Invicti Netsparker

this connector integrates invicti netsparker with swimlane turbine, which allows you to make all the actions between the platforms prerequisites this connector needs an user id and an api key to authenticate capabilities this connector provides the following capabilities get scan custom report get scan detail launch new scan from previous scan get scan result scan retest launch new scan list scans get scan report configurations invicti netsparker authentication authenticates using user id and api token configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get scan custom report returns the custom report of a scan in the specified format endpoint url /api/1 0/scans/custom report/ method get input argument name type required description parameters excludeignoreds boolean optional parameters for the get scan custom report action parameters id string required parameters for the get scan custom report action parameters onlyconfirmedvulnerabilities boolean optional parameters for the get scan custom report action parameters onlyunconfirmedvulnerabilities boolean optional parameters for the get scan custom report action parameters reportname string required gets or sets report name report name also keeps report type in it parameters reportformat string optional parameters for the get scan custom report action input example {"parameters" {"excludeignoreds" "if set to true, http response data will be excluded from the report results this parameter can only be used for vulnerabilities xml report default false","id" "12345678 1234 1234 1234 123456789abc","onlyconfirmedvulnerabilities"\ true,"onlyunconfirmedvulnerabilities"\ true,"reportname" "example name","reportformat" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase file object attachments file file string output field file file file file name string name of the resource output example {"file" {"file" "string","file name" "example name"}} get scan details gets the detail of a scan endpoint url /api/1 0/scans/detail/{{id}} method get input argument name type required description path parameters id string required parameters for the get scan details action input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase additionalwebsites object output field additionalwebsites agentid string unique identifier agentname string name of the resource cookies object output field cookies crawlandattack boolean output field crawlandattack deletedon object output field deletedon enableheuristicchecksincustomurlrewrite boolean url endpoint for the request excludedlinks string output field excludedlinks excludelinks boolean output field excludelinks disallowedhttpmethods string http method to use findandfollownewlinks boolean output field findandfollownewlinks importedlinks object output field importedlinks allimportedlinks string output field allimportedlinks desktopscanid object unique identifier initiatedtime string time value initiateddate string date value initiatedat string output field initiatedat maxdynamicsignatures number output field maxdynamicsignatures maxscanduration number output field maxscanduration duration string output field duration policydescription string output field policydescription policyid string unique identifier policyuserid string unique identifier output example {"status code" 200,"response headers" {"date" "thu, 28 mar 2024 06 35 55 gmt","content type" "application/json; charset=utf 8","content length" "3475","connection" "keep alive","cache control" "no cache","pragma" "no cache","expires" " 1","x content type options" "nosniff","x frame options" "deny","referrer policy" "no referrer","x xss protection" "1; mode=block","origin trial" "au1hlo38hdou0c5ahko3bugr8p9kt881bvrccp4vesne1hv+b1xx/mzhfznp/tww4+bpblko9h3fokvw\ ","strict transport security" "max launch new scan from scan launches a new scan with same configuration from the scan specified with scan id endpoint url /api/1 0/scans/newfromscan method post input argument name type required description data body object required response data data body id string required response data input example {"data body" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase additionalwebsites array output field additionalwebsites additionalwebsites canonical boolean output field additionalwebsites canonical additionalwebsites targeturl string url endpoint for the request agentid string unique identifier agentname string name of the resource cookies string output field cookies crawlandattack boolean output field crawlandattack deletedon string output field deletedon enableheuristicchecksincustomurlrewrite boolean url endpoint for the request excludedlinks string output field excludedlinks excludelinks boolean output field excludelinks disallowedhttpmethods string http method to use findandfollownewlinks boolean output field findandfollownewlinks importedlinks string output field importedlinks allimportedlinks string output field allimportedlinks desktopscanid string unique identifier initiatedtime string time value initiateddate string date value initiatedat string output field initiatedat maxdynamicsignatures number output field maxdynamicsignatures maxscanduration number output field maxscanduration duration string output field duration policydescription string output field policydescription