Skip to main content

Get Scan Vulnerabilities

Returns a list of vulnerabilities for the specified scan.

External Documentation

To learn more, visit the Tenable documentation.

Parameters

ParameterDescription
LimitThe number of records to retrieve. If this parameter is omitted, Tenable.io uses the default value of 10. The minimum value is 0 and the maximum value is 200. If you need to retrieve more than 200 records, use the offset value to iterate through page responses.
OffsetThe starting record to retrieve. If this parameter is omitted, Tenable.io uses the default value of 0.
Scan IDThe UUID of the scan for which you want to view vulnerabilities.
SortThe field you want to use to sort the results by along with the sort order. The field is specified first, followed by a colon, and the order is specified second (asc or desc). For example, name:desc would sort results by the name field in descending order.If you specify multiple fields, the fields must be separated by commas. For example, name:desc,created_at:asc would first sort results by the name field in descending order and then by the created_at field in ascending order.

Example Output

{
"value": {
"items": [
{
"attachments": [
{
"attachment_id": "b13a9fb5-cb0d-47d8-a6c1-063fbe6f8250",
"attachment_name": "sitemap.csv",
"created_at": "2020-02-05T23:25:33.740Z",
"file_type": "text/plain",
"md5": "md5:b2e06491f801f7f5b5f229bbf6efd7e9",
"size": 0
}
],
"created_at": "2020-02-05T23:25:31Z",
"details": {
"input_name": null,
"input_type": null,
"output": "The scan has discovered 23 distinct URLs, 11 of which are in the target scope.\n\nFrom these 11 URLs, 21 have been effectively crawled.\n\nResponse times ranged between 0.003519s and 0.143464s.\n\nHere is the distribution of URL types for this web application:\n- 11 as \"text/html\"\n- 1 as \"text/css\"\n- 2 as \"text/javascript\"\n- 3 as \"image/png\"\n- 4 as \"image/jpeg\"\n\nYou can access the complete list of URLs with the information collected by the scan as an attachment to this plugin.",
"payload": null,
"proof": null,
"request": null,
"response": null,
"selector": null,
"selector_url": null,
"signature": null
},
"is_page": false,
"plugin_id": 98009,
"scan_id": "7f3428c5-0f5a-4812-a728-fffbcbf7c132",
"uri": "http://192.0.2.119",
"vuln_id": "3072f8d9-a0c2-443f-bca8-b47e63ebaa80"
},
{
"attachments": [],
"created_at": "2020-02-05T23:25:31Z",
"details": {
"input_name": null,
"input_type": null,
"output": "\nEngine Version 0.41.0_INIT_SITEMAP_SNAPSHOT-6\nScan ID 7f3428c5-0f5a-4812-a728-fffbcbf7c132\n\nStart Time 2020-02-05 23:23:36 +0000\nDuration 00:01:52\n\nRequests 664\nRequests/s 59.2445\nMean Response Time 0.0542s\n\nBandwidth Usage\n- Data to Target 200 KB\n- Data from Target 546 KB\n\nNetwork TimeOuts 0\nBrowser TimeOuts 0\nProtocols HTTP/HTTPs\n\nAuthentication\n- None\n\nPlugins Included:\n- 98000 \"Scan Information\"\n- 98003 \"OS Detection\"\n- 98009 \"Web Application Sitemap\"\n- 98019 \"Network Timeout Encountered\"\n- 98024 \"HTTP Server Authentication Detected\"\n- 98025 \"HTTP Server Authentication Succeeded\"\n- 98026 \"HTTP Server Authentication Failed\"\n- 98033 \"Login Form Detected\"\n- 98034 \"Login Form Authentication Failed\"\n- 98035 \"Login Form Authentication Succeeded\"\n- 98043 \"Scan logged-out intermittently\"\n- 98044 \"Scan aborted after being logged out\"\n- 98050 \"Interesting response\"\n- 98056 \"Missing HTTP Strict Transport Security Policy\"\n- 98057 \"Insecure 'Access-Control-Allow-Origin' header\"\n- 98059 \"Technologies Detected\"\n- 98060 \"Missing 'X-Frame-Options' Header\"\n- 98062 \"Cookie set for parent domain\"\n- 98063 \"Cookie Without HttpOnly Flag Detected\"\n- 98064 \"Cookie Without Secure Flag Detected\"\n- 98077 \"Private IP address disclosure\"\n- 98078 \"E-mail address disclosure\"\n- 98079 \"CVS/SVN user disclosure\"\n- 98080 \"Form-based File Upload\"\n- 98081 \"Password field with auto-complete\"\n- 98082 \"Unencrypted password form\"\n- 98083 \"CAPTCHA Detection\"\n- 98084 \"Directory Listing\"\n- 98091 \"Mixed Resource Detection\"\n- 98092 \"HTML Object\"\n- 98129 \"Credit card number disclosure\"\n- 98136 \"Target Information\"\n- 98137 \"Scan aborted after too many timeouts\"\n- 98138 \"Screenshot\"\n- 98139 \"Cookie Authentication Succeeded\"\n- 98140 \"Cookie Authentication Failed\"\n- 98141 \"Selenium Authentication Succeeded\"\n- 98142 \"Selenium Authentication Failed\"\n- 98143 \"Selenium Crawl Succeeded\"\n- 98145 \"Selenium Crawl Failed\"\n- 98526 \"Missing Feature Policy\"\n- 