# Grep Options Grep options provide additional controls for how match patterns are evaluated and how responses are filtered before matching. ## ⚙️ Match Modifiers ### 🔄 Negative Match (`NotResponse`) Inverts the match logic — the issue is reported when the pattern is **NOT** found in the response. ```json { "NotResponse": true, "Grep": ["true,,Simple String,Only in Headers,X-Frame-Options"] } ``` **Use cases:** * 🛡️ Detecting missing security headers (HSTS, CSP, X-Frame-Options, X-Content-Type-Options) * 🔒 Detecting missing authentication requirements * ✅ Verifying security controls are in place ### 🔤 Case Sensitive (`CaseSensitive`) Controls whether pattern matching is case-sensitive. ```json { "CaseSensitive": true, "Grep": ["true,,Simple String,,AdminPanel"] } ``` * ✅ `true` — Exact case must match (`AdminPanel` matches, `adminpanel` does not) * 🔀 `false` — Case-insensitive matching (`AdminPanel` and `adminpanel` both match) Default: `false` (case-insensitive) ## 🎯 Response Scope Filters ### 🚫 Exclude HTTP Headers (`ExcludeHTTP`) Excludes HTTP response headers from the match scope — patterns are only matched against the response body. ```json { "ExcludeHTTP": true, "Grep": ["true,,Simple String,,password"] } ``` ### 📋 Only HTTP Headers (`OnlyHTTP`) Restricts matching to HTTP response headers only — the response body is ignored. ```json { "OnlyHTTP": true, "Grep": ["true,,Simple String,,Set-Cookie:"] } ``` > 📝 **Note:** You can also set scope per-pattern using the scope field in the grep entry: `Only in Headers` or `Only in Body`. ## 🔽 Pre-Request Filters These filters are applied **before** the request is sent, allowing you to skip irrelevant requests early and save time. ### 📄 Content-Type Filter (`IsContentType`) Only process responses with a specific Content-Type. ```json { "IsContentType": true, "ContentType": "text/html", "NegativeCT": false } ``` | Field | Description | | --------------- | -------------------------------------------------------------------------- | | `IsContentType` | ✅ Enable Content-Type filtering | | `ContentType` | 📄 The expected Content-Type value (partial match) | | `NegativeCT` | 🔄 `true` = exclude this Content-Type, `false` = require this Content-Type | **📝 Examples:** ✅ Only scan HTML responses: ```json { "IsContentType": true, "ContentType": "text/html", "NegativeCT": false } ``` 🚫 Skip JSON responses: ```json { "IsContentType": true, "ContentType": "application/json", "NegativeCT": true } ``` ### 🔢 Response Code Filter (`IsResponseCode`) Only process responses with a specific HTTP status code. ```json { "IsResponseCode": true, "ResponseCode": "200", "NegativeRC": false } ``` | Field | Description | | ---------------- | ---------------------------------------------------------- | | `IsResponseCode` | ✅ Enable status code filtering | | `ResponseCode` | 🔢 The expected HTTP status code | | `NegativeRC` | 🔄 `true` = exclude this code, `false` = require this code | **📝 Examples:** ✅ Only scan successful responses: ```json { "IsResponseCode": true, "ResponseCode": "200", "NegativeRC": false } ``` 🚫 Skip 404 responses: ```json { "IsResponseCode": true, "ResponseCode": "404", "NegativeRC": true } ``` ### 📁 URL Extension Filter (`isurlextension`) Only process requests with specific URL file extensions. ```json { "isurlextension": true, "urlextension": "php,asp,aspx,jsp", "NegativeUrlExtension": false } ``` | Field | Description | | ---------------------- | ------------------------------------------------------------------------ | | `isurlextension` | ✅ Enable URL extension filtering | | `urlextension` | 📄 Comma-separated list of extensions (without dots) | | `NegativeUrlExtension` | 🔄 `true` = exclude these extensions, `false` = require these extensions | **📝 Examples:** ✅ Only scan PHP and JSP files: ```json { "isurlextension": true, "urlextension": "php,jsp", "NegativeUrlExtension": false } ``` 🚫 Skip static files: ```json { "isurlextension": true, "urlextension": "js,css,png,jpg,gif,svg,woff,woff2", "NegativeUrlExtension": true } ``` ## 🔗 Combining Filters Filters can be combined to precisely target the responses you want to analyze: ```json { "IsContentType": true, "ContentType": "text/html", "NegativeCT": false, "IsResponseCode": true, "ResponseCode": "200", "NegativeRC": false, "isurlextension": true, "urlextension": "js,css,png,jpg", "NegativeUrlExtension": true } ``` This configuration: * ✅ Only processes HTML responses * ✅ Only processes 200 OK responses * 🚫 Skips static file extensions ## 🎯 Grep Scope per Pattern In addition to the global `ExcludeHTTP`/`OnlyHTTP` flags, each grep pattern can specify its own scope: ```json "Grep": [ "true,,Simple String,Only in Headers,Set-Cookie: admin=", "true,OR,Simple String,Only in Body,Welcome Administrator", "true,OR,Simple String,,admin" ] ``` | Scope | Description | | ----------------- | ------------------------------- | | *(empty)* | 🌐 Search entire response | | `Only in Headers` | 📋 Search only in HTTP headers | | `Only in Body` | 📄 Search only in response body | ## ⚡ Filter Evaluation Order Filters are evaluated in this order to maximize performance: 1. 📁 **URL Extension** — Skip requests to static files 2. 🔢 **Response Code** — Skip responses with wrong status codes 3. 📄 **Content-Type** — Skip responses with wrong content types 4. 🔍 **Grep Matching** — Apply match patterns to the filtered response This early filtering pipeline prevents unnecessary processing and reduces scan time.