For now, Verdex only supports output in JSON format.

JSON format

Use -output-json to define the path of JSON output file where to export results, for example:

-output-json
filepath
verdex -target https://example.com -output-json ./results.json

JSON output always have the same structure:

{
  // verdex version
  "scanner": "verdex@1.0.0",

  // templates source ("file:<dirpath>" if custom path)
  "templates": "github:verdexlab/verdex@1.0.0",

  // scan results
  "results": [
    {
      // scan's start date and time
      "startedAt": "2024-12-16T14:07:14+01:00",

      // scan's end date and time
      "endedAt": "2024-12-16T14:07:28+01:00",

      // input target
      "target": "https://example.com",

      // input or detected product (empty if product detection failed)
      "product": "keycloak",

      // was the version detection successful?
      "success": true,

      // list of detected possible versions
      "possibleVersions": [
        {
          "version": "25.0.6",
          "cpe": "cpe:2.3:a:redhat:keycloak:25.0.6:*:*:*:*:*:*:*"
        }
      ],

      // list of vulnerabilities associated to possible versions
      "cves": [
        {
          "id": "CVE-2022-4361",
          "description": "Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.",
          "cvss_score": 10,
          "epss_score": 0.00311,
          "is_kev": false,
          "vulnerable_versions": ["21.0.2"],
          "published_at": "2023-07-07"
        }
      ]
    }
  ]
}