Scan Templates Guide
Proofarc includes 62 pre-configured scan templates across 10 categories. Each template is a ready-to-run scanner configuration.
Categories
| Category | Templates | Description |
|---|---|---|
| INFRASTRUCTURE | 13 | Network scanning, port discovery, service detection |
| WEB | 11 | Web application vulnerability scanning |
| NETWORK | 11 | Network enumeration, SMB, SSH, DNS |
| PERFORMANCE | 9 | Load testing, stress testing, endurance |
| API_SECURITY | 6 | SQL injection, XSS, auth bypass testing |
| DATABASE | 4 | Database security and configuration |
| RECONNAISSANCE | 2 | Web crawling and discovery |
| APPLICATION | 2 | Application-level scanning |
| KUBERNETES | 1 | Kubernetes cluster security |
| MOBILE | 2 | Mobile application testing |
Commonly Used Templates
Network Discovery (Nmap)
POST /api/scan-group
{
"name": "Nmap Discovery",
"templateIds": [1],
"targetIds": [1],
"parameters": {"ports": "1-1000", "timing": "4"}
}
POST /api/scan-group/{id}/execute
Scans for open ports, running services, and OS detection.
Web Vulnerability Scan (ZAP)
POST /api/scan-group
{
"name": "ZAP Baseline",
"templateIds": [22],
"targetIds": [1],
"parameters": {"scan_type": "baseline", "max_duration": "5"}
}
POST /api/scan-group/{id}/execute
OWASP ZAP spider + passive scan for common web vulnerabilities. If the target has auth configured, ZAP automatically injects the auth header via replacer rules to scan authenticated pages.
SQL Injection (SQLMap)
POST /api/scan-group
{
"name": "SQLMap Test",
"templateIds": [20],
"targetIds": [1],
"parameters": {"testForms": true}
}
POST /api/scan-group/{id}/execute
Tests API endpoints and forms for SQL injection vulnerabilities. Auth headers are passed via --headers when the target has auth configured.
CVE Detection (Nuclei)
POST /api/scan-group
{
"name": "Nuclei CVE Scan",
"templateIds": [5],
"targetIds": [1],
"parameters": {}
}
POST /api/scan-group/{id}/execute
Scans for known CVEs using community templates. Auth headers are passed via --header when the target has auth configured.
Using Presets (Quick Start)
# List available presets
GET /api/presets
# Execute a preset directly
POST /api/presets/{id}/execute
{
"targetId": 1
}
Container Security (Trivy)
Scans Docker images for vulnerabilities and misconfigurations.
Scan Presets
Presets are saved configurations for common scan workflows:
| Preset | What it does |
|---|---|
| Quick Web Scan | 60-second Nikto scan for fast assessment |
| Standard Security Audit | Comprehensive Nikto scan (2 min) |
| ZAP Baseline | 5-minute passive ZAP scan |
| ZAP Active Scan | Full ZAP spider + active scan (30 min) |
| ZAP API Security | API-focused passive scan (15 min) |
Custom Scan Scripts
Upload custom Python scanning scripts:
POST /api/scripts
{
"name": "Custom Scanner",
"toolName": "MY_SCANNER",
"category": "VULNERABILITY",
"content": "base64-encoded-python-script"
}
Custom scripts must follow the scanner script format with SCRIPT_INFO and execute() function.