98527 \"Missing Referrer Policy\"\n- 98611 \"Error Message\"\n- 98612 \"Missing 'Expect-CT' Header\"\n- 98615 \"Basic Authentication Without HTTPS\"\n- 98618 \"HTTP Header Information Disclosure\"\n- 98647 \"Missing Subresource Integrity (SRI)\"\n- 98648 \"Missing 'Content-Type' Header\"\n- 98649 \"Invalid Subresource Integrity\"\n- 98715 \"Permissive HTTP Strict Transport Security Policy Detected\"\n- 98772 \"XHR Detection\"\n- 112526 \"Missing 'X-XSS-Protection' Header\"\n- 112527 \"Disabled 'X-XSS-Protection' Header\"\n- 112529 \"Missing 'X-Content-Type-Options' Header\"\n- 112550 \"Full Path Disclosure\"\n- 112551 \"Missing Content Security Policy\"\n- 112552 \"Deprecated Content Security Policy\"\n- 112553 \"Missing 'Cache-Control' Header\"\n- 112554 \"Permissive Content Security Policy Detected\"\n- 112555 \"Report Only Content Security Policy Detected\"\n- 115540 \"Cookie Without SameSite Flag Detected\"",
"payload": null,
"proof": null,
"request": null,
"response": null,
"selector": null,
"selector_url": null,
"signature": null
},
"is_page": false,
"plugin_id": 98000,
"scan_id": "7f3428c5-0f5a-4812-a728-fffbcbf7c132",
"uri": "http://192.0.2.119",
"vuln_id": "a1dc9d88-44de-4f5c-9258-3dbb02baa010"
},
{
"attachments": [
{
"attachment_id": "97cd4d98-1ab9-46f4-b405-f4e31a20ddc4",
"attachment_name": "technologies.csv",
"created_at": "2020-02-05T23:25:33.641Z",
"file_type": "text/plain",
"md5": "md5:99ec79c6a05d25316f75caa93692ecda",
"size": 0
}
],
"created_at": "2020-02-05T23:25:31Z",
"details": {
"input_name": null,
"input_type": null,
"output": "The framework has detected the following technologies in the target application:\n\n- Bootstrap (v3.3.5)\n- jQuery (v2.1.3)\n- PHP (v5.3.3)\n- Apache (v2.2.15)",
"payload": null,
"proof": null,
"request": null,
"response": null,
"selector": null,
"selector_url": null,
"signature": null
},
"is_page": false,
"plugin_id": 98059,
"scan_id": "7f3428c5-0f5a-4812-a728-fffbcbf7c132",
"uri": "http://192.0.2.119",
"vuln_id": "8cc6151b-c26d-4904-99b6-2526b63a516e"
},
{
"attachments": [
{
"attachment_id": "f6f09764-405d-4f2d-a702-6a1e2416559d",
"attachment_name": "emails.csv",
"created_at": "2020-02-05T23:25:33.639Z",
"file_type": "text/plain",
"md5": "md5:f98d48f3b1f07becbe9a3911d2759767",
"size": 0
}
],
"created_at": "2020-02-05T23:25:28Z",
"details": {
"input_name": null,
"input_type": null,
"output": "Number of Email Addresses Collected: 1\n\nListed below are each email address and the number of URLs where the email address has been found:\njane.doe@example.com found on 4 URLs\n",
"payload": null,
"proof": null,
"request": null,
"response": null,
"selector": null,
"selector_url": null,
"signature": "(?i-mx:(https?:\\/\\/)?([A-Za-z0-9]*:)?([A-Z0-9._%+-]+(?:@|\\s*\\[at\\]\\s*)[A-Z0-9.-]+(?:\\.|\\s*\\[dot\\]\\s*)[A-Z]{2,4}))"
},
"is_page": false,
"plugin_id": 98078,
"scan_id": "7f3428c5-0f5a-4812-a728-fffbcbf7c132",
"uri": "http://192.0.2.119",
"vuln_id": "c345437b-a4e8-4e56-bdfe-9fadff9d6490"
},
{
"attachments": [],
"created_at": "2020-02-05T23:24:21Z",
"details": {
"input_name": null,
"input_type": null,
"output": "Subresource Integrity missing from following resource: \n\n- https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\n\nScript tag Source: \n\n- \u003cscript src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\"\u003e\u003c/script\u003e\n\n\nSubresource Integrity missing from following resource: \n\n- https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\n\nScript tag Source: \n\n- \u003cscript src=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\" crossorigin=\"anonymous\"\u003e\u003c/script\u003e\n\n\n",
"payload": null,
"proof": null,
"request": null,
"response": null,
"selector": null,
"selector_url": null,
"signature": null
},
"is_page": false,
"plugin_id": 98647,
"scan_id": "7f3428c5-0f5a-4812-a728-fffbcbf7c132",
"uri": "http://192.0.2.119/search.php",
"vuln_id": "3015b090-2eea-4fe5-9f81-49677ebf1505"
},
{
"attachments": [],
"created_at": "2020-02-05T23:24:17Z",
"details": {
"input_name": null,
"input_type": null,
"output": "Subresource Integrity missing from following resource: \n\n- https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\n\nScript tag Source: \n\n- \u003cscript src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\"\u003e\u003c/script\u003e\n\n\nSubresource Integrity missing from following resource: \n\n- https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\n\nScript tag Source: \n\n- \u003cscript src=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\" crossorigin=\"anonymous\"\u003e\u003c/script\u003e\n\n\n",