output example {"status code" 201,"response headers" {"date" "thu, 28 mar 2024 10 02 30 gmt","content type" "application/json; charset=utf 8","content length" "54","connection" "keep alive","cache control" "no cache","pragma" "no cache","expires" " 1","x content type options" "nosniff","x frame options" "deny","referrer policy" "no referrer","x xss protection" "1; mode=block","origin trial" "au1hlo38hdou0c5ahko3bugr8p9kt881bvrccp4vesne1hv+b1xx/mzhfznp/tww4+bpblko9h3fokvw\ ","strict transport security" "max ag get scan result gets the result of a scan endpoint url /api/1 0/scans/result/{{id}} method get input argument name type required description path parameters id string required parameters for the get scan result action input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "thu, 28 mar 2024 09 51 24 gmt","content type" "application/json; charset=utf 8","content length" "15091","connection" "keep alive","cache control" "no cache","pragma" "no cache","expires" " 1","x content type options" "nosniff","x frame options" "deny","referrer policy" "no referrer","x xss protection" "1; mode=block","origin trial" "au1hlo38hdou0c5ahko3bugr8p9kt881bvrccp4vesne1hv+b1xx/mzhfznp/tww4+bpblko9h3fokvw\ ","strict transport security" "max scan retest launches a retest scan based on the provided base scan identifier endpoint url /api/1 0/scans/retest method post input argument name type required description agentname string optional name of the resource basescanid string optional unique identifier input example {"json body" {"agentname" "string","basescanid" "87be9df1 9f81 46e9 e860 b13b04474ccc"}} output parameter type description status code number http status code of the response reason string response reason phrase additionalwebsites object output field additionalwebsites agentid object unique identifier agentname object name of the resource cookies object output field cookies crawlandattack boolean output field crawlandattack deletedon object output field deletedon enableheuristicchecksincustomurlrewrite boolean url endpoint for the request excludedlinks string output field excludedlinks excludelinks boolean output field excludelinks disallowedhttpmethods string http method to use findandfollownewlinks boolean output field findandfollownewlinks importedlinks object output field importedlinks allimportedlinks string output field allimportedlinks desktopscanid object unique identifier initiatedtime string time value initiateddate string date value initiatedat string output field initiatedat maxdynamicsignatures number output field maxdynamicsignatures maxscanduration number output field maxscanduration duration string output field duration policydescription string output field policydescription policyid string unique identifier policyuserid string unique identifier output example {"status code" 201,"response headers" {"date" "thu, 28 mar 2024 09 53 50 gmt","content type" "application/json; charset=utf 8","content length" "3369","connection" "keep alive","cache control" "no cache","pragma" "no cache","expires" " 1","x content type options" "nosniff","x frame options" "deny","referrer policy" "no referrer","x xss protection" "1; mode=block","origin trial" "au1hlo38hdou0c5ahko3bugr8p9kt881bvrccp4vesne1hv+b1xx/mzhfznp/tww4+bpblko9h3fokvw\ ","strict transport security" "max launch new scan launches a new scan endpoint url /api/1 0/scans/new method post input argument name type required description targeturi string optional parameter for launch new scan istargeturlrequired boolean optional url endpoint for the request createtype string optional type of the resource additionalwebsites array optional parameter for launch new scan additionalwebsites canonical boolean optional parameter for launch new scan additionalwebsites targeturl string optional url endpoint for the request basicauthenticationapimodel object optional parameter for launch new scan basicauthenticationapimodel credentials array optional parameter for launch new scan basicauthenticationapimodel credentials authenticationtype string optional type of the resource basicauthenticationapimodel credentials domain string optional parameter for launch new scan basicauthenticationapimodel credentials password string optional parameter for launch new scan basicauthenticationapimodel credentials uriprefix string optional parameter for launch new scan basicauthenticationapimodel credentials username string optional name of the resource basicauthenticationapimodel credentials isreplacedcredentials boolean optional parameter for launch new scan basicauthenticationapimodel isenabled boolean optional parameter for launch new scan basicauthenticationapimodel nochallenge boolean optional parameter for launch new scan clientcertificateauthenticationsetting object optional parameter for launch new scan clientcertificateauthenticationsetting file object optional parameter for launch new scan clientcertificateauthenticationsetting file content string optional response content clientcertificateauthenticationsetting file filename string optional name of the resource clientcertificateauthenticationsetting file type string optional type of the resource clientcertificateauthenticationsetting isenabled boolean optional parameter for launch new scan clientcertificateauthenticationsetting password string optional