Scan Types

A type follows the format: indicator_rule
Types are lowercase alpha characters, except for a single underscore splitting the indicator and rule.

An indicator is a keyword or keyphrase to distinguish different scan intentions (see below examples).

The rule MUST be either active or passive which describes the impact.



passive scanning is anything with a very low impact potential, meaning it is very unlikely to cause any disruption, alerting or data loss. An example is a crawler running at 1 request per second performing HTTP GET requests to capture the content with no exploit attempts.


active scanning is where there could be an impact to the targeted system, meaning it may cause disruption to legitimate users, it may trigger alerts and it may impact data integrity or confidentiality. An example is attempting to exploit a known vulnerability to assess whether a system is vulnerable. Another example is load testing where legitimate users may be prevented from accessing.


Including an example of what that might be.