Scan Database Syntax

The scan database (db_tests) is a CSV delimited file which contains most of the tests. Fields are enclosed by quotes and separated by commas. The field order is:

ID, References, Tuning, URI, Method, DSL, Message, Data, Headers

Field Descriptions:

ID - Unique test identifier (e.g., "000120")
References - CVE IDs, URLs, or other references (replaces old OSVDB-ID field)
Tuning - Tuning category number (see Scan-Tuning.md)
URI - The URI/path to test (supports variable expansion like @CGIDIRS, @LFI(), etc.)
Method - HTTP method (GET, POST, etc.)
DSL - Domain-Specific Language matcher for response matching (replaces old Match 1, Match 1 Or, Match1 And, Fail fields)
Message - Description of the finding
Data - Optional HTTP request body/data
Headers - Optional additional HTTP headers

DSL Matcher: The DSL field uses a Domain-Specific Language for matching HTTP responses. See the /devdocs/DSL_GUIDE.md for complete documentation. Basic examples:

CODE:200 - Match HTTP 200 status
BODY:admin - Match "admin" in response body
CODE:200&&BODY:admin - Match 200 AND "admin" in body
(CODE:200|CODE:301) - Match 200 OR 301
@LFI() - Special function for LFI detection (expands to platform-specific matchers)

Here is an example test:

"000120","https://example.com/ref","2","/manual/","GET","CODE:200","Web server manual","",""

Uh oh!

Scan Database Syntax

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally