Objects

AlertModel

Property	Type	Required	Description	Reference
severity	SEVERITY	True	Severity of the alert	SEVERITY
name	string	True	Name of the alert
context	string	True	Context of the alert
category	CATEGORY	False	Category of the alert	CATEGORY
description	string	False	Description of the alert
remediation	string	False	Remediation of the alert
compliance	Compliance	False	Compliance standards violated by this alert	Compliance

Compliance

Property	Type	Required	Description	Reference
owasp	string	False
pci-dss	string	False
gdpr	string	False
soc2	string	False
psd2	string	False
iso27001	string	False
nist	string	False
fedramp	string	False
nis2	string	False
hipaa	string	False
owasp_llm	string	False
cwe	string	False

CrudDetector

Property	Type	Required	Description	Reference
is	CRUD	False	Condition is the request is this CRUD operation	CRUD
is_not	CRUD	False	Condition is the request is not this CRUD operation	CRUD
in	CRUD	False	Condition is the request is in this list of CRUD operations (exact match)	CRUD
if	Const[helpers.request.crud]	False	Use this to select against the detected CRUD operation of the request.

HTTPRAWSeeder

Property	Type	Required	Description	Reference
protocol	Const[http]	False	The HTTP seeder allows you to send a request at the start of the scan.
raw	string	True	The raw HTTP request in nuclei format.
user	string	False	The user to use for the request. If not provided, the request is sent without authentication.

LogicalAndDetector

Property	Type	Required	Description	Reference
and	`LogicalNotDetector	SchemaNeedAuthenticationDetector	ResponseObjectDetector	CrudDetector	RequestHeadersDetector	SchemaPathRefDetector	ResponseBodyJSONDetector	ResponseStatusCodeDetector	LogicalOrDetector	RequestBodyJSONDetector	RequestBodyTextDetector	RequestObjectDetector	ScanTypeDetector	ResponseHeadersDetector	ResponseBodyTextDetector	RequestIsAuthenticatedDetector	SchemaUrlDetector	ResponseDurationDetector	ResponseIsSuccessfulDetector	MethodDetector	LogicalAndDetector	RequestUserDetector`	False	Logical and on a list of detectors	[LogicalNotDetector	SchemaNeedAuthenticationDetector	ResponseObjectDetector	CrudDetector	RequestHeadersDetector	SchemaPathRefDetector	ResponseBodyJSONDetector	ResponseStatusCodeDetector	LogicalOrDetector	RequestBodyJSONDetector	RequestBodyTextDetector	RequestObjectDetector	ScanTypeDetector	ResponseHeadersDetector	ResponseBodyTextDetector	RequestIsAuthenticatedDetector	SchemaUrlDetector	ResponseDurationDetector	ResponseIsSuccessfulDetector	MethodDetector	LogicalAndDetector	RequestUserDetector](#LogicalNotDetector	SchemaNeedAuthenticationDetector	ResponseObjectDetector	CrudDetector	RequestHeadersDetector	SchemaPathRefDetector	ResponseBodyJSONDetector	ResponseStatusCodeDetector	LogicalOrDetector	RequestBodyJSONDetector	RequestBodyTextDetector	RequestObjectDetector	ScanTypeDetector	ResponseHeadersDetector	ResponseBodyTextDetector	RequestIsAuthenticatedDetector	SchemaUrlDetector	ResponseDurationDetector	ResponseIsSuccessfulDetector	MethodDetector	LogicalAndDetector	RequestUserDetector)
if	Const[and]	False	Use this to apply a logical and on a list of detectors.

