Skip to main content

Scan Templates Guide

Proofarc includes 62 pre-configured scan templates across 10 categories. Each template is a ready-to-run scanner configuration.

Categories

CategoryTemplatesDescription
INFRASTRUCTURE13Network scanning, port discovery, service detection
WEB11Web application vulnerability scanning
NETWORK11Network enumeration, SMB, SSH, DNS
PERFORMANCE9Load testing, stress testing, endurance
API_SECURITY6SQL injection, XSS, auth bypass testing
DATABASE4Database security and configuration
RECONNAISSANCE2Web crawling and discovery
APPLICATION2Application-level scanning
KUBERNETES1Kubernetes cluster security
MOBILE2Mobile application testing

Commonly Used Templates

Network Discovery (Nmap)

POST /api/scan-group
{
"name": "Nmap Discovery",
"templateIds": [1],
"targetIds": [1],
"parameters": {"ports": "1-1000", "timing": "4"}
}

POST /api/scan-group/{id}/execute

Scans for open ports, running services, and OS detection.

Web Vulnerability Scan (ZAP)

POST /api/scan-group
{
"name": "ZAP Baseline",
"templateIds": [22],
"targetIds": [1],
"parameters": {"scan_type": "baseline", "max_duration": "5"}
}

POST /api/scan-group/{id}/execute

OWASP ZAP spider + passive scan for common web vulnerabilities. If the target has auth configured, ZAP automatically injects the auth header via replacer rules to scan authenticated pages.

SQL Injection (SQLMap)

POST /api/scan-group
{
"name": "SQLMap Test",
"templateIds": [20],
"targetIds": [1],
"parameters": {"testForms": true}
}

POST /api/scan-group/{id}/execute

Tests API endpoints and forms for SQL injection vulnerabilities. Auth headers are passed via --headers when the target has auth configured.

CVE Detection (Nuclei)

POST /api/scan-group
{
"name": "Nuclei CVE Scan",
"templateIds": [5],
"targetIds": [1],
"parameters": {}
}

POST /api/scan-group/{id}/execute

Scans for known CVEs using community templates. Auth headers are passed via --header when the target has auth configured.

Using Presets (Quick Start)

# List available presets
GET /api/presets

# Execute a preset directly
POST /api/presets/{id}/execute
{
"targetId": 1
}

Container Security (Trivy)

Scans Docker images for vulnerabilities and misconfigurations.

Scan Presets

Presets are saved configurations for common scan workflows:

PresetWhat it does
Quick Web Scan60-second Nikto scan for fast assessment
Standard Security AuditComprehensive Nikto scan (2 min)
ZAP Baseline5-minute passive ZAP scan
ZAP Active ScanFull ZAP spider + active scan (30 min)
ZAP API SecurityAPI-focused passive scan (15 min)

Custom Scan Scripts

Upload custom Python scanning scripts:

POST /api/scripts
{
"name": "Custom Scanner",
"toolName": "MY_SCANNER",
"category": "VULNERABILITY",
"content": "base64-encoded-python-script"
}

Custom scripts must follow the scanner script format with SCRIPT_INFO and execute() function.