The passive profile detects WordPress indicators in responses (e.g., wp-content, wp-includes), then 10 active profiles test for user enumeration, directory listing, RCE, path traversal, and config exposure.
π΅ Jira Rule
π― Goal: Detect Jira instances and test for known vulnerabilities.
π Spring Boot Rule
π― Goal: Detect Spring Boot applications and test actuator endpoints.
π§ Drupal Rule
π― Goal: Detect Drupal CMS and test for user enumeration.
π Combined Condition Rules
π‘οΈ Fortinet Rule
π― Goal: Detect Fortinet/FortiGate panels and test for credential disclosure.
This requires both request URL pattern AND response content to match before executing the CVE profile. This reduces false positives compared to checking only the URL.
π Netsweeper Rule
π― Goal: Detect Netsweeper appliance and test for code injection.
ποΈ CouchDB Rule
π― Goal: Detect CouchDB endpoints and test for admin exposure.
π Vulnerability Parameter Detection Rules
ποΈ SQL Injection Rule
π― Goal: Detect parameters commonly vulnerable to SQL injection and test them.
The passive profile detects parameters like id=, user_id=, query=, select=, etc.
π XSS Rule
π― Goal: Detect XSS-prone parameters and test with various payloads.
β‘ RCE Rule
π― Goal: Detect RCE-prone parameters and test for command injection.
π LFI Rule
π― Goal: Detect file path parameters and test for Local File Inclusion.
π Open Redirect / SSRF Rule
π― Goal: Detect URL-containing parameters and test for open redirect and SSRF.
π§ SSTI Rule
π― Goal: Detect template injection parameters and test for SSTI.
β οΈ Bulk Scanning Rules (Disabled by Default)
These rules are powerful but resource-intensive β they're disabled by default.
π Scan All Requests with All Profiles
β οΈ Warning: This runs ALL active profiles against ALL requests. Can consume excessive RAM and CPU. Use only on small targets with caution.
π Scan All Requests with Open Redirect Profiles
