Skip to content

Findings

All tool output is normalized into a single Finding struct, regardless of which adapter produced it.

Structure

rust
pub struct Finding {
    pub id: String,
    pub session_id: String,
    pub source: String,          // adapter name (httpx, nuclei, ffuf, etc.)
    pub category: Category,      // Recon, Vulnerability, Fuzz, Injection, Info
    pub severity: Severity,      // Info, Low, Medium, High, Critical
    pub title: String,
    pub description: String,
    pub url: String,
    pub evidence: String,
    pub raw_output: serde_json::Value,
    pub timestamp: String,
}

Severity Levels

LevelNumericTypical Sources
Critical4SQLi, RCE, auth bypass
High3XSS, SSRF, IDOR
Medium2Misconfig, info leak
Low1Missing headers, verbose errors
Info0Recon results, metadata

Categories

CategoryPurpose
ReconURL discovery, tech detection (httpx)
VulnerabilityConfirmed vulns (nuclei)
FuzzFuzzing hits (ffuf)
InjectionSQL injection findings (sqlmap)
InfoGeneral information, metadata

Source-Specific Fields

Each adapter maps its tool-specific JSONL fields into the common structure:

  • httpx: url -> url, tech -> evidence, status_code -> description
  • nuclei: matched -> url, template_id -> title, info -> description
  • ffuf: url -> url, input -> evidence, status/length -> description

The original raw JSONL is always preserved in raw_output for detailed analysis.