Retrieve attack vectors for a vulnerability

get

https://sentinel.whitehatsec.com/api/vuln/{vuln_id}/attack_vector

This operation returns an object containing information about the specified vulnerability's attack vectors. Attack vector (AV) data can be shaped by the display parameters for this operation.

Path Params

vuln_id

int32

required

Vulnerability ID.

Query Params

display_attack_vectors

string

Display attack vector (AV) data.
Values allowed: 0, 1, open, closed, accepted, invalid, all.
Specifying 0 displays minimal data on open, closed, and accepted AVs.
Specifying 1 displays details on open, closed, and accepted AVs.
Specifying 'all' displays details on AVs of all statuses.
Specifying 'open' displays details on open AVs.

With the exception of 0, 1, and 'all', comma-separated combinations of these options are also allowed.
EXAMPLE: 'open,accepted'

display_attack_vectors_limit

int32

Defaults to 5

Specify the maximum number of attack vectors to display for this vulnerability.

display_has_notes

string

enum

Defaults to 0

Display whether or not notes exist for each attack vector.

Allowed:

display_attack_vector_notes

string

enum

Defaults to 0

Display attack vector notes for each attack vector.

Allowed:

display_attack_vector_flagged

string

enum

Defaults to 0

Display the 'flagged' value for each attack vector.

Allowed:

display_attack_vector_scanner_tags

string

enum

Defaults to 0

Display scanner tags for each attack vector.

Allowed:

display_attack_vector_unreachable

string

enum

Defaults to 0

Displays attack vectors that have the given ''unreachable'' status. If a vector has this flag set to TRUE (1), a retest on the vector returned a response that was significantly different from the original response, indicating a very different page is now associated with the attack vector path.

Allowed:

display_request

string

enum

Defaults to 1

Display attack vector (AV) request information. Displayed by default, but can be omitted from output by setting this flag to 0.

Allowed:

display_response

string

enum

Defaults to 1

Display attack vector (AV) response information. Displayed by default, but can be omitted from output by setting this flag to 0.

Allowed:

display_body

string

enum

Defaults to 0

Display attack vector response body. Response body data returned may be quite large. Note that if display_response=0, this param is meaningless.

Allowed:

display_body_match

string

enum

Defaults to 0

Display attack vector response body match. The body match is a portion of the body. Body match data returned may be quite large, and will include a HTML-tagged highlight of the vulnerability. Note that if display_response=0, this param is meaningless.

Allowed:

display_abbr

string

enum

Defaults to 0

Display an abbreviated body match as part of the attack vector response content. PREREQUISITE: display_body=1

Allowed:

display_headers

string

enum

Defaults to 0

Display attack vector request and response headers. Note that this param is meaningless if display_request=0 and display_response=0, since headers are a part of these.

Allowed:

display_param

string

enum

Defaults to 1

Display attack vector request parameter name and value. Displayed by default, but can be omitted from output by setting this flag to 0. Note that if display_request=0, this param is meaningless.

Allowed:

format

string

enum

Defaults to xml

Requested resource format for the response.

Allowed:

Headers

string

enum

Defaults to application/json

Generated from available response content types

Allowed:

Responses

400

BadRequestResponse indicates a request with invalid parameters.

401

UnauthorizedResponse signals an unauthorized API access.

403

ForbiddenResponse signals a request for a resource that does not exist or is not authorized.

500

GenericError generic error.

Language

Response

Choose an example:

application/json

application/xml

200Provides data for the specified vulnerability's attack vectors.