π·οΈTags
Tags are labels used to categorize and organize profiles. They enable powerful filtering, tag-based passive scan launching, and are the key mechanism for targeting groups of profiles in Smart Scan rules.
βοΈ How Tags Work
Every profile has a Tags array containing one or more tag strings:
{
"Tags": ["All", "XSS", "Reflected"]
}Tags are used for:
π Filtering profiles in the Profiles tab β View profiles by category using the tag dropdown
ποΈ Launching passive scans by tag β Right-click context menu lets you run only passive profiles with a specific tag
π§ Targeting profiles in Rules β Execute all profiles with a specific tag when rule conditions are met
π Organizing profiles β Group related profiles logically across all three profile types
π Tags in All Profile Tables
Tags are displayed in all three profile tables β Active, Passive Request, and Passive Response:
π―
Active Profiles
Enabled, Profile Name, Tags, Author's Twitter
π¨
Passive Request
Enabled, Profile Name, Tags, Author's Twitter
π©
Passive Response
Enabled, Profile Name, Tags, Author's Twitter
π·οΈ Assigning Tags with "Set New Tag"
You can quickly assign tags to profiles directly from the profile tables using the right-click context menu:
Steps
Select one or more profiles in any profile table (Active, Passive Request, or Passive Response)
Right-click to open the context menu
Click Set New Tag
In the dialog, enter the tag name
Click OK β the tag is added to all selected profiles β
π‘ Tip: Select multiple profiles with Ctrl+Click or Shift+Click, then use Set New Tag to tag them all at once. This is the fastest way to organize a large number of profiles.
What Happens
β The tag is added to each selected profile's
Tagsarray in its.bbfileπ If the tag already exists in a profile, it's not duplicated
π The tag is added to the global tags list (tags.txt)
π The Tags column and tag dropdown are updated immediately
ποΈ The tag becomes available in the passive scan context menu
π The "All" Tag
The special All tag is included in most profiles by convention. It allows rules to target all profiles at once:
β οΈ Warning: Rules that execute the
Alltag will trigger every active profile, which can be very resource-intensive. Use with caution.
π¦ Default Tags
The bundled profiles use these tags for categorization:
All
All profiles
~254
XSS
Cross-Site Scripting
~15
SQLi
SQL Injection
~8
SSRF
Server-Side Request Forgery
~6
RCE
Remote Code Execution
~10
Open Redirect
Open Redirect
~5
CORS
CORS Misconfiguration
~1
SSTI
Server-Side Template Injection
~1
XXE
XML External Entity
~3
CVEs
Known CVE exploits
~50
Path Traversal
Path/Directory Traversal
~2
Wordpress
WordPress-specific
~12
Drupal
Drupal-specific
~2
Spring
Spring Framework-specific
~2
GraphQL
GraphQL-specific
~6
Fuzzing Files
File/directory fuzzing
~4
Forgot Password
Password reset testing
~3
Cloud
Cloud infrastructure
~1
API
API endpoints
~1
JWT
JSON Web Tokens
~1
Mobile
Mobile application testing
~1
Blind XSS
Blind XSS payloads
~1
CRLF
CRLF Injection
~1
Errors
Error page detection
~1
DRWuzz
DWR fuzzing
~1
Introspection
GraphQL introspection
~1
React/Next.js
React/Next.js vulnerabilities
~3
n8n
n8n platform vulnerabilities
~1
Security_Headers
Missing security headers (passive)
~6
Secrets
Exposed secrets and keys (passive)
~10
Parameters
Interesting parameters (passive)
~5
Cookie_Security
Cookie security flags (passive)
~3
Technology
Technology fingerprinting (passive)
~8
ποΈ Tags in the Passive Scan Context Menu
Tags are the foundation of the tag-based passive scan feature. When you right-click to launch a passive scan, the context menu organizes passive profiles by tag:
Each entry shows the count of profiles with that tag. This lets you run precisely the passive checks you need.
See Passive Scan for details on launching tag-based passive scans.
π Using Tags in Rules
Rules can target profiles by tag instead of listing individual profiles:
This executes all active profiles tagged with "XSS" when the rule's conditions are met.
See Creating Rules for details.
π Tags Manager
The Tags Manager sub-tab within the Profiles section allows you to:
π View all tags in use across all profiles
π See which profiles belong to each tag
π§ Manage tag assignments
π Filter the profile tables by selecting a tag from the dropdown
βοΈ Creating Custom Tags
When creating or editing a profile, simply add your custom tag strings to the Tags array:
Or use the Set New Tag right-click menu on existing profiles β this is the fastest way. β‘
Best practices:
β Always include the
Alltag unless you want to exclude the profile from broad scansπ Use descriptive tag names that indicate the vulnerability class or target technology
π€ Use consistent naming across profiles (e.g., always use
XSSnotxssorCross-Site-Scripting)π― Create target-specific tags (e.g.,
Client_A) for profiles tailored to specific engagementsποΈ Use tags on passive profiles to enable focused passive scanning via the context menu
π Example: Tag-Based Scanning Workflow
π·οΈ Tag profiles by category:
XSS profiles β
XSStagSQLi profiles β
SQLitagWordPress profiles β
WordpresstagSecurity header checks β
Security_HeaderstagSecret detection β
Secretstag
ποΈ Launch focused passive scans:
Right-click a request β Passive Scan > Passive Response > Security_Headers
Right-click a request β Passive Scan > Passive Request > Parameters
π Create rules that use tags:
When Passive Request detects SQL-like parameters β Execute tag
SQLiWhen Passive Response detects WordPress β Execute tag
Wordpress
π― Control scope:
For broad scanning: Use tag
AllFor focused scanning: Use specific tags like
XSSorCVEsFor passive-only audits: Use the tag submenu to run only relevant checks
Last updated