Pentest-Tools.com LogoPentest-Tools.com API Reference
  1. Additional Notes
  2. Scan test output format (JSON)

Deprecated

You are viewing a deprecated version of our API Reference. Please visit the up-to-date documentation.

Scan test output format (JSON)

The output format for a scan test in output_json (returned by get_output) for vulnerability scans (Website Scan, Network Vulnerability Scanner, SQLi Scanner, XSS Scan, Wordpress Scanner, Drupal Scanner).

Response

Attributes
Attribute
id
Type
integer
Attribute
name
Type
string

The name of the finding.

Attribute
test_id
Type
integer
Attribute
test_name
Type
string

Value: "default"

Attribute
test_description
Type
string

A description of the test. Example: "Checking for website technologies...".

Attribute
test_finished
Type
boolean

Set to true when the scan test finished running.

Attribute
confirmed
Type
boolean

The value is true if the finding has a high certainty of not being a false positive.

Attribute
cve
Type
string

The CVE associated with the finding. Values can be in following formats: None, "", "CVE-2017-3167, CVE-2017-3169".

Attribute
cvss
Type
string

The CVSS of the finding. Will be set to "-1" if the finding does not have one. Example: "-1", "7.5".

Attribute
vuln_description
Type
string

A short description of the finding. Example: "Vulnerabilities found for server-side software".

Attribute
vuln_evidence
Type
object

The evidence for the finding. It can have multiple formats in the data field, given by the type attribute.

Attribute
risk_description
Type
string

A description of the risk associated with the finding.

Attribute
risk_level
Type
string

The value can be:

  • "0" - Informational
  • "1" - Low
  • "2" - Medium
  • "3" - High
Attribute
screenshots
Type
object

An object holding the screenshot for this finding in base64 format.

Attribute
status
Type
integer

The value can be:

  • 0 - Open
  • 1 - False positive
  • 2 - Ignored
  • 3 - Fixed
  • 4 - Accepted
Attribute
recommendation
Type
string

A short recommendation for fixing the vulnerability.

Attribute
vuln_id
Type
string

An unique identifier for the finding.

Attribute
finding_verified
Type
boolean

The value of the verified attribute in the web interface. This attribute only exists for finished scans.