LogicalNotDetector

Property	Type	Required	Description	Reference
not	`LogicalNotDetector	SchemaNeedAuthenticationDetector	ResponseObjectDetector	CrudDetector	RequestHeadersDetector	SchemaPathRefDetector	ResponseBodyJSONDetector	ResponseStatusCodeDetector	LogicalOrDetector	RequestBodyJSONDetector	RequestBodyTextDetector	RequestObjectDetector	ScanTypeDetector	ResponseHeadersDetector	ResponseBodyTextDetector	RequestIsAuthenticatedDetector	SchemaUrlDetector	ResponseDurationDetector	ResponseIsSuccessfulDetector	MethodDetector	LogicalAndDetector	RequestUserDetector`	False	Logical not of a detector	[LogicalNotDetector	SchemaNeedAuthenticationDetector	ResponseObjectDetector	CrudDetector	RequestHeadersDetector	SchemaPathRefDetector	ResponseBodyJSONDetector	ResponseStatusCodeDetector	LogicalOrDetector	RequestBodyJSONDetector	RequestBodyTextDetector	RequestObjectDetector	ScanTypeDetector	ResponseHeadersDetector	ResponseBodyTextDetector	RequestIsAuthenticatedDetector	SchemaUrlDetector	ResponseDurationDetector	ResponseIsSuccessfulDetector	MethodDetector	LogicalAndDetector	RequestUserDetector](#LogicalNotDetector	SchemaNeedAuthenticationDetector	ResponseObjectDetector	CrudDetector	RequestHeadersDetector	SchemaPathRefDetector	ResponseBodyJSONDetector	ResponseStatusCodeDetector	LogicalOrDetector	RequestBodyJSONDetector	RequestBodyTextDetector	RequestObjectDetector	ScanTypeDetector	ResponseHeadersDetector	ResponseBodyTextDetector	RequestIsAuthenticatedDetector	SchemaUrlDetector	ResponseDurationDetector	ResponseIsSuccessfulDetector	MethodDetector	LogicalAndDetector	RequestUserDetector)
if	Const[not]	False	Use this to apply a logical not on a detector.

LogicalOrDetector

Property	Type	Required	Description	Reference
or	`LogicalNotDetector	SchemaNeedAuthenticationDetector	ResponseObjectDetector	CrudDetector	RequestHeadersDetector	SchemaPathRefDetector	ResponseBodyJSONDetector	ResponseStatusCodeDetector	LogicalOrDetector	RequestBodyJSONDetector	RequestBodyTextDetector	RequestObjectDetector	ScanTypeDetector	ResponseHeadersDetector	ResponseBodyTextDetector	RequestIsAuthenticatedDetector	SchemaUrlDetector	ResponseDurationDetector	ResponseIsSuccessfulDetector	MethodDetector	LogicalAndDetector	RequestUserDetector`	False	Logical or on a list of detectors	[LogicalNotDetector	SchemaNeedAuthenticationDetector	ResponseObjectDetector	CrudDetector	RequestHeadersDetector	SchemaPathRefDetector	ResponseBodyJSONDetector	ResponseStatusCodeDetector	LogicalOrDetector	RequestBodyJSONDetector	RequestBodyTextDetector	RequestObjectDetector	ScanTypeDetector	ResponseHeadersDetector	ResponseBodyTextDetector	RequestIsAuthenticatedDetector	SchemaUrlDetector	ResponseDurationDetector	ResponseIsSuccessfulDetector	MethodDetector	LogicalAndDetector	RequestUserDetector](#LogicalNotDetector	SchemaNeedAuthenticationDetector	ResponseObjectDetector	CrudDetector	RequestHeadersDetector	SchemaPathRefDetector	ResponseBodyJSONDetector	ResponseStatusCodeDetector	LogicalOrDetector	RequestBodyJSONDetector	RequestBodyTextDetector	RequestObjectDetector	ScanTypeDetector	ResponseHeadersDetector	ResponseBodyTextDetector	RequestIsAuthenticatedDetector	SchemaUrlDetector	ResponseDurationDetector	ResponseIsSuccessfulDetector	MethodDetector	LogicalAndDetector	RequestUserDetector)
if	Const[or]	False	Use this to apply a logical or on a list of detectors.

MethodDetector

Property	Type	Required	Description	Reference
is	HTTP_METHOD	False	Condition is the request is this CRUD operation	HTTP_METHOD
is_not	HTTP_METHOD	False	Condition is the request is not this CRUD operation	HTTP_METHOD
in	HTTP_METHOD	False	Condition is the request is in this list of CRUD operations (exact match)	HTTP_METHOD
if	Const[request.method]	False	Use this to select against the request HTTP method.

MethodMutator

Property	Type	Required	Description	Reference
key	Const[request.method]	False	You can use this mutator to change the HTTP method of the
value	HTTP_METHOD	False	The value to set.	HTTP_METHOD
values	HTTP_METHOD	False	The values to set, generates multiple queries.	HTTP_METHOD

