You can call this operation to query scan results, including the number of detected vulnerabilities and their severity levels.

You can specify query conditions to filter scan results.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeAllVulnerabilities

The operation that you want to perform. Set the value to DescribeAllVulnerabilities.

BeginTime Long No 11258600000

The start time of the scan task that you want to query.

Category String No core

The type of vulnerabilities that you want to query.

CurrentPage Integer No 1

The number of the page to return.

EndTime Long No 11258400000

The end time of the scan task that you want to query.

Lang String No zh

The language in which the responses are returned.

  • zh: Chinese
  • en: English
Module String No relation_domain

The module of vulnerabilities that you want to query.

Name String No test

The name of the vulnerability that you want to query.

PageSize Integer No 20

The number of entries to return on each page.

ScanId String No 2018042307022680333

The ID of the scan task that you want to query.

Search String No ***. ***.net

The name of the asset that you want to query.

Severity Integer No 0

The severity level of vulnerabilities that you want to query.

  • 3: Important. Vulnerabilities that can be directly and easily exploited. Attacks that can cause severe impact on your websites or servers, or cause major financial and data loss.
  • 2: Moderate. Vulnerabilities that can affect your websites or servers, but are difficult to be directly exploited. Attacks that cannot be directly launched against your websites or servers, but can cause vulnerabilities for further attacks.
  • 1: Low. Attacks that cannot be directly launched against your websites or servers, but can provide information for attackers to find other vulnerabilities.
  • 0: Info. Vulnerabilities that do not directly cause website security issues, but may provide information for other attacks, or can be used in other attack methods.
SourceIp String No 1.2.3.4

The source IP address of the request.

Status String No 0

The status of vulnerabilities that you want to query.

  • 0: unhandled
  • 1: handled
  • 2: whitelisted
  • 3: ignored
TaskId Long No 1111111

The ID of the task that you want to query.

VulType Long No 1

The type of vulnerabilities that you want to query. Valid values:

  • 1: invalid identity authentication
  • 2: invalid access control
  • 3: command injection
  • 4: cross-site request forgery
  • 5: reflected cross-site scripting (XSS)
  • 6: stored XSS
  • 7: DOM-based XSS
  • 8: encryption problems
  • 9: denial of service (DoS)
  • 10: violation of security design principles
  • 11: CRLF injection (HTTP response splitting)
  • 12: sensitive information leakage
  • 13: buffer overflow
  • 14: unauthorized
  • 15: code execution
  • 16: SQL injection
  • 17: server-side request forgery
  • 18: clickjacking
  • 19: unverified redirection
  • 20: XML external entity (XXE)
  • 21: plaintext storage of passwords
  • 22: phishing
  • 23: malware or Trojan
  • 24: backdoor
  • 25: service logic error
  • 26: plaintext storage of sensitive information
  • 27: plaintext transmission of sensitive information
  • 28: man-in-the-middle attack
  • 29: path traversal
  • 30: file inclusion
  • 31: session fixation
  • 32: race condition vulnerability
  • 33: type confusion
  • 34: command execution
  • 35: security configuration error
  • 36: insecure deserialization
  • 37: using components with known vulnerabilities
  • 38: LDAP injection
  • 39: insufficient log records and monitoring
  • 40: weak password
  • 41: file upload vulnerability

Response parameters

Parameter Type Example Description
Count Integer 10

The number of returned vulnerabilities.

CurrentPage Integer 1

The page number of the returned page.

List

The returned list of vulnerabilities.

Hostname String ***. ***.net

The name of the asset where the vulnerability was detected.

Id Long 1833085

The ID of the vulnerability.

LastDiscoveredAt Long 1531191806000

The time when the vulnerability was last detected.

Name String Microsoft IIS version leakage

The name of the vulnerability.

Severity Integer  0

The severity level of the vulnerability.

Status Integer  0

The status of the vulnerability.

Target String http://***.testfire.net/

The asset that was affected by the vulnerability.

VulnerabilityTypeDes String Invalid identity authentication

The type of the vulnerability. For example, invalid identity authentication, invalid access control, SQL injection, or command injection.

PageCount Integer 2

The number of returned pages.

PageSize Integer 20

The number of entries returned per page.

RequestId String DFF34FB0-12D9-4B8B-9DD4-1BD89A33950F

The ID of the request.

TotalCount Integer 22

The number of returned vulnerabilities.

