Download exported scan

GET {{baseUrl}}/was/v2/scans/:scan_id/report

Downloads a scan report for the specified scan.

Note: A 404 Not Found is returned if the requested report is not yet ready for download.

Requires BASIC [16] user permissions and CAN VIEW [16] scan permissions. See Permissions.

RESPONSES

status: OK

{"report":{"version":"1.1","created_at":"2020-11-22T18:50:23.437864+00:00"},"config":{"config_id":"b3775500-38f4-4cb1-b032-5386b445e554","owner_id":"4b0d43eb-77e2-4a52-b24a-93d29bcb0aba","settings":{"http":{"user_agent":"WAS/%v","include_scan_id":false,"request_headers":{},"request_timeout":5,"custom_user_agent":false,"response_max_size":500000,"request_concurrency":10,"request_redirect_limit":2},"audit":{"xmls":false,"forms":true,"jsons":false,"links":true,"cookies":true,"headers":false,"ui_forms":true,"ui_inputs":true,"parameter_names":false,"path_parameters":false,"parameter_values":true},"scope":{"urls":[],"option":"all","page_limit":10000,"decompose_paths":false,"dom_depth_limit":5,"auto_redundant_paths":5,"directory_depth_limit":10,"exclude_path_patterns":["logout"],"exclude_file_extensions":["js","css","png","jpeg","gif","pdf","csv","svn-base","svg","jpg","ico"]},"chrome":{"script_finish_wait":5000,"script_command_wait":500,"script_page_load_wait":10000},"plugin":{"ids":[],"mode":"disable","names":[],"families":[]},"target":"http://192.0.2.214","browser":{"job_timeout":10,"screen_width":1600,"ignore_images":true,"screen_height":1200},"timeout":"08:00:00","assessment":{"rfi_remote_url":"http://rfi.nessus.org/rfi.txt","element_exclusions":null},"debug_mode":false,"credentials":{"credential_ids":[]},"chrome_script":{"finish_wait":5000,"command_wait":500,"page_load_wait":10000}},"additional_properties":null,"scanner_type":"cloud","scanner_instance_id":null,"name":"bank of tenable overview","description":null},"template":{"template_id":"112f3e7f-d83a-4bba-b2c8-df2d22e2fa5c","name":"overview","description":"A scan that outlines URL paths and builds a site map."},"user_template":null,"scan":{"user_id":"4a0d43ec-77e2-4a52-b24a-93d29bcb0aba","scan_id":"fcb7194b-67eb-44f2-bddd-4f6e2a7ea12e","status":"aborted","finalized_at":"2020-02-05T23:22:24.964+00:00","asset_id":"22807f4a-d678-4c60-bcb9-6af2a0623f9b","target":"http://192.0.2.214","created_at":"2020-02-05T23:16:37.083+00:00"},"findings":[{"plugin_publication_date":"2019-04-02T00:00:00+00:00","plugin_modification_date":"2019-04-02T00:00:00+00:00","attachments":["https://example.com/was/v2/attachments/aa543122-ad2c-4beb-85e6-e376850973fa","https://example.com/was/v2/attachments/6224eb40-80ec-4ef2-8f3a-4035f2876fe8"],"plugin_id":98527,"cvssv3":null,"cvssv3_vector":null,"cvss":null,"cvss_vector":null,"cves":[],"risk_factor":"info","uri":"http://192.0.2.214/","name":"Missing Referrer Policy","family":"HTTP Security Header","synopsis":"Missing Referrer Policy","description":"Referrer Policy provides mechanisms to websites to restrict referrer information (sent in the referer header) that browsers will be allowed to add.\n\nNo Referrer Policy header or metatag configuration has been detected.","solution":"Configure Referrer Policy on your website by adding 'Referrer-Policy' HTTP header or meta tag referrer in HTML.","see_also":["https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy"],"wasc":[],"cwe":[],"owasp":[],"bid":[],"input_name":null,"input_type":null,"proof":null,"request_headers":null,"response_headers":null,"payload":null,"output":"No Referrer-Policy headers or body meta tags were found on http://192.0.2.214/","xrefs":[]},{"plugin_publication_date":"2017-07-27T00:00:00+00:00","plugin_modification_date":"2017-07-27T00:00:00+00:00","attachments":["https://example.com/was/v2/attachments/9afb4df0-198d-486c-aaa9-a6368d6cf45f","https://example.com/was/v2/attachments/55c930b0-ffee-4c85-8aeb-7a89eea6a6ce"],"plugin_id":98136,"cvssv3":null,"cvssv3_vector":null,"cvss":null,"cvss_vector":null,"cves":[],"risk_factor":"info","uri":"http://192.0.2.214","name":"Target Information","family":"General","synopsis":"Target Information","description":"Publishes the target information of the starting url as evaluated by the scan.","solution":null,"see_also":[],"wasc":[],"cwe":[],"owasp":[],"bid":[],"input_name":null,"input_type":null,"proof":null,"request_headers":null,"response_headers":null,"payload":null,"output":"IP '192.0.2.214' could not be resolved","xrefs":[]},{"plugin_publication_date":"2019-08-01T00:00:00+00:00","plugin_modification_date":"2019-08-01T00:00:00+00:00","attachments":[],"plugin_id":98647,"cvssv3":null,"cvssv3_vector":null,"cvss":null,"cvss_vector":null,"cves":[],"risk_factor":"info","uri":"http://192.0.2.214/information/stockTrading.php","name":"Missing Subresource Integrity (SRI)","family":"Web Applications","synopsis":"Missing Subresource Integrity (SRI)","description":"Subresource Integrity (SRI) is a web security standard that enables browsers to verify that resources hosted by third parties (CDN for example) are delivered without unexpected manipulation.