Middleware

Property	Type	Required	Description	Reference
trigger	`CrudDetector	LogicalAndDetector	LogicalNotDetector	LogicalOrDetector	MethodDetector	RequestBodyJSONDetector	RequestBodyTextDetector	RequestHeadersDetector	RequestIsAuthenticatedDetector	RequestObjectDetector	RequestUserDetector	ResponseBodyJSONDetector	ResponseBodyTextDetector	ResponseDurationDetector	ResponseHeadersDetector	ResponseIsSuccessfulDetector	ResponseObjectDetector	ResponseStatusCodeDetector	ScanTypeDetector	SchemaNeedAuthenticationDetector	SchemaPathRefDetector	SchemaUrlDetector`	True	The detectors to trigger the transform, on the request or response. See Detectors
mutate	`MethodMutator	RequestBodyJSONMutator	RequestBodyTextMutator	RequestHeadersMutator	RequestObjectMutator	RequestUserMutator	SchemaPathRefMutator	SchemaUrlMutator`	True	The mutations to apply to the request and replay it. See Mutators

ObjectMatcher

Property	Type	Required	Description	Reference
type	ObjectTypeMatcher	False	Object scalar type to match	ObjectTypeMatcher
name	StringMatcher	False	Object scalar name to match	StringMatcher
value	StringMatcher	False	Object scalar value to match	StringMatcher

ObjectMutate

Property	Type	Required	Description	Reference
value	string	False	The value to set.
values	string	False	The values to set, generates multiple queries.
regex_replace	RegexReplace	False	Regex replace pattern.	RegexReplace

ObjectTypeMatcher

Property	Type	Required	Description	Reference
is	OBJECT_TYPE	False	Object type is exactly this type	OBJECT_TYPE
is_not	OBJECT_TYPE	False	Object type is any this type except this one	OBJECT_TYPE
in	OBJECT_TYPE	False	Object type is in the following list	OBJECT_TYPE

RESTSeeder

Property	Type	Required	Description	Reference
protocol	Const[rest]	False	The REST seeder allows you to send a request that adapts to the host of your current scan.
user	string	False	The user to use for the request. If not provided, the request is sent without authentication.
path	string	False
method	HTTP_METHOD	False		HTTP_METHOD
headers	Dict[string, string]	False
body	string	False
params	Dict[string, string]	False

RegexReplace

Property	Type	Required	Description	Reference
pattern	string	True	The regex pattern to match.
replacement	string	True	The replacement, use \1, \2, ... to refer capture groups.

RequestBodyJSONDetector

Property	Type	Required	Description	Reference
is	Dict[string, None]	False	Condition is this exact JSON
is_not	Dict[string, None]	False	Condition is not this exact JSON
in	Dict[string, None]	False	Condition is in this list of JSON
jq	string	False	JQ query to match and use as boolean
if	Const[request.body.json]	False	Use this to select and compare the request body when detected as JSON, using jq-like syntax.

RequestBodyJSONMutator

Property	Type	Required	Description	Reference
key	Const[request.body.json]	False	You can use this mutator to change the JSON body of the request before resending it.
jq	string	False	JQ query to apply to the JSON body. Seestedolan.github.io

RequestBodyTextDetector

Property	Type	Required	Description	Reference
is	string	False	Condition is this exact string
is_not	string	False	Condition is not this exact string
in	string	False	Condition is in this list (exact match)
contains	string	False	Contains this string
regex	string	False	Condition is matched on this regex with fullmatch
if	Const[request.body.text]	False	Use this to select and compare the request body as text, using string compare.

RequestBodyTextMutator

Property	Type	Required	Description	Reference
value	string	False	The value to set.
values	string	False	The values to set, generates multiple queries.
regex_replace	RegexReplace	False	Regex replace pattern.	RegexReplace
key	Const[request.body.text]	False	You can use this mutator to change the body (as text) of the request before resending it.

RequestHeadersDetector

Property	Type	Required	Description	Reference
key	StringMatcher	False	Key to match	StringMatcher
value	StringMatcher	False	Value to match	StringMatcher
if	Const[request.headers]	False	Use that to select and compare the request headers in a key value dictionary.

RequestHeadersMutator

Property	Type	Required	Description	Reference
value	string	False	The value to set.
values	string	False	The values to set, generates multiple queries.
regex_replace	RegexReplace	False	Regex replace pattern.	RegexReplace
key	Const[request.headers]	False	You can use this mutator to change the headers of the request before resending it.
name	string	True	The header name to match, supports regex.
delete	boolean	False	Delete the matched headers.

RequestIsAuthenticatedDetector

Property	Type	Required	Description	Reference
is	boolean	False	Condition is true
is_not	boolean	False	Condition is false
if	Const[request.is_authenticated]	False	Use this to select whether or not whether the request is authenticated.

