For now, Verdex only supports output in JSON format.
Use -output-json
to define the path of JSON output file where to export results, for example:
verdex -target https://example.com -output-json ./results.json
JSON output always have the same structure:
{
// verdex version
"scanner": "verdex@1.0.0",
// templates source ("file:<dirpath>" if custom path)
"templates": "github:verdexlab/verdex@1.0.0",
// scan results
"results": [
{
// scan's start date and time
"startedAt": "2024-12-16T14:07:14+01:00",
// scan's end date and time
"endedAt": "2024-12-16T14:07:28+01:00",
// input target
"target": "https://example.com",
// input or detected product (empty if product detection failed)
"product": "keycloak",
// was the version detection successful?
"success": true,
// list of detected possible versions
"possibleVersions": [
{
"version": "25.0.6",
"cpe": "cpe:2.3:a:redhat:keycloak:25.0.6:*:*:*:*:*:*:*"
}
],
// list of vulnerabilities associated to possible versions
"cves": [
{
"id": "CVE-2022-4361",
"description": "Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.",
"cvss_score": 10,
"epss_score": 0.00311,
"is_kev": false,
"vulnerable_versions": ["21.0.2"],
"published_at": "2023-07-07"
}
]
}
]
}