parameter for launch new scan cookies string optional parameter for launch new scan crawlandattack boolean optional parameter for launch new scan input example {"json body" {"targeturi" "http //example com/","istargeturlrequired"\ true,"createtype" "website","additionalwebsites" \[{"canonical"\ true,"targeturl" "http //www example com/"},{"canonical"\ false,"targeturl" "http //api example com/"}],"basicauthenticationapimodel" {"credentials" \[{"authenticationtype" "basic","domain" "example com","password" "pass","uriprefix" "http //example com/","username" "user","isreplacedcredentials"\ false}],"isenabled"\ true,"nochallenge"\ false},"clientcertificateauthenticationsetting" {"file" {"content" "u29tzsbmawxlignvbnrlbnq=","filename" "test crt","type" "linkimportfile"},"isenabled"\ true,"password" "pass"},"cookies" "name1=value1; name2=value2","crawlandattack"\ true,"enableheuristicchecksincustomurlrewrite"\ true,"excludedlinks" \[{"regexpattern" "(log|sign)\\\\ ?(out|off)"}],"excludedusagetrackers" \[{"url" "ua xxxxx y"}],"disallowedhttpmethods" \[],"excludelinks"\ true,"excludeauthenticationpages"\ true,"findandfollownewlinks"\ true,"formauthenticationsettingmodel" {"integrations" {},"customscripts" \[],"interactiveloginrequired"\ false,"defaultpersonavalidation"\ true,"detectbearertoken"\ true,"enablediagnosticslogging"\ false,"disablelogoutdetection"\ false,"isenabled"\ true,"isnotverified"\ false,"loginformurl" "http //example com/login php","loginrequiredurl" "http //example com/admin php","logoutkeywordpatterns" \[{"pattern" "signin required","regex"\ true}],"logoutkeywordpatternsvalue" "\[{\\"pattern\\" \\"signin required\\",\\"regex\\"\ true}]","logoutredirectpattern" "http //example com/default php?ref= ","overridetargeturl"\ false,"personas" \[{"isactive"\ true,"password" "pass","username" "user","otptype" "totp","secretkey" "","digit" 6,"period" 30,"algorithm" "sha1","formauthtype" "manual","integrationid" "00000000 0000 0000 0000 000000000000","version" "v2","usestaticusername"\ true,"cyberarkusestaticusername"\ true,"azureusestaticusername"\ true,"isreplacedcredentials"\ false,"index" 0}],"personasvalidation"\ true,"authorizationtokenrules" \[]},"headerauthentication" {"headers" \[{"name" "authorization","value" "bearer 12312312312","isreplacedcredentials"\ false}],"isenabled"\ true},"authenticationprofileoption" "dontuse","importedlinks" \["/foo1","/foo2"],"importedfiles" \[{"content" "base64 encoded content of fiddler file saz(max 10mb) e g u29tzsbmafooignvbnrlbnq=","filename" "fiddler file saz","importertype" "fiddler","type" "linkimportfile"},{"importertype" "swagger","url" "the url of the definition file i e https //site com/wsdl/definition wsdl","type" "linkimporturl"},{"importertype" "graphql","url" "the url of the definition file i e https //site com/wsdl/definition wsdl","apiurl" "the location of the web service (this is required if the service is hosted on a different address specified with the 'url')","type" "linkimporturl"}],"ismaxscandurationenabled"\ false,"maxdynamicsignatures" 60,"maxscanduration" 48,"scope" "enteredpathandbelow","subpathmaxdynamicsignatures" 30,"timewindow" {"items" \[{"day" "monday","from" "09 00","scanningallowed"\ false,"to" "18 00"}]},"urlrewriteanalyzableextensions" "htm,html","urlrewriteblockseparators" "/$ ,;| ","urlrewritemode" "custom","urlrewriterules" \[{"placeholderpattern" "/blog/{category}/{title}"}],"prerequestscriptsetting" {"isenabled"\ false},"donotdifferentiateprotocols"\ true,"oauth2settingmodel" {"flowtype" "custom","authenticationtype" "none","accesstokenendpoint" {"url" "https //localhost/oauth/token","contenttype" "application/x www form urlencoded","method" "post"},"authorizationcodeendpoint" {"url" "https //localhost/oauth/token","contenttype" "application/x www form urlencoded","method" "post"},"accesstokenitems" \[{"name" "grant type","value" "password","isencoded"\ false,"isencrypted"\ false},{"name" "username","value" "pedroetb","isencoded"\ false,"isencrypted"\ false},{"name" "password","value" "password","isencoded"\ false,"isencrypted"\ false}],"authorizationcodeitems" \[{"name" "grant type","value" "password","isencoded"\ false,"isencrypted"\ false},{"name" "username","value" "pedroetb","isencoded"\ false,"isencrypted"\ false},{"name" "password","value" "password","isencoded"\ false,"isencrypted"\ false}],"responsefields" {"accesstoken" "accesstoken","refreshtoken" "refreshtoken","expire" "accesstokenexpiresat","tokentype" "token type","istokentypefixed"\ true},"threeleggedfields" {"enabled"\ true,"username" "user","password" "pwd","customscripts" \[]},"enabled"\ false},"enablepciscantask"\ false,"tags" \["tagwithnovalue","tagwithvalue\ value"],"comments" "comments"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 201,"response headers" {"date" "thu, 28 mar 2024 10 12 00 gmt","content type" "application/json; charset=utf 8","content length" "70","connection" "keep alive","cache control" "no cache","pragma" "no cache","expires" " 1","x content type options" "nosniff","x frame options" "deny","referrer policy" "no referrer","x xss protection" "1; mode=block","origin trial" "au1hlo38hdou0c5ahko3bugr8p9kt881bvrccp4vesne1hv+b1xx/mzhfznp/tww4+bpblko9h3fokvw\ ","strict transport security" "max ag list scans gets the list of scans and their details endpoint