RequestObjectDetector

Property	Type	Required	Description	Reference
type	ObjectTypeMatcher	False	Object scalar type to match	ObjectTypeMatcher
name	StringMatcher	False	Object scalar name to match	StringMatcher
value	StringMatcher	False	Object scalar value to match	StringMatcher
if	Const[request.object]	False	Use this to select and compare the detected object scalars (including custom scalars) in the request, with their kind, name and value.

RequestObjectMutator

Property	Type	Required	Description	Reference
key	Const[request.object]	False	The detected object scalars (including custom scalars) in the request, with their kind, name and value.
select	ObjectMatcher	True		ObjectMatcher
mutate	ObjectMutate	True		ObjectMutate

RequestUserDetector

Property	Type	Required	Description	Reference
is	string	False	Condition is this exact string
is_not	string	False	Condition is not this exact string
in	string	False	Condition is in this list (exact match)
contains	string	False	Contains this string
regex	string	False	Condition is matched on this regex with fullmatch
if	Const[request.user]	False	Use this to string compare the configured user for the request.

RequestUserMutator

Property	Type	Required	Description	Reference
value	string	False	The value to set.
values	string	False	The values to set, generates multiple queries.
regex_replace	RegexReplace	False	Regex replace pattern.	RegexReplace
key	Const[request.user]	False	You can use this mutator to change the user of the request before resending it.
drop_user	boolean	False	Remove the user authentication from the request.

ResponseBodyJSONDetector

Property	Type	Required	Description	Reference
is	Dict[string, None]	False	Condition is this exact JSON
is_not	Dict[string, None]	False	Condition is not this exact JSON
in	Dict[string, None]	False	Condition is in this list of JSON
jq	string	False	JQ query to match and use as boolean
if	Const[response.body.json]	False	Use this to select and compare the response body when detected as JSON, using jq-like syntax.

ResponseBodyTextDetector

Property	Type	Required	Description	Reference
is	string	False	Condition is this exact string
is_not	string	False	Condition is not this exact string
in	string	False	Condition is in this list (exact match)
contains	string	False	Contains this string
regex	string	False	Condition is matched on this regex with fullmatch
if	Const[response.body.text]	False	Use this to select and compare the response body as text, using string compare.

ResponseDurationDetector

Property	Type	Required	Description	Reference
is	integer	False	Condition is this exact integer
is_not	integer	False	Condition is not this exact integer
in	integer	False	Condition is in this list of integers (exact match)
gt	integer	False	Condition is greater than this integer
lt	integer	False	Condition is less than this integer
if	Const[response.duration_ms]	False	Use this to compare the duration of the request in milliseconds.

ResponseHeadersDetector

Property	Type	Required	Description	Reference
key	StringMatcher	False	Key to match	StringMatcher
value	StringMatcher	False	Value to match	StringMatcher
if	Const[response.headers]	False	Use that to select and compare the response headers in a key value dictionary.

ResponseIsSuccessfulDetector

Property	Type	Required	Description	Reference
is	boolean	False	Condition is true
is_not	boolean	False	Condition is false
if	Const[helpers.response.is_successful]	False	Use this to check whether the response is successful.

ResponseObjectDetector

Property	Type	Required	Description	Reference
type	ObjectTypeMatcher	False	Object scalar type to match	ObjectTypeMatcher
name	StringMatcher	False	Object scalar name to match	StringMatcher
value	StringMatcher	False	Object scalar value to match	StringMatcher
if	Const[response.object]	False	Use this to select and compare the detected object scalars (including custom scalars) in the response, with their kind, name and value.

ResponseStatusCodeDetector

Property	Type	Required	Description	Reference
is	integer	False	Condition is this exact integer
is_not	integer	False	Condition is not this exact integer
in	integer	False	Condition is in this list of integers (exact match)
gt	integer	False	Condition is greater than this integer
lt	integer	False	Condition is less than this integer
if	Const[response.status_code]	False	Use this to compare the HTTP status code as an integer.

ScanTypeDetector

Property	Type	Required	Description	Reference
is	SCAN_TYPE	False	The scan type is exactly this	SCAN_TYPE
is_not	SCAN_TYPE	False	The scan type is not this type	SCAN_TYPE
in	SCAN_TYPE	False	The scan type is in this list	SCAN_TYPE
if	Const[scan.type]	False	Use this to select against the type of the scan.

SchemaNeedAuthenticationDetector

Property	Type	Required	Description	Reference
is	boolean	False	Condition is true
is_not	boolean	False	Condition is false
if	Const[schema.need_authentication]	False	Use this to select whether or not the schema requires authentication.

