Overview
scan4all integrates 15000+ POC detection capabilities across three different POC systems, making it one of the most comprehensive security scanning tools available. The tool combines Nuclei templates, xray POCs, and custom Go-based POCs to provide extensive vulnerability coverage.POC Detection Systems
Nuclei Templates
3922+ templates across 281 directories with community-driven detection rules
Xray POCs
300+ YAML POCs from xray v2.0 for web vulnerability detection
Go POCs
Custom Go POCs for critical vulnerabilities in enterprise applications
Key Statistics
Nuclei Templates
| Category | Count | Description |
|---|---|---|
| Total Files | 3,922 | YAML-based detection templates |
| Directories | 281 | Organized by vulnerability type |
| CVE POCs | 1,430 | Known CVE exploits |
| Panel Detection | 655 | Exposed admin panels |
| EDB Exploits | 563 | Exploit-DB ported exploits |
Coverage by Severity
Critical
478 templates for critical vulnerabilities requiring immediate attention
High
1,009 templates for high-severity security issues
Medium
818 templates for medium-risk vulnerabilities
Info
1,474 templates for informational findings and exposure detection
Detection Workflow
POC Execution Engine
The POC execution is triggered automatically based on fingerprint detection:Fingerprint Identification
Scan target to identify technologies, frameworks, and services using 7000+ fingerprints
Supported Vulnerability Types
Remote Code Execution (RCE)
Remote Code Execution (RCE)
- Java deserialization vulnerabilities
- Spring4Shell (CVE-2022-22965)
- Log4Shell (CVE-2021-44228)
- Weblogic RCE vulnerabilities
- Template injection attacks
Authentication Bypass
Authentication Bypass
- Default credentials detection
- Session handling vulnerabilities
- Authentication mechanism bypass
- JWT vulnerabilities
Information Disclosure
Information Disclosure
- Sensitive file exposure
- Configuration leaks
- Source code disclosure
- Database information leaks
Injection Attacks
Injection Attacks
- SQL injection
- XXE (XML External Entity)
- SSRF (Server-Side Request Forgery)
- Command injection
Technology Coverage
Top 10 Nuclei Categories
| Tag | Count | Description |
|---|---|---|
cve | 1,430 | CVE-identified vulnerabilities |
panel | 655 | Admin panel exposure |
edb | 563 | Exploit-DB exploits |
lfi | 509 | Local file inclusion |
xss | 491 | Cross-site scripting |
wordpress | 419 | WordPress vulnerabilities |
exposure | 407 | Sensitive information exposure |
cve2021 | 352 | 2021 CVE vulnerabilities |
rce | 337 | Remote code execution |
wp-plugin | 316 | WordPress plugin vulnerabilities |
Detection Features
Intelligent Detection
Automatically selects relevant POCs based on fingerprint analysis to reduce false positives
Parallel Execution
Concurrent POC execution for faster scan completion without overwhelming targets
Result Deduplication
Prevents duplicate vulnerability reports across different POC systems
Elasticsearch Integration
Store and query POC results in Elasticsearch for advanced analysis
Performance Considerations
Optimization Strategies
- Fingerprint-based filtering - Only execute POCs matching detected technologies
- Request caching - Avoid redundant HTTP requests
- Rate limiting - Prevent overwhelming target systems
- Duplicate prevention - Skip already-tested target/POC combinations
Quick Start
Output Format
POC detection results are reported in a standardized format:URL [Status] [Technology] [Vulnerability] [Final URL]
Next Steps
Nuclei Templates
Learn about Nuclei template integration
Xray POCs
Explore xray YAML POC system
Custom POCs
Create your own POC modules