url /api/1 0/scans/list method get input argument name type required description parameters page number optional the page index parameters pagesize number optional the page size page size can be any value between 1 and 200 input example {"parameters" {"page" 1,"pagesize" 10}} output parameter type description status code number http status code of the response reason string response reason phrase firstitemonpage number output field firstitemonpage hasnextpage boolean output field hasnextpage haspreviouspage boolean output field haspreviouspage isfirstpage boolean output field isfirstpage islastpage boolean output field islastpage lastitemonpage number output field lastitemonpage list array output field list list additionalwebsites object output field list additionalwebsites list agentid string unique identifier list agentname object name of the resource list cookies object output field list cookies list crawlandattack boolean output field list crawlandattack list deletedon object output field list deletedon list enableheuristicchecksincustomurlrewrite boolean url endpoint for the request list excludedlinks string output field list excludedlinks list excludelinks boolean output field list excludelinks list disallowedhttpmethods string http method to use list findandfollownewlinks boolean output field list findandfollownewlinks list importedlinks object output field list importedlinks list allimportedlinks string output field list allimportedlinks list desktopscanid object unique identifier list initiatedtime string time value list initiateddate string date value output example {"status code" 200,"response headers" {"date" "thu, 28 mar 2024 06 34 32 gmt","content type" "application/json; charset=utf 8","content length" "3652","connection" "keep alive","cache control" "no cache","pragma" "no cache","expires" " 1","x content type options" "nosniff","x frame options" "deny","referrer policy" "no referrer","x xss protection" "1; mode=block","origin trial" "au1hlo38hdou0c5ahko3bugr8p9kt881bvrccp4vesne1hv+b1xx/mzhfznp/tww4+bpblko9h3fokvw\ ","strict transport security" "max get scan report get the report of a scan in the specified format endpoint url /api/1 0/scans/report/ method get input argument name type required description parameters contentformat string optional gets or sets the content format this parameter can only be used for vulnerabilities xml and json report parameters excluderesponsedata boolean optional if set to true, http response data will be excluded from the vulnerability detail this parameter can only be used for vulnerabilities xml report default false parameters format string required gets or sets the report format crawled urls, scanned urls and vulnerabilities can be exported as xml, csv or json scan detail, sans top 25, owasp top ten 2013, wasc threat classification, pci compliance, hipaa compliance, executive summary and knowledge base reports can be exported as html or pdf modsecurity waf rules report can be exported as txt parameters id string required gets or sets the scan identifier parameters type string required gets or sets the report type fullscandetail option corresponds to "detailed scan report (including addressed issues)" scandetail option corresponds to "detailed scan report (excluding addressed issues)" parameters onlyconfirmedissues boolean optional parameters for the get scan report action parameters onlyunconfirmedissues boolean optional parameters for the get scan report action parameters excludeaddressedissues boolean optional parameters for the get scan report action parameters excludehistoryofissues boolean optional parameters for the get scan report action input example {"parameters" {"contentformat" "string","excluderesponsedata"\ true,"format" "string","id" "12345678 1234 1234 1234 123456789abc","type" "string","onlyconfirmedissues"\ true,"onlyunconfirmedissues"\ true,"excludeaddressedissues"\ true,"excludehistoryofissues"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase file object attachments file file string output field file file file file name string name of the resource output example {"file" {"file" "string","file name" "example name"}} response headers header description example cache control directives for caching mechanisms no cache connection http response header connection keep alive content length the length of the response body in bytes 54 content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt expect ct http response header expect ct max age=30,report uri=" https //www netsparkercloud com/report ct/ " expires the date/time after which the response is considered stale 1 origin trial http response header origin trial au1hlo38hdou0c5ahko3bugr8p9kt881bvrccp4vesne1hv+b1xx/mzhfznp/tww4+bpblko9h3fokvwcxzdsqaaaabieyjvcmlnaw4ioijodhrwczovl3d3dy5uzxrzcgfya2vyy2xvdwquy29tojq0myisimzlyxr1cmuioijvmkztzwn1cml0eutleufqssisimv4cglyesi6mty1odg3otk5ox0= pragma http response header pragma no cache referrer policy http response header referrer policy no referrer strict transport security http response header strict transport security max age=31536000; includesubdomains; preload x content type options http response header x content type options nosniff x frame options http response header x frame options deny x xss protection http response header x xss protection 1; mode=block