SchemaPathRefDetector

Property	Type	Required	Description	Reference
is	string	False	Condition is this exact string
is_not	string	False	Condition is not this exact string
in	string	False	Condition is in this list (exact match)
contains	string	False	Contains this string
regex	string	False	Condition is matched on this regex with fullmatch
if	Const[schema.path_ref]	False	Use this to string compare the operation name in GraphQL or the path in REST.

SchemaPathRefMutator

Property	Type	Required	Description	Reference
value	string	False	The value to set.
values	string	False	The values to set, generates multiple queries.
regex_replace	RegexReplace	False	Regex replace pattern.	RegexReplace
key	Const[schema.path_ref]	False	You can use this mutator to change the operation name in GraphQL or the path in REST (keeping the domain) before resending it.

SchemaUrlDetector

Property	Type	Required	Description	Reference
is	string	False	Condition is this exact string
is_not	string	False	Condition is not this exact string
in	string	False	Condition is in this list (exact match)
contains	string	False	Contains this string
regex	string	False	Condition is matched on this regex with fullmatch
if	Const[schema.url]	False	Use this to string compare the URL of the request.

SchemaUrlMutator

Property	Type	Required	Description	Reference
value	string	False	The value to set.
values	string	False	The values to set, generates multiple queries.
regex_replace	RegexReplace	False	Regex replace pattern.	RegexReplace
key	Const[schema.url]	False	You can use this mutator to change the URL of the request before resending it.

StringMatcher

Property	Type	Required	Description	Reference
is	string	False	Condition is this exact string
is_not	string	False	Condition is not this exact string
in	string	False	Condition is in this list (exact match)
contains	string	False	Contains this string
regex	string	False	Condition is matched on this regex with fullmatch

