Skip to main content
GET
/
public
/
finding_templates
Get all finding templates
curl --request GET \
  --url https://app.pentest-tools.com/api/v2/public/finding_templates \
  --header 'Authorization: Bearer <token>'
[
  {
    "name": "OS Command Injection",
    "software_type": "Web Server",
    "vendor": "Microsoft",
    "product": "Laravel",
    "date": "2020-12-25T00:00:00.000Z",
    "codename": "OMIGOD",
    "vuln_description": "We found that the target F5 BIG-IP server is vulnerable to CVE-2020-5902, a Remote Code Execution vulnerability, affecting the Traffic Management User Interface (TMUI) component, which is publicly accessible.\\nThe root cause of this vulnerability consists in a broken parser logic in the Tomcat endpoint. This allows an unauthenticated malicious attacker to access any file stored on the server.\\nWe have detected this by sending a HTTP GET request to the tmui endpoint, containing the /etc/passwd file, and looking for the output of the file in the response.",
    "how_to_reproduce": "<string>",
    "public_vuln_description": "F5 BIG-IP server is affected by a Remote Code Execution vulnerability, located in the Traffic Management User Interface (TMUI) component, which is publicly accessible.\\nThe root cause of this vulnerability consists in a broken parser logic in the Tomcat endpoint.\\nThis allows an unauthenticated malicious attacker to access any file stored on the server or to execute arbitrary commands on the server.",
    "risk_description": "The risk exists that a remote unauthenticated attacker can fully compromise the F5 BIG-IP server in order to steal confidential information, install ransomware or pivot to the internal network.",
    "recommendation": "We recommend upgrading your F5 BIG-IP server to the latest version.",
    "public_recommendation": "Upgrade F5 BIG-IP server to the latest version or to a non-vulnerable version listed in K52145254.",
    "references": "<a href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5902\" target=\"_blank\">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5902</a><br><a href=\"https://pentest-tools.com/blog/big-ip-tmui-rce/\" target=\"_blank\">https://pentest-tools.com/blog/big-ip-tmui-rce/</a><br><a href=\"https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/\" target=\"_blank\">https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/</a><br><a href=\"https://research.nccgroup.com/2020/07/12/understanding-the-root-cause-of-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902/\" target=\"_blank\">https://research.nccgroup.com/2020/07/12/understanding-the-root-cause-of-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902/</a>",
    "vuln_cvssv3": 123,
    "cve": [
      "CVE-2021-26855",
      "CVE-2021-27065"
    ],
    "ptt_exploit_capabilities": [
      "RCE",
      "File Read"
    ],
    "vuln_id": "NETSCAN-SNIPER-CVE-2021-42013-RCE",
    "epss_score": 123,
    "epss_percentile": 123,
    "in_cisa_catalog": true,
    "published": "2021-08-04T00:00:00.000Z",
    "updated": "2022-05-25T00:00:00.000Z"
  }
]

Authorizations

Authorization
string
header
required

Use the "API key" from the profile page as the token

Query Parameters

vuln_id_type
string

The vuln_id type of the vulnerability (e.g. "NETSCAN", "WEBSCAN")

Pattern: ^[A-Z]{7}$
Example:

"NETSCAN"

has_ptt_exploit
boolean

Only show vulnerabilities which have/don"t have exploit capabilities. Setting this to false will only show vulnerabilities without any capabilities.

Example:

true

limit
integer

the maximum number of templates to return

Example:

100

offset
integer

the offset to start returning templates from. This does not work without the limit parameter

Example:

100

Response

OK

name
string

The name of the vulnerability

Example:

"OS Command Injection"

software_type
string | null

The type of software affected by the vulnerability

Example:

"Web Server"

vendor
string | null

The vendor of the vulnerable software

Example:

"Microsoft"

product
string | null

The product affected by the vulnerability

Example:

"Laravel"

date
string<date> | null

The date of the vulnerability

Example:

"2020-12-25T00:00:00.000Z"

codename
string | null

The codename of the vulnerability

Example:

"OMIGOD"

vuln_description
string | null

The description of the vulnerability

Example:

"We found that the target F5 BIG-IP server is vulnerable to CVE-2020-5902, a Remote Code Execution vulnerability, affecting the Traffic Management User Interface (TMUI) component, which is publicly accessible.\\nThe root cause of this vulnerability consists in a broken parser logic in the Tomcat endpoint. This allows an unauthenticated malicious attacker to access any file stored on the server.\\nWe have detected this by sending a HTTP GET request to the tmui endpoint, containing the /etc/passwd file, and looking for the output of the file in the response."

how_to_reproduce
string | null

The steps to reproduce the vulnerability

public_vuln_description
string | null

The public description of the vulnerability

Example:

"F5 BIG-IP server is affected by a Remote Code Execution vulnerability, located in the Traffic Management User Interface (TMUI) component, which is publicly accessible.\\nThe root cause of this vulnerability consists in a broken parser logic in the Tomcat endpoint.\\nThis allows an unauthenticated malicious attacker to access any file stored on the server or to execute arbitrary commands on the server."

risk_description
string | null

The risk description of the vulnerability

Example:

"The risk exists that a remote unauthenticated attacker can fully compromise the F5 BIG-IP server in order to steal confidential information, install ransomware or pivot to the internal network."

recommendation
string | null

The recommendation of the vulnerability

Example:

"We recommend upgrading your F5 BIG-IP server to the latest version."

public_recommendation
string | null

The public recommendation of the vulnerability

Example:

"Upgrade F5 BIG-IP server to the latest version or to a non-vulnerable version listed in K52145254."

references
string | null

The references for the vulnerability

Example:

"<a href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5902\" target=\"_blank\">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5902</a><br><a href=\"https://pentest-tools.com/blog/big-ip-tmui-rce/\" target=\"_blank\">https://pentest-tools.com/blog/big-ip-tmui-rce/</a><br><a href=\"https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/\" target=\"_blank\">https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/</a><br><a href=\"https://research.nccgroup.com/2020/07/12/understanding-the-root-cause-of-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902/\" target=\"_blank\">https://research.nccgroup.com/2020/07/12/understanding-the-root-cause-of-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902/</a>"

vuln_cvssv3
number<float> | null
cve
string[]
Example:
["CVE-2021-26855", "CVE-2021-27065"]
ptt_exploit_capabilities
string[]
Example:
["RCE", "File Read"]
vuln_id
string | null

A unique vulnerability identifier

Example:

"NETSCAN-SNIPER-CVE-2021-42013-RCE"

epss_score
number<float> | null
epss_percentile
number<float> | null
in_cisa_catalog
boolean

Indicated whether the CVEs are part of the CISA Known Exploited Vulnerabilities Catalog

Example:

true

published
string | null

The published date of module

Example:

"2021-08-04T00:00:00.000Z"

updated
string | null

The updated date when module was modified

Example:

"2022-05-25T00:00:00.000Z"