Execution
- Sangfor Log Center - Remote Command Execution
- Secret Token Ruby - File Disclosure
- Seeyon OA A6 createMysql.jsp Database - Information Disclosure
- Selenium - Node Exposure
- Self Signed SSL Certificate
- Sensitive Comments
- SonarQube Default Login - Detect
- SQL Injection (Oracle-Based)
- Missing Subresource Integrity
- Svelte Development Build
- ThinkPHP 6.0.0~6.0.1 - Arbitrary File Write
- ThinkPHP ⅔ - Remote Code Execution
- ThinkPHP 5.0.1 - Remote Code Execution
- ThinkPHP 5.0.23 - Remote Code Execution
- ThinkPHP 5.0.9 - Information Disclosure
- Apache Tomcat Manager Default Login
- Apache Tomcat - Default Login Discovery
- TOTOLINK N150RT - Password Exposure
- Twig PHP <2.4.4 template engine - SSTI
- Twonky Server - Exposure
- Unsafe Function Use
- Vue.js Development Build
- OA E-Office mysql_config.ini - Information Disclosure
- Webmin - Default Login
- WordPress wp-config Detection
- WordPress Plugin "AffiliateWP -- Allowed Products" Log Disclosure
- WordPress DB Backup
- WordPress DB Backup
- Wordpress DB Repair Exposed
- WordPress Debug Log - Exposure
- Social Metrics Tracker <= 1.6.8 - Unauthorised Data Export
- Wordpress Oembed Proxy - Server-side request forgery
- WordPress Total Upkeep Database and Files Backup Download
- WordPress Wordfence 7.4.5 - Local File Inclusion
- Wordpress Wordfence - Cross-Site Scripting
- WordPress Wordfence 7.4.6 - Cross0Site Scripting
- Zebra_Form PHP Library <= 2.9.8 - Cross-Site Scripting
- WordPress Woody Code Snippets <2.4.6 - Cross-Site Scripting
- WordPress PHPFreeChat 0.2.8 - Cross-Site Scripting
- Zabbix Default Login
- Character limit
- GET based CSRF
- POST based CSRF
- GraphQL Alias Limit
- GraphQL Batch Limit
- GraphQL Cyclic Recursive Query
- GraphQL Directive Overloading
- GraphQL Field Duplication
- GraphQL Field Suggestion
- GraphQL Recursive Fragment
- GraphQL IDE
- Introspection enabled
- DNS record DKIM
- DNS record DMARC
- DNS Rebinding Attack
- DNS record private IP
- DNS record TXT length
- DNS record TXT sensitive
- DNSSEC not enabled
- XSS via Domain Takeover
- HTTP/2 Not Supported
- HTTP without HTTPS Redirect
- API Endpoint Exposed in JavaScript Bundle
- DNS record loopback
- MCP Server Accessible Without Authentication
- Default MSSQL Credentials
- Exposed MSSQL Server
- Default MySQL Credentials
- Exposed MySQL Server
- DNS record permissive SPF
- Default PostgreSQL Credentials
- Exposed PostgreSQL Server
- Agentic Replay
- Spoofable SPF Records with PTR Mechanism
- Default SSH Credentials
- Open SSH Server
- Enabled SSH Password Authentication