Enums

CATEGORY

• ACCESS_CONTROL

• CONFIGURATION

• INFORMATION_DISCLOSURE

• INJECTION

• PROTOCOL

• REQUEST_FORGERY

• RESOURCE_LIMITATION

• SCHEMA

• CUSTOM

CRUD

• CREATE

• READ

• UPDATE

• DELETE

HTTP_METHOD

• GET

• POST

• PUT

• DELETE

• HEAD

• PATCH

• OPTIONS

• TRACE

• CONNECT

OBJECT_TYPE

• abbysale

• abstract

• abuseipdb

• accuweather

• adafruit_api_key

• adobe_client_id

• adobe_client_secret

• adzuna_private

• adzuna_public

• aeroworkflow_client

• aeroworkflow_private

• age_secret_key

• agora

• airbrakeproject_private_key

• airbrakeproject_pub_key

• airbrakeuserkey

• airship_private

• airtable_api_key

• airvisual

• alconost

• alegra

• aletheiaapi

• algolia_api_key

• algoliaadminkey

• alibaba_access_key_id

• alibaba_secret_key

• alienvault

• allsports

• amadeus

• ambee

• amount

• amplitudeapikey

• anypoint

• apacta

• api2cart

• apideck_secret

• apideck_user

• apiflash

• apifonica

• apify

• apimatic

• apiscience

• apollo

• appcues

• appfollow

• application

• appsynergy

• apptivo

• area_code

• artifactory_secret

• artsy

• asana_client_id

• asana_client_secret

• asanaoauth

• asanapersonalaccesstoken

• assemblyai

• atlassian_api_token

• audd

• auth0managementapitoken

• authentication

• author

• authorization_code

• authress_service_client_access_key

• autodesk

• autoklose

• autopilot

• avazapersonalaccesstoken

• aviationstack

• aws_access_token

• aws_mws_id

• aws_secret_key

• axonaut

• aylien

• ayrshare

• bank

• bank_account

• bank_card

• bannerbear

• baremetrics

• base64

• baseapiio

• bcrypt

• beamer_api_token

• bearer

• bearer_uuid

• beebole

• besttime

• billomat

• bitbar

• bitbucket_client_id

• bitbucket_client_secret

• bitcoin

• bitcoinaverage

• bitfinex

• bitlyaccesstoken

• bitmex

• bittrex_access_key

• bittrex_secret_key

• blazemeter

• blitapp

• blogger

• body_type

• bombbomb

• boolean

• boolean_wannabe

• boostnote

• borgbase

• brandfetch

• browshot

• buddyns

• bugherd

• bugsnag

• building

• buildkite

• bulbul

• business_type

• buttercms

• caflou

• calendarific

• calendlyapikey

• calorieninja

• campayn

• cannyio

• capsulecrm

• captaindata

• carboninterface

• card_type

• carrier

• cashboard

• caspio

• category

• censys

• centralstationcrm

• cexio

• chatfule

• checio

• checklyhq

• checkvist

• cicero

• circleci

• city

• clearbit

• clickhelp

• cliengo

• clinchpad

• clockify

• clockworksms

• clojars_api_token

• closecrm

• cloudelements

• cloudflareapitoken

• cloudflarecakey

• cloudflareglobalapikey

• cloudimage

• cloudmersive

• cloudplan

• cloverly

• cloze

• clustdoc

• codacy

• codecov_access_token

• coinapi

• coinbase_access_token

• coinlayer

• coinlib

• column

• command

• commercejs

• commit_hash

• commodities

• companyhub

• confirmation_code

• confluent_access_token

• confluent_secret_key

• content_type

• contentful_delivery_api_token

• contentfulpersonalaccesstoken

• convertkit

• convier

• country

• country_code

• countrylayer

• county

• coupon_code

• courier

• coveralls

• credit_card_number

• crowdin

• cryptocompare

• cuid

• currency_code

• currencycloud

• currencyfreaks

• currencylayer

• currencyscoop

• currentsapi

• customerguru

• customerio

• cvv

• d7network

• dailyco

• dandelion

• dash

• databricks_api_token

• datadog_access_token

• datadogtoken

• datafire

• datagov

• date

• datetime

• debounce

• deepai

• deepgram

• defined_networking_api_token

• delighted

• delivery_method

• department_name

• detectlanguage

• device_name

• device_type

• dfuse

• did

• diffbot

• digitalocean_access_token

• digitalocean_pat

• digitalocean_refresh_token

• digitaloceantoken

• directory

• discount

• ditto

• dnscheck

• document_type

• documo

• domain

• doppler_api_token

• dotmailer

• dovico

• driving_license

• dronahq

• droneci_access_token

• dropbox_api_token

• dropbox_long_lived_api_token

• dropbox_short_lived_api_token

• duffel_api_token

• duration

• dwolla

• dynalist

• dynatrace_api_token

• dyspatch

• e_commerce_indicator

• eagleeyenetworks

• easyinsight

• easypost_api_token

• easypost_test_api_token

• edamam

• edenai

• eightxeight

• elasticemail

• email

• enablex

• enigma

• environment

• ethereum

• ethplorer

• etsy_access_token

• etsyapikey

• event_type

• everhour

• exchangerateapi

• exchangeratesapi

• facebook

• facebookoauth

• faceplusplus

• fakejson

• fastforex

• fastly_api_token

• fastlypersonaltoken

• fee

• feedier

• fetchrss

• figmapersonalaccesstoken

• file

• fileio