"payload": null,
"proof": null,
"request": null,
"response": null,
"selector": null,
"selector_url": null,
"signature": null
},
"is_page": false,
"plugin_id": 98647,
"scan_id": "7f3428c5-0f5a-4812-a728-fffbcbf7c132",
"uri": "http://192.0.2.119/Privacy.php",
"vuln_id": "6813fc1a-ec08-44f7-b237-a15195fe657c"
},
{
"attachments": [],
"created_at": "2020-02-05T23:24:14Z",
"details": {
"input_name": null,
"input_type": null,
"output": "Subresource Integrity missing from following resource: \n\n- https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\n\nScript tag Source: \n\n- \u003cscript src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\"\u003e\u003c/script\u003e\n\n\nSubresource Integrity missing from following resource: \n\n- https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\n\nScript tag Source: \n\n- \u003cscript src=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\" crossorigin=\"anonymous\"\u003e\u003c/script\u003e\n\n\n",
"payload": null,
"proof": null,
"request": null,
"response": null,
"selector": null,
"selector_url": null,
"signature": null
},
"is_page": false,
"plugin_id": 98647,
"scan_id": "7f3428c5-0f5a-4812-a728-fffbcbf7c132",
"uri": "http://192.0.2.119/TermsOfService.php",
"vuln_id": "971fdb37-4572-4a92-84a6-bc2a36ee6a6c"
},
{
"attachments": [],
"created_at": "2020-02-05T23:24:10Z",
"details": {
"input_name": null,
"input_type": null,
"output": "Subresource Integrity missing from following resource: \n\n- https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\n\nScript tag Source: \n\n- \u003cscript src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\"\u003e\u003c/script\u003e\n\n\nSubresource Integrity missing from following resource: \n\n- https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\n\nScript tag Source: \n\n- \u003cscript src=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\" crossorigin=\"anonymous\"\u003e\u003c/script\u003e\n\n\n",
"payload": null,
"proof": null,
"request": null,
"response": null,
"selector": null,
"selector_url": null,
"signature": null
},
"is_page": false,
"plugin_id": 98647,
"scan_id": "7f3428c5-0f5a-4812-a728-fffbcbf7c132",
"uri": "http://192.0.2.119/information/stockTrading.php",
"vuln_id": "371474e0-eace-4c86-8f6b-aa3a8e013f33"
},
{
"attachments": [],
"created_at": "2020-02-05T23:24:06Z",
"details": {
"input_name": null,
"input_type": null,
"output": "Subresource Integrity missing from following resource: \n\n- https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\n\nScript tag Source: \n\n- \u003cscript src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\"\u003e\u003c/script\u003e\n\n\nSubresource Integrity missing from following resource: \n\n- https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\n\nScript tag Source: \n\n- \u003cscript src=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\" crossorigin=\"anonymous\"\u003e\u003c/script\u003e\n\n\n",
"payload": null,
"proof": null,
"request": null,
"response": null,
"selector": null,
"selector_url": null,
"signature": null
},
"is_page": false,
"plugin_id": 98647,
"scan_id": "7f3428c5-0f5a-4812-a728-fffbcbf7c132",
"uri": "http://192.0.2.119/information/corpBusiness.php",
"vuln_id": "2519c22d-5763-432e-8ad1-cbf37df69b9b"
},
{
"attachments": [],
"created_at": "2020-02-05T23:24:02Z",
"details": {
"input_name": null,
"input_type": null,
"output": "Subresource Integrity missing from following resource: \n\n- https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\n\nScript tag Source: \n\n- \u003cscript src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\"\u003e\u003c/script\u003e\n\n\nSubresource Integrity missing from following resource: \n\n- https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\n\nScript tag Source: \n\n- \u003cscript src=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\" crossorigin=\"anonymous\"\u003e\u003c/script\u003e\n\n\n",
"payload": null,
"proof": null,
"request": null,
"response": null,
"selector": null,
"selector_url": null,
"signature": null
},
"is_page": false,
"plugin_id": 98647,
"scan_id": "7f3428c5-0f5a-4812-a728-fffbcbf7c132",
"uri": "http://192.0.2.119/information/smallBusinessBanking.php",
"vuln_id": "e08d4b20-6075-42a5-9eba-b2a3071588d3"
}
],
"pagination": {
"limit": 10,
"offset": 0,
"sort": [
{
"name": "created_at",
"order": "desc"
}
],
"total": 30
}
}
}

Workflow Library Example

Get Scan Vulnerabilities with Tenable and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop