🔍Grep Options

Grep options provide additional controls for how match patterns are evaluated and how responses are filtered before matching.

⚙️ Match Modifiers

🔄 Negative Match (`NotResponse`)

Inverts the match logic — the issue is reported when the pattern is NOT found in the response.

{
  "NotResponse": true,
  "Grep": ["true,,Simple String,Only in Headers,X-Frame-Options"]
}

Use cases:

🛡️ Detecting missing security headers (HSTS, CSP, X-Frame-Options, X-Content-Type-Options)
🔒 Detecting missing authentication requirements
✅ Verifying security controls are in place

🔤 Case Sensitive (`CaseSensitive`)

Controls whether pattern matching is case-sensitive.

{
  "CaseSensitive": true,
  "Grep": ["true,,Simple String,,AdminPanel"]
}

✅ true — Exact case must match (AdminPanel matches, adminpanel does not)
🔀 false — Case-insensitive matching (AdminPanel and adminpanel both match)

Default: false (case-insensitive)

🎯 Response Scope Filters

🚫 Exclude HTTP Headers (`ExcludeHTTP`)

Excludes HTTP response headers from the match scope — patterns are only matched against the response body.

{
  "ExcludeHTTP": true,
  "Grep": ["true,,Simple String,,password"]
}

📋 Only HTTP Headers (`OnlyHTTP`)

Restricts matching to HTTP response headers only — the response body is ignored.

{
  "OnlyHTTP": true,
  "Grep": ["true,,Simple String,,Set-Cookie:"]
}

📝 Note: You can also set scope per-pattern using the scope field in the grep entry: Only in Headers or Only in Body.

🔽 Pre-Request Filters

These filters are applied before the request is sent, allowing you to skip irrelevant requests early and save time.

📄 Content-Type Filter (`IsContentType`)

Only process responses with a specific Content-Type.

{
  "IsContentType": true,
  "ContentType": "text/html",
  "NegativeCT": false
}

Field

Description

IsContentType

✅ Enable Content-Type filtering

ContentType

📄 The expected Content-Type value (partial match)

NegativeCT

🔄 true = exclude this Content-Type, false = require this Content-Type

📝 Examples:

✅ Only scan HTML responses:

{ "IsContentType": true, "ContentType": "text/html", "NegativeCT": false }

🚫 Skip JSON responses:

{ "IsContentType": true, "ContentType": "application/json", "NegativeCT": true }

🔢 Response Code Filter (`IsResponseCode`)

Only process responses with a specific HTTP status code.

{
  "IsResponseCode": true,
  "ResponseCode": "200",
  "NegativeRC": false
}

Field

Description

IsResponseCode

✅ Enable status code filtering

ResponseCode

🔢 The expected HTTP status code

NegativeRC

🔄 true = exclude this code, false = require this code

📝 Examples:

✅ Only scan successful responses:

{ "IsResponseCode": true, "ResponseCode": "200", "NegativeRC": false }

🚫 Skip 404 responses:

{ "IsResponseCode": true, "ResponseCode": "404", "NegativeRC": true }

📁 URL Extension Filter (`isurlextension`)

Only process requests with specific URL file extensions.

{
  "isurlextension": true,
  "urlextension": "php,asp,aspx,jsp",
  "NegativeUrlExtension": false
}

Field

Description

isurlextension

✅ Enable URL extension filtering

urlextension

📄 Comma-separated list of extensions (without dots)

NegativeUrlExtension

🔄 true = exclude these extensions, false = require these extensions

📝 Examples:

✅ Only scan PHP and JSP files:

{ "isurlextension": true, "urlextension": "php,jsp", "NegativeUrlExtension": false }

🚫 Skip static files:

{ "isurlextension": true, "urlextension": "js,css,png,jpg,gif,svg,woff,woff2", "NegativeUrlExtension": true }

🔗 Combining Filters

Filters can be combined to precisely target the responses you want to analyze:

{
  "IsContentType": true,
  "ContentType": "text/html",
  "NegativeCT": false,
  "IsResponseCode": true,
  "ResponseCode": "200",
  "NegativeRC": false,
  "isurlextension": true,
  "urlextension": "js,css,png,jpg",
  "NegativeUrlExtension": true
}

This configuration:

✅ Only processes HTML responses
✅ Only processes 200 OK responses
🚫 Skips static file extensions

🎯 Grep Scope per Pattern

In addition to the global ExcludeHTTP/OnlyHTTP flags, each grep pattern can specify its own scope:

"Grep": [
  "true,,Simple String,Only in Headers,Set-Cookie: admin=",
  "true,OR,Simple String,Only in Body,Welcome Administrator",
  "true,OR,Simple String,,admin"
]

Scope

Description

(empty)

🌐 Search entire response

Only in Headers

📋 Search only in HTTP headers

Only in Body

📄 Search only in response body

⚡ Filter Evaluation Order

Filters are evaluated in this order to maximize performance:

📁 URL Extension — Skip requests to static files
🔢 Response Code — Skip responses with wrong status codes
📄 Content-Type — Skip responses with wrong content types
🔍 Grep Matching — Apply match patterns to the filtered response

This early filtering pipeline prevents unnecessary processing and reduces scan time.

PreviousMatch Types NextRedirections

Last updated 2 days ago

hashtag⚙️ Match Modifiers

hashtag🔄 Negative Match (NotResponse)

hashtag🔤 Case Sensitive (CaseSensitive)

hashtag🎯 Response Scope Filters

hashtag🚫 Exclude HTTP Headers (ExcludeHTTP)

hashtag📋 Only HTTP Headers (OnlyHTTP)

hashtag🔽 Pre-Request Filters

hashtag📄 Content-Type Filter (IsContentType)

hashtag🔢 Response Code Filter (IsResponseCode)

hashtag📁 URL Extension Filter (isurlextension)

hashtag🔗 Combining Filters

hashtag🎯 Grep Scope per Pattern

hashtag⚡ Filter Evaluation Order

⚙️ Match Modifiers

🔄 Negative Match (`NotResponse`)

🔤 Case Sensitive (`CaseSensitive`)

🎯 Response Scope Filters

🚫 Exclude HTTP Headers (`ExcludeHTTP`)

📋 Only HTTP Headers (`OnlyHTTP`)

🔽 Pre-Request Filters

📄 Content-Type Filter (`IsContentType`)

🔢 Response Code Filter (`IsResponseCode`)

📁 URL Extension Filter (`isurlextension`)

🔗 Combining Filters

🎯 Grep Scope per Pattern

⚡ Filter Evaluation Order