• finage

• financialmodelingprep

• findl

• finicity_api_token

• finicity_client_secret

• finnhub_access_token

• fixerio

• flatio

• fleetbase

• flickr_access_token

• flightapi

• flightstats

• float

• flowflu

• flutterwave_encryption_key

• flutterwave_public_key

• flutterwave_secret_key

• fmfw

• form

• formbucket

• formio

• foursquare

• frameio_api_token

• french_phone

• freshbooks_access_token

• freshdesk

• front

• fulcrum

• fullstory

• func

• fusebill

• fxmarket

• gcp_api_key

• geckoboard

• gender

• generic_api_key

• gengo

• geoapify

• geocode

• geocodify

• geocodio

• geoipifi

• getemail

• getemails

• getgeoapi

• getgist

• getsandbox

• github_app_token

• github_fine_grained_pat

• github_oauth

• github_pat

• github_refresh_token

• githubapp

• gitlab_pat

• gitlab_ptt

• gitlab_rrt

• gitlabv2

• gitter_access_token

• glassnode

• gocanvas

• gocardless_api_token

• goodday

• google_api_public_key

• grafana_api_key

• grafana_cloud_api_token

• grafana_service_account_token

• graphcms

• graphhopper

• groovehq

• guardianapi

• guru

• gyazo

• happi

• happyscribe

• harvest

• hash

• hashicorp_tf_api_token

• hashicorp_tf_password

• hellosign

• helpcrunch

• helpscout

• hereapi

• heroku_api_key

• hex_color_code

• hexadecimal

• hive

• hiveage

• holidayapi

• host

• house_number

• hsl

• hsla

• html2pdf

• html_body

• http_method

• hubspot_api_key

• hubspotapikey

• huggingface_access_token

• huggingface_organization_api_token

• humanity

• hunter

• hypertrack

• ibmclouduserkey

• iconfinder

• id

• identity_number

• iexcloud

• imagekit

• imagga

• impala

• infracost_api_token

• injection

• insightly

• instagram_oauth

• integer

• integer32

• integer64

• integromat

• intercom_api_key

• intrinio

• invoiceocean

• ipapi

• ipc_patent

• ipgeolocation

• ipify

• ipinfodb

• ipquality

• ipstack_token

• ipv4

• ipv6

• isbn

• item

• jdbc

• jfrog_api_key

• jfrog_identity_token

• jiratoken

• join

• jotform

• json

• jumpcloud

• juro

• jwt

• jwt_base64

• kanban

• karmacrm

• keenio

• key_kms

• kickbox

• klipfolio

• kontent

• kraken_access_token

• kucoin_access_token

• kucoin_secret_key

• kylas

• language_iso_639_1

• language_iso_639_2

• languagelayer

• lastfm

• latitude

• launchdarkly_access_token

• leadfeeder

• legal_name

• lendflow

• lessannoyingcrm

• lexigram

• limit

• linear_api_key

• linear_client_secret

• linearapi

• linemessaging

• linenotify

• linkedin_client_id

• linkedin_client_secret

• liveagent

• livestorm

• llm_input

• lob_api_key

• lob_pub_api_key

• locale

• location

• locationiq

• loginradius

• lokalisetoken

• long

• longitude

• loyverse

• luno

• m3o

• mac

• macaddress

• madkudu

• magnetic

• mailboxlayer

• mailchimp_api_key

• mailerlite

• mailgun_private_api_token

• mailgun_pub_key

• mailgun_signing_key

• mailjetbasicauth

• mailjetsms

• mailmodo

• mailsac

• mandrill

• manifest

• mapbox_api_token

• mapquest

• marketstack

• mask

• mattermost_access_token

• mattermostpersonaltoken

• mavenlink

• maxmindlicense

• md5

• meaningcloud

• mediastack

• meistertask

• merchant

• mesibo

• messagebird_api_token

• messagebird_client_id

• metaapi

• metrilo

• microsoft_teams_webhook

• microsoftteamswebhook

• midise

• mime_type

• mindmeister

• mite

• mixmax

• mixpanel

• moderation

• monday

• monero

• mongo_db_object_id

• month

• moonclerck

• moonclerk

• moosend

• mrticktock

• myfreshworks

• myintervals

• nasdaqdatalink

• navigation

• nethunt

• netlify_access_token

• neutrinoapi

• new_relic_browser_api_token

• new_relic_user_api_id

• new_relic_user_api_key

• newrelicpersonalapikey

• newsapi

• newscatcher

• nexmoapikey

• nftport

• nicereply

• nimble

• nitro

• noticeable

• notion

• nozbeteams

• npm_access_token

• numverify

• nutritionix

• nylas

• nytimes_access_token

• oanda

• offset

• okta_access_token

• omnisend

• onedesk

• onelogin

• onepagecrm

• onwaterio

• oopspam

• openai_api_key

• opencagedata

• opengraphr

• openuv

• openweather

• optimizely

• organization

• owlbot

• pagerdutyapikey

• pandadoc

• pandascore

• paralleldots

• partnerstack

• passbase

• passport

• password

• pastebin

• paymoapp

• paymongo

• paypaloauth

• paystack

• pdflayer

• pdfshift

• peopledatalabs

• pepipost

• permission

• phone

• pin_code

• pipedream

• pipedrive

• pivotaltracker

• pixabay

• plaid_api_token

• plaid_client_id

• plaid_secret_key

• plaidkey

• plan

• planetscale_api_token

• planetscale_oauth_token

• planetscale_password

