Continuous Dynamic Help DocsContinuous Dynamic Portal Login (US)Continuous Dynamic Portal Login (EU)Customer Support
API Reference

Retrieve attack vectors for a vulnerability

get
https://sentinel.whitehatsec.com/api/vuln//attack_vector

This operation returns an object containing information about the specified vulnerability's attack vectors. Attack vector (AV) data can be shaped by the display parameters for this operation.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Path Params
int32
required

Vulnerability ID.

Query Params
string

Display attack vector (AV) data.
Values allowed: 0, 1, open, closed, accepted, invalid, all.
Specifying 0 displays minimal data on open, closed, and accepted AVs.
Specifying 1 displays details on open, closed, and accepted AVs.
Specifying 'all' displays details on AVs of all statuses.
Specifying 'open' displays details on open AVs.

With the exception of 0, 1, and 'all', comma-separated combinations of these options are also allowed.
EXAMPLE: 'open,accepted'

int32
Defaults to 5

Specify the maximum number of attack vectors to display for this vulnerability.

string
enum
Defaults to 0

Display whether or not notes exist for each attack vector.

Allowed:
string
enum
Defaults to 0

Display attack vector notes for each attack vector.

Allowed:
string
enum
Defaults to 0

Display the 'flagged' value for each attack vector.

Allowed:
string
enum
Defaults to 0

Display scanner tags for each attack vector.

Allowed:
string
enum
Defaults to 0

Displays attack vectors that have the given ''unreachable'' status. If a vector has this flag set to TRUE (1), a retest on the vector returned a response that was significantly different from the original response, indicating a very different page is now associated with the attack vector path.

Allowed:
string
enum
Defaults to 1

Display attack vector (AV) request information. Displayed by default, but can be omitted from output by setting this flag to 0.

Allowed:
string
enum
Defaults to 1

Display attack vector (AV) response information. Displayed by default, but can be omitted from output by setting this flag to 0.

Allowed:
string
enum
Defaults to 0

Display attack vector response body. Response body data returned may be quite large. Note that if display_response=0, this param is meaningless.

Allowed:
string
enum
Defaults to 0

Display attack vector response body match. The body match is a portion of the body. Body match data returned may be quite large, and will include a HTML-tagged highlight of the vulnerability. Note that if display_response=0, this param is meaningless.

Allowed:
string
enum
Defaults to 0

Display an abbreviated body match as part of the attack vector response content. PREREQUISITE: display_body=1

Allowed:
string
enum
Defaults to 0

Display attack vector request and response headers. Note that this param is meaningless if display_request=0 and display_response=0, since headers are a part of these.

Allowed:
string
enum
Defaults to 1

Display attack vector request parameter name and value. Displayed by default, but can be omitted from output by setting this flag to 0. Note that if display_request=0, this param is meaningless.

Allowed:
string
enum
Defaults to xml

Requested resource format for the response.

Allowed:
Headers
string
enum
Defaults to application/json

Generated from available response content types

Allowed:
Responses

400

BadRequestResponse indicates a request with invalid parameters.

401

UnauthorizedResponse signals an unauthorized API access.

403

ForbiddenResponse signals a request for a resource that does not exist or is not authorized.

500

GenericError generic error.

Updated over 5 years ago

Language
LoadingLoading…
Response
Choose an example:
application/json
application/xml

Updated over 5 years ago