\n\nSRI works by comparing a cryptographic hash declared in the integrity attribute of resource tag (like script) used to fetch the resource and the calculated hash value of this resource.\n\nNo SRI have been detected for one or more resources.","solution":"Add integrity attribute to the resource tag with prefixed and base64 encoded hash of the resource.","see_also":["https://www.owasp.org/index.php/3rd_Party_Javascript_Management_Cheat_Sheet#Subresource_Integrity","https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity"],"wasc":[],"cwe":[],"owasp":[],"bid":[],"input_name":null,"input_type":null,"proof":null,"request_headers":null,"response_headers":null,"payload":null,"output":"Subresource Integrity missing from following resource: \n\n- https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\n\nScript tag Source: \n\n- \u003cscript src=\"https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js\"\u003e\u003c/script\u003e\n\n\nSubresource Integrity missing from following resource: \n\n- https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\n\nScript tag Source: \n\n- \u003cscript src=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js\" crossorigin=\"anonymous\"\u003e\u003c/script\u003e\n\n\n","xrefs":[]},{"plugin_publication_date":"2017-03-31T00:00:00+00:00","plugin_modification_date":"2017-10-16T00:00:00+00:00","attachments":["https://example.com/was/v2/attachments/51d3ca7a-6e8e-493b-bc28-0047f7871031","https://example.com/was/v2/attachments/7aec8ff1-a41a-4993-ab80-9f4559c71e63"],"plugin_id":98060,"cvssv3":3.1,"cvssv3_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N","cvss":2.6,"cvss_vector":"CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N","cves":[],"risk_factor":"low","uri":"http://192.0.2.214/","name":"Missing 'X-Frame-Options' Header","family":"HTTP Security Header","synopsis":"Missing 'X-Frame-Options' Header","description":"Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.\n\nThe server didn't return an `X-Frame-Options` header which means that this website could be at risk of a clickjacking attack.\n\nThe `X-Frame-Options` HTTP response header can be used to indicate whether or not a browser should be allowed to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.","solution":"Configure your web server to include an `X-Frame-Options` header.","see_also":["https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options","http://tools.ietf.org/html/rfc7034","https://www.owasp.org/index.php/Clickjacking"],"wasc":["Application Misconfiguration"],"cwe":[693],"owasp":[{"year":"2010","category":"A6"},{"year":"2017","category":"A6"},{"year":"2013","category":"A5"}],"bid":[],"input_name":null,"input_type":null,"proof":"HTTP/1.1 200 OK","request_headers":null,"response_headers":null,"payload":null,"output":"Page http://192.0.2.214/ has no X-Frame-Option header defined","xrefs":[{"xref_name":"WASC","xref_value":"Application Misconfiguration"},{"xref_name":"CWE","xref_value":"693"},{"xref_name":"OWASP","xref_value":"2010-A6"},{"xref_name":"OWASP","xref_value":"2017-A6"},{"xref_name":"OWASP","xref_value":"2013-A5"}]},{"plugin_publication_date":"2018-11-28T00:00:00+00:00","plugin_modification_date":"2018-11-28T00:00:00+00:00","attachments":["https://example.com/was/v2/attachments/57297baa-c016-426a-99e1-d7e9f27b845f","https://example.com/was/v2/attachments/7ce079e0-2393-44f8-b20b-def80f355d2a"],"plugin_id":112529,"cvssv3":3.1,"cvssv3_vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N","cvss":2.6,"cvss_vector":"CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N","cves":[],"risk_factor":"low","uri":"http://192.0.2.214/","name":"Missing 'X-Content-Type-Options' Header","family":"HTTP Security Header","synopsis":"Missing 'X-Content-Type-Options' Header","description":"The HTTP 'X-Content-Type-Options' response header prevents the browser from MIME-sniffing a response away from the declared content-type.\n\nThe server did not return a correct 'X-Content-Type-Options' header, which means that this website could be at risk of a Cross-Site Scripting (XSS) attack.","solution":"Configure your web server to include an 'X-Content-Type-Options' header with a value of 'nosniff'.","see_also":["https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options","https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xcto"],"wasc":["Application Misconfiguration"],"cwe":[693],"owasp":[{"year":"2019","category":"API7"},{"year":"2013","category":"A5"},{"year":"2010","category":"A6"},{"year":"2017","category":"A6"}],"bid":[],"input_name":null,"input_type":null,"proof":"HTTP/1.1 200 OK","request_headers":null,"response_headers":null,"payload":null,"output":null,"xrefs":[{"xref_name":"WASC","xref_value":"Application Misconfiguration"},{"xref_name":"CWE","xref_value":"693"},{"xref_name":"OWASP_API","xref_value":"2019-API7"},{"xref_name":"OWASP","xref_value":"2013-A5"},{"xref_name":"OWASP","xref_value":"2010-A6"},{"xref_name":"OWASP","xref_value":"2017-A6"}]}],"notes":[]}