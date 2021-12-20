tool_id Integer The id of this tool 90

target String The URL on the target server that will be fuzzed. You can specify a custom location for the payload using at most one FUZZ marker in the path or in query strings

method String HTTP method for the requests performed (optional) - GET (default)

- POST

post_data String Specify POST data to be sent with every request. It is only used with the POST method and can contain the FUZZ marker (optional)

thread_count String Number of requests made in parallel (number of threads for the scan), between "1" and "7" . Default: "7" (optional)

requests_delay String Only works if one thread is selected. It specifies the delay between the requests (in seconds) and can be a float between "0" and "3600" . Default: "0" (optional)

req_timeout String Timeout for a single HTTP request, measured in seconds. It should be a positive float, no bigger than "43200" (12h). Default: "4.0" (optional)

max_retries String Maximum number of retries for a single HTTP request, in case of connection error. It should be an integer between "0" and "10" . The delay between retries increases exponentially, see the retry_factor parameter for details. Default: "3" (optional)

retry_factor String Controls the delay between retries. It should be a float between "0" and "120" . If it is "1" , the first retry is sent immediatelly (after 0s), the second one after 1s, then 2s, 4s and so on. If it is "0.1" , the succesive sleeps will be: 0s, 0.1s, 0.2s, 0.4s... Default: "1.0" (optional)

retry_codes String Force retry on these HTTP codes. They can be integers between 100 and 599, or a range, for example: "429,500-505" (optional)

payload_type String Specify the kind of payload you want to use: one of your wordlists or generate a sequence of numbers. Default: wordlist - wordlist

- sequence

wordlist_id String The id of the wordlist that will be used for fuzzing, if the payload_type is wordlist . If not set, the default one will be used

dynamic String This is a scan option which extends the default wordlist with words from the HTML page located at the base URL (including existing links). Not applicable to sequence payload type (optional) - on

- off

sequence_from String Specify the starting number for the sequence, used if the payload_type is sequence . Default value: "0"

sequence_to String Specify the ending number for the sequence, used if the payload_type is sequence . Default value: "100"

sequence_step String Specify the step for generating the sequence, used if the payload_type is sequence . Default value: "1". This cannot be "0"

no_ext String Search for files with no extension (plain words) (optional) - on

- off

configs String Search for files with the following extensions: conf , cfg , txt , xml , json , ini (optional) - on

- off

sources String Search for files with the following extensions: bat , c , java , cpp , cs , h (optional) - on

- off

archives String Search for files with the following extensions: zip , tar , tar.gz , tgz , gz , 7z , bzip , rar , jar , apk (optional) - on

- off

databases String Search for files with the following extensions: sql , mdb , db , nsf , csv , dbf (optional) - on

- off

logs String Search for files with the following extensions: log , err , journal (optional) - on

- off

backups String Search for files with the following extensions: old , back , bkp , bak , tmp , test , dev , prod (optional) - on

- off

docs String Search for files with the following extensions: doc , docx , odt , xls , xlsx , rtf , pdf , ppt , pptx (optional) - on

- off

web String Search for files with the following extensions: asp , aspx , php , jsp , shtml , htm , html , dll , pl , py , cgi , cfm , sh (optional) - on

- off

custom_ext String Search for files with custom extensions (optional). Requires input_ext parameter to be set - on

- off

input_ext String The custom extensions that you want to search for. You can specify multiple extensions (up to 10 per scan), including double extensions (e.g. .php.old , .jsp.bak , .tgz etc.) (optional). For this option to work custom_ext must be on

mutate String This is a scan option which applies various mutations to the identified files in order to find other resources ( config.php , config2.php , config_old.php , config-dev.php etc.) (optional) - on

- off

response_filter String Use the default mechanism of filtering results or specify your own conditions. (optional)

In the auto mode, all responses with the 404 status code are ignored. If the method is GET , we also try to detect soft 404 pages (for example, error pages)

In the manual mode, no response is filtered and you can specify custom conditions (see below) to match or ignore certain HTTP responses - auto (default)

- manual

match_resp_codes String In manual response filtering, only return responses with these HTTP codes. They can be integers between 100 and 599, or ranges, separated by commas (optional)

match_resp_size_op String In manual response filtering, only return responses with the size matching this condition. This parameter specifies the operator. Accepted: = , < , > , <= , >= . (optional)

The match_resp_size_limit should also be set.

match_resp_size_limit String In manual response filtering, only return responses with the size matching this condition. This parameter specifies the limit used for comparison and should be an integer between 0 and 10240, measured in KB. (optional)

The match_resp_size_op should also be set.

match_resp_content String In manual response filtering, only return responses that contain this string in the content (optional)

ignore_resp_codes String In manual response filtering, discard responses with these HTTP codes. They can be integers between 100 and 599, or ranges, separated by commas (optional)

ignore_resp_size_op String In manual response filtering, discard responses with the size matching this condition. This parameter specifies the operator. Accepted: = , < , > , <= , >= . (optional)

The ignore_resp_size_limit should also be set.

ignore_resp_size_limit String In manual response filtering, discard responses with the size matching this condition. This parameter specifies the limit used for comparison and should be an integer between 0 and 10240, measured in KB. (optional)

The ignore_resp_size_op should also be set.

ignore_resp_content String In manual response filtering, discard responses that contain this string in the content (optional)