Examples

Sample requets


/? Action=DescribeAllVulnerabilities
&BeginTime=11111111
&Category=core
&CurrentPage=1
&EndTime=11111111
&Lang=en
&Module=relation_domain
&Name=test
&PageSize=20
&ScanId=2018042307022680333
&Search=***.testfire.net
&Severity=0
&SourceIp=1.2.3.4
&Status=0
&TaskId=1111111
&<Common request parameters>

Sample success responses

XML format

<DescribeAllVulnerabilities>
	  <requestId>DFF34FB0-12D9-4B8B-9DD4-1BD89A33950F</requestId>
	  <data>
		    <PageCount>3</PageCount>
		    <Count>10</Count>
		    <TotalCount>22</TotalCount>
		    <PageSize>10</PageSize>
		    <CurrentPage>1</CurrentPage>
		    <List>
			      <Name>Microsoft IIS version leakage</Name>
			      <Status>3</Status>
			      <Severity>0</Severity>
			      <Target>http://***.testfire.net/</Target>
			      <Id>1833085</Id>
			      <LastDiscoveredAt>1531191806000</LastDiscoveredAt>
			      <Hostname>***.testfire.net</Hostname>
			      <TaskId>11220</TaskId>
			      <VulnerabilityTypeDes>invalid identity authentication</VulnerabilityTypeDes>
		    </List>
		    <List>
			      <Name>Microsoft IIS version leakage</Name>
			      <Status>0</Status>
			      <Severity>0</Severity>
			      <Target>https://***.testfire.net/</Target>
			      <Id>1833086</Id>
			      <LastDiscoveredAt>1531191806000</LastDiscoveredAt>
			      <Hostname>***.testfire.net</Hostname>
			      <TaskId>11221</TaskId>
			      <VulnerabilityTypeDes>invalid access control</VulnerabilityTypeDes>
		    </List>
		    <List>
			      <Name>OPTIONS method allowed by the server</Name>
			      <Status>0</Status>
			      <Severity>1</Severity>
			      <Target>http://***.testfire.net:80</Target>
			      <Id>1833088</Id>
			      <LastDiscoveredAt>1531191612000</LastDiscoveredAt>
			      <Hostname>***.testfire.net</Hostname>
			      <TaskId>11222</TaskId>
			      <VulnerabilityTypeDes>invalid identity authentication</VulnerabilityTypeDes>
		    </List>
		    <List>
			      <Name>ASP.NET DEBUG mode enabled</Name>
			      <Status>0</Status>
			      <Severity>1</Severity>
			      <Target>http://***.testfire.net</Target>
			      <Id>1833090</Id>
			      <LastDiscoveredAt>1531191612000</LastDiscoveredAt>
			      <Hostname>***.testfire.net</Hostname>
			      <TaskId>11223</TaskId>
			      <VulnerabilityTypeDes>SQL injection</VulnerabilityTypeDes>
		    </List>
		    <List>
			      <Name>ASP.NET DEBUG mode enabled</Name>
			      <Status>0</Status>
			      <Severity>1</Severity>
			      <Target>https://***.testfire.net</Target>
			      <Id>1833091</Id>
			      <LastDiscoveredAt>1531191612000</LastDiscoveredAt>
			      <Hostname>***.testfire.net</Hostname>
			      <TaskId>11224</TaskId>
			      <VulnerabilityTypeDes>command injection</VulnerabilityTypeDes>
		    </List>
		    <List>
			      <Name>OPTIONS method allowed by the server</Name>
			      <Status>0</Status>
			      <Severity>1</Severity>
			      <Target>https://***.testfire.net:443</Target>
			      <Id>1833094</Id>
			      <LastDiscoveredAt>1531191612000</LastDiscoveredAt>
			      <Hostname>***.testfire.net</Hostname>
			      <TaskId>11225</TaskId>
			      <VulnerabilityTypeDes>invalid identity authentication</VulnerabilityTypeDes>
		    </List>
		    <List>
			      <Name>web sensitive directory detection</Name>
			      <Status>3</Status>
			      <Severity>1</Severity>
			      <Target>http://***.testfire.net:8080/docs/</Target>
			      <Id>1833096</Id>
			      <LastDiscoveredAt>1531191612000</LastDiscoveredAt>
			      <Hostname>***.testfire.net</Hostname>
			      <TaskId>11226</TaskId>
			      <VulnerabilityTypeDes>invalid access control</VulnerabilityTypeDes>
		    </List>
		    <List>
			      <Name>OPTIONS method allowed by the server</Name>
			      <Status>0</Status>
			      <Severity>1</Severity>
			      <Target>http://***.testfire.net:80</Target>
			      <Id>1833073</Id>
			      <LastDiscoveredAt>1531190450000</LastDiscoveredAt>
			      <Hostname>***.testfire.net</Hostname>
			      <TaskId>11227</TaskId>
			      <VulnerabilityTypeDes>SQL injection</VulnerabilityTypeDes>
		    </List>
		    <List>
			      <Name>ASP.NET DEBUG mode enabled</Name>
			      <Status>0</Status>
			      <Severity>1</Severity>
			      <Target>http://***.testfire.net</Target>
			      <Id>1833074</Id>
			      <LastDiscoveredAt>1531190450000</LastDiscoveredAt>
			      <Hostname>***.testfire.net</Hostname>
			      <TaskId>11228</TaskId>
			      <VulnerabilityTypeDes>invalid access control</VulnerabilityTypeDes>
		    </List>
		    <List>
			      <Name>OPTIONS method allowed by the server</Name>
			      <Status>0</Status>
			      <Severity>1</Severity>
			      <Target>https://***.testfire.net:443</Target>
			      <Id>1833078</Id>
			      <LastDiscoveredAt>1531190450000</LastDiscoveredAt>
			      <Hostname>***.testfire.net</Hostname>
			      <TaskId>11229</TaskId>
			      <VulnerabilityTypeDes>code execution</VulnerabilityTypeDes>
		    </List>
	  </data>
	  <code>200</code>
	  <success>true</success>
</DescribeAllVulnerabilities>

