Skip to content
NightVision Docs

Alert Rules

Active Scan Rules:

Section titled “Active Scan Rules:”
AlertRiskTypeCWE
Advanced SQL InjectionHighActive89
Cross-Domain MisconfigurationHighActiveN/A
Cross Site Scripting (Persistent)HighActive79
Cross Site Scripting (Reflected)HighActive79
Cross Site WebSocket HijackingHighActive346
Cross Site Scripting (DOM Based)HighActive79
Expression Language InjectionHighActive917
External RedirectHighActiveN/A
File Content Disclosure (CVE-2019-5418)HighActive74
Heartbleed OpenSSL VulnerabilityHighActive119
Httpoxy - Proxy Header MisuseHighActive20
JWT None Hashing Algorithm AttackHighActive347
JWT Algorithm Confusion AttackHighActive327
JWT Algorithm JSON Web Key (JWK) Based AttackHighActive290
JWT Empty Token Injection AttackHighActive345
JWT Signature Not VerifiedHighActive347
JWT Null Byte Injection AttackHighActive1321
JWT Publicly Well Known HMac Secret AttackHighActive798
Log4ShellHighActive117
NoSQL Injection - MongoDBHighActive943
Out of Band XSSHighActive79
Remote File InclusionHighActive98
Remote OS Command InjectionHighActive78
Server Side Code InjectionHighActiveN/A
Server Side IncludeHighActive97
Server Side Request ForgeryHighActive918
Server Side Request Forgery (Blind)HighActive918
Server Side Template InjectionHighActive1336
Server Side Template Injection (Blind)HighActive1336
Session FixationHighActive384
SOAP Action SpoofingHighActiveN/A
SOAP XML InjectionHighActiveN/A
Spring4ShellHighActive78
SQL InjectionHighActive89
SQL Injection - Hypersonic SQLHighActive89
SQL Injection - MsSQLHighActive89
SQL Injection - OracleHighActive89
SQL Injection - PostgreSQLHighActive89
SQL Injection - SQLiteHighActive89
Text4shell (CVE-2022-42889)HighActive117
XML External Entity AttackHighActive611
XPath InjectionHighActive643
Bypassing 403MediumActiveN/A
Directory BrowsingMediumActive548
Exponential Entity Expansion (Billion Laughs Attack)MediumActive776
File UploadMediumActiveN/A
HTTP Only SiteMediumActive311
JWT Scan RuleMediumActiveN/A
Spring Actuator Information LeakMediumActive215
Web Cache DeceptionMediumActiveN/A
Cross Site Scripting (Persistent) - PrimeInformationalActive79
Cross Site Scripting (Persistent) - SpiderInformationalActive79
HTTP Parameter PollutionInformationalActive20

Passive Scan Rules:

Section titled “Passive Scan Rules:”
AlertRiskTypeCWE
ASP.NET ViewState IntegrityHighPassive642
Heartbleed OpenSSL Vulnerability (Indicative)HighPassive119
JWT Leaked in URLHighPassive
Open RedirectHighPassive601
Personally Identifiable Information via WebSocketHighPassive359
Script Served From Malicious Domain (polyfill)HighPassive829
Viewstate without MAC Signature (Unsure)HighPassive642
Viewstate without MAC Signature (Sure)HighPassive642
Absence of Anti-CSRF TokensMediumPassive352
Application Error Disclosure via WebSocketsMediumPassive209
Authentication Credentials CapturedMediumPassive287
Cookie Containing JWT is Lacking SameSite AttributeMediumPassive1004
Cookie Containing JWT is Lacking Secure FlagMediumPassive614
Cookie Containing JWT is Lacking __Secure- or __Host- PrefixesMediumPassive565
Cross-Domain MisconfigurationMediumPassive264
Directory BrowsingMediumPassive548
HTTP to HTTPS Insecure Transition in Form PostMediumPassive319
HTTPS to HTTP Insecure Transition in Form PostMediumPassive319
Information Disclosure - JWT in Browser localStorageMediumPassive200
Insecure JSF ViewStateMediumPassive642
Java Serialization ObjectMediumPassive502
JWT is in FormMediumPassive522
JWT is in HTTP HeaderMediumPassive522
No HttpOnly Flag on Cookie Containing JWTMediumPassive1004
Missing Anti-clickjacking HeaderMediumPassive1021
Potential IP Addresses Found in the ViewstateMediumPassive642
Emails Found in the ViewstateMediumPassive642
Session ID in URL RewriteMediumPassive200
Reverse TabnabbingMediumPassiveN/A
Vulnerable JS LibraryMediumPassive829
Weak Authentication MethodMediumPassive326
CSPMediumPassive693
Big Redirect Detected (Potential Sensitive Information Leak)LowPassive201
Cookie No HttpOnly FlagLowPassive1004
Cookie without SameSite AttributeLowPassive1275
Cookie Without Secure FlagLowPassive614
Cross-Domain JavaScript Source File InclusionLowPassive829
Deprecated Feature Policy Header SetLowPassive16
Hash Disclosure - MD4 / MD5LowPassive200
Information Disclosure - Sensitive Information in Browser StorageLowPassive200
Information Disclosure - Debug Error MessagesLowPassive200
Information Disclosure - Debug Error Messages via WebSocketLowPassive200
Multiple HREFs Redirect Detected (Potential Sensitive Information Leak)LowPassive201
Old Asp.Net Version in UseLowPassive642
Permissions Policy Header Not SetLowPassive693
Private IP DisclosureLowPassive200
Private IP Disclosure via WebSocketLowPassiveN/A
Secure Pages Include Mixed ContentLowPassive311
Server Leaks Version Information via “Server” HTTP Response Header FieldLowPassive200
Strict-Transport-Security HeaderLowPassive319
X-Backend-Server Header Information LeakLowPassive200
X-Debug-Token Information LeakLowPassive200
X-AspNet-Version Response HeaderLowPassive933
ASP.NET ViewState DisclosureInformationalPassive200
Base64 Disclosure in WebSocket messageInformationalPassiveN/A
Content-Type Header MissingInformationalPassive345
Content Security Policy (CSP) Report-Only Header FoundInformationalPassive693
Cookie PoisoningInformationalPassive565
Email address found in WebSocket messageInformationalPassive200
Image Exposes Location or Privacy DataInformationalPassive200
Information Disclosure - Information in Browser StorageInformationalPassive200
Information Disclosure - JWT in Browser sessionStorageInformationalPassive200
Information Disclosure - Sensitive Information in HTTP Referrer HeaderInformationalPassive200
Information Disclosure - Sensitive Information in URLInformationalPassive200
Information Disclosure - Suspicious Comments in XML via WebSocketInformationalPassive200
Obsolete Content Security Policy (CSP) Header FoundInformationalPassive693
Re-examine Cache-control DirectivesInformationalPassive525
Server Leaks its Webserver Application via “Server” HTTP Response Header FieldInformationalPassive200
Split Viewstate in UseInformationalPassive642
Storable but Non-Cacheable ContentInformationalPassive524
User Controllable CharsetInformationalPassive20
Username Hash FoundInformationalPassive284
Username Hash Found in WebSocket messageInformationalPassive284
Verification Request IdentifiedInformationalPassiveN/A

Nuclei Templates

Section titled “Nuclei Templates”

We also use nuclei templates for vulnerability detection of CVEs and misconfigurations. The specific templates will be added to these docs soon.