• planviewleankit

• planyo

• plivo

• policy

• poloniex

• polygon

• port

• position

• positionstack

• postageapp

• posthog

• postman_api_token

• postmark

• powrbot

• prefect_api_token

• price

• private_key

• privatekey

• prospectcrm

• prospectio

• protocol

• protocolsio

• proxycrawl

• pubnubpublishkey

• pulumi_api_token

• purestake

• pushbulletapikey

• pusherchannelkey

• pypi_upload_token

• qualaroo

• qubole

• quickmetrics

• rapidapi_access_token

• raven

• rawg

• razorpay

• readme_api_token

• reallysimplesystems

• reason_code

• rebrandly

• reference

• refiner

• region

• repairshopr

• restpack

• restpackhtmltopdfapi

• restpackscreenshotapi

• return_type

• rev

• revampcrm

• rgb

• rgba

• ringcentral

• ritekit

• roaring

• rocketreach

• role

• roninapp

• room

• route4me

• rownd

• rubygems_api_token

• runrunit

• salesblink

• salescookie

• salesflare

• satismeterprojectkey

• satismeterwritekey

• saucelabs

• scalewaykey

• scalingo_api_token

• scrapeowl

• scraperapi

• scraperbox

• scrapersite

• scrapestack

• scrapfly

• scrapingant

• scrapingbee

• screenshotapi

• screenshotlayer

• search

• secret

• securitytrails

• segmentapikey

• selectpdf

• semaphore

• sendbird_access_id

• sendbird_access_token

• sendbirdorganizationapi

• sendgrid_api_token

• sendinblue_api_token

• sendinbluev2

• sentiment

• sentry_access_token

• sentrytoken

• serial_number

• serphouse

• serpstack

• sha1

• sha256

• sheety

• sherpadesk

• shipday

• shipping_method

• shippo_api_token

• shodankey

• shopify_access_token

• shopify_custom_access_token

• shopify_private_app_access_token

• shopify_shared_secret

• shortcut

• shotstack

• shutterstock

• shutterstockoauth

• sidekiq_secret

• sidekiq_sensitive_url

• signalwire

• signaturit

• signupgenius

• sigopt

• simplesat

• simplynoted

• simvoly

• sinchmessage

• sirv

• siteleaf

• skrappio

• skybiometry

• slack_app_token

• slack_bot_token

• slack_config_access_token

• slack_config_refresh_token

• slack_legacy_bot_token

• slack_legacy_token

• slack_legacy_workspace_token

• slack_user_token

• slack_webhook_url

• slackwebhook

• slug

• smartsheets

• smartystreets

• smooch

• snipcart

• snyk_api_token

• snykkey

• social_security_number

• software_component

• sparkpost

• splunkobservabilitytoken

• spoonacular

• sportsmonk

• spotifykey

• square_access_token

• squareapp

• squarespace_access_token

• squareup

• ssh_url

• sslmate

• status

• status_code

• status_message

• stitchdata

• stockdata

• storecove

• stormglass

• storyblok

• storychief

• strava

• streak

• street_address

• string

• stripe_access_token

• stripe_public_access_token

• stytch

• sugester

• sumologic_access_id

• sumologic_access_token

• sumologickey

• supernotesapi

• surveyanyplace

• surveybot

• surveysparrow

• survicate

• swell

• swiftype

• tallyfy

• tatumio

• taxjar

• teamgate

• teamworkcrm

• teamworkdesk

• teamworkspaces

• technicalanalysisapi

• telegram_bot_api_token

• telegrambottoken

• telnyx

• terraformcloudpersonaltoken

• text2data

• textmagic

• theoddsapi

• thinkific

• thousandeyes

• ticketmaster

• tiingo

• time

• timestamp

• timezoneapi

• title

• tmetric

• todoist

• toggltrack

• tomorrowio

• tomtom

• tradier

• travelpayouts

• travisci_access_token

• trelloapikey

• tru

• twelvedata

• twilio_api_key

• twitch_api_token

• twitter_access_secret

• twitter_access_token

• twitter_api_key

• twitter_api_secret

• twitter_bearer_token

• tyntec

• typeform_api_token

• ubidots

• unifyid

• unplugg

• unsanitized_payload

• unsplash

• upcdatabase

• uplead

• uploadcare

• upwave

• uri

• url

• urlscan

• us_bank_account_number

• us_bank_routing_number

• us_zip_code

• user_agent

• username

• userstack

• uuid

• vatlayer

• vault_batch_token

• vault_service_token

• vehicle_type

• vercel

• verifier

• verimail

• version

• versioneye

• view

• viewneo

• virustotal

• visualcrossing

• voicegain

• vouchery

• vpnapi

• vultrapikey

• vyte

• walkscore

• weatherbit

• weatherstack

• webex

• webflow

• webscraper

• webscraping

• website

• wepay

• whoxy

• worksnaps

• workstack

• worldcoinindex

• worldweather

• wrike

• yandex_access_token

• yandex_api_key

• yandex_aws_access_token

• year

• youneedabudget

• yousign

• youtubeapikey

• zapierwebhook

• zendesk_secret_key

• zendeskapi

• zenkitapi

• zenscrape

• zenserp

• zeplin

• zerobounce

• zip_code

• zipapi

• zipbooks

• zipcodeapi

• zonkafeedback

SCAN_TYPE

• GRAPHQL

• REST

SEVERITY

• HIGH

• MEDIUM

• LOW

• INFO