JSON format

{
	"requestId":"DFF34FB0-12D9-4B8B-9DD4-1BD89A33950F",
	"data":{
		"PageCount":3,
		"Count":10,
		"TotalCount":22,
		"PageSize":10,
		"List":[
			{
				"Name":"Microsoft IIS version leakage",
				"Status":3,
				"Target":"http://***.testfire.net/",
				"Severity":0,
				"VulnerabilityTypeDes":"invalid identity authentication",
				"LastDiscoveredAt":1531191806000,
				"Id":1833085,
				"TaskId":11220,
				"Hostname":"***.testfire.net"
			},
			{
				"Name":"Microsoft IIS version leakage",
				"Status":0,
				"Target":"https://***.testfire.net/",
				"Severity":0,
				"VulnerabilityTypeDes":"Invalid access control",
				"LastDiscoveredAt":1531191806000,
				"Id":1833086,
				"TaskId":11221,
				"Hostname":"***.testfire.net"
			},
			{
				"Name":"OPTIONS method allowed by the server",
				"Status":0,
				"Target":"http://***.testfire.net:80",
				"Severity":1,
				"VulnerabilityTypeDes":"invalid identity authentication",
				"LastDiscoveredAt":1531191612000,
				"Id":1833088,
				"TaskId":11222,
				"Hostname":"***.testfire.net"
			},
			{
				"Name":"ASP.NET DEBUG mode enabled",
				"Status":0,
				"Target":"http://***.testfire.net",
				"Severity":1,
				"VulnerabilityTypeDes":"SQL injection",
				"LastDiscoveredAt":1531191612000,
				"Id":1833090,
				"TaskId":11223,
				"Hostname":"***.testfire.net"
			},
			{
				"Name":"ASP.NET DEBUG mode enabled",
				"Status":0,
				"Target":"https://***.testfire.net",
				"Severity":1,
				"VulnerabilityTypeDes":"command injection",
				"LastDiscoveredAt":1531191612000,
				"Id":1833091,
				"TaskId":11224,
				"Hostname":"***.testfire.net"
			},
			{
				"Name":"OPTIONS method allowed by the server",
				"Status":0,
				"Target":"https://***.testfire.net:443",
				"Severity":1,
				"VulnerabilityTypeDes":"invalid identity authentication",
				"LastDiscoveredAt":1531191612000,
				"Id":1833094,
				"TaskId":11225,
				"Hostname":"***.testfire.net"
			},
			{
				"Name":"web sensitive directory detection",
				"Status":3,
				"Target":"http://***.testfire.net:8080/docs/",
				"Severity":1,
				"VulnerabilityTypeDes":"Invalid access control",
				"LastDiscoveredAt":1531191612000,
				"Id":1833096,
				"TaskId":11226,
				"Hostname":"***.testfire.net"
			},
			{
				"Name":"OPTIONS method allowed by the server",
				"Status":0,
				"Target":"http://***.testfire.net:80",
				"Severity":1,
				"VulnerabilityTypeDes":"SQL injection",
				"LastDiscoveredAt":1531190450000,
				"Id":1833073,
				"TaskId":11227,
				"Hostname":"***.testfire.net"
			},
			{
				"Name":"ASP.NET DEBUG mode enabled",
				"Status":0,
				"Target":"http://***.testfire.net",
				"Severity":1,
				"VulnerabilityTypeDes":"Invalid access control",
				"LastDiscoveredAt":1531190450000,
				"Id":1833074,
				"TaskId":11228,
				"Hostname":"***.testfire.net"
			},
			{
				"Name":"OPTIONS method allowed by the server",
				"Status":0,
				"Target":"https://***.testfire.net:443",
				"Severity":1,
				"VulnerabilityTypeDes":"code execution",
				"LastDiscoveredAt":1531190450000,
				"Id":1833078,
				"TaskId":11229,
				"Hostname":"***.testfire.net"
			}
		],
		"CurrentPage":1
	},
	"code":200,
	"success":true
}

Error codes

For a list of error codes, visit the API Error Center.