Rule engine
Cyweb uses YAML signature rules powered by the PeriDex Engine — the same rule format shared across cyscan, cyprobe, and the Cybrium platform.
Rule structure
id: CYWEB-001
name: Apache default page
description: The Apache HTTP Server default welcome page is exposed
severity: info
category: server-config
match:
path: /
method: GET
status: 200
body_contains: "It works!"
metadata:
cve: []
references:
- https://httpd.apache.org/docs/
Rule categories
| Category | Count | Examples |
|---|---|---|
| Server misconfigs | 1,200+ | Default pages, directory listings, debug endpoints |
| Outdated software | 900+ | Version fingerprints for Apache, Nginx, IIS, Tomcat |
| Default credentials | 400+ | Admin panels, databases, routers |
| CGI vulnerabilities | 350+ | Classic CGI/script path checks |
| CVE-mapped | 800+ | Known CVEs with PoC request patterns |
| Information disclosure | 500+ | .git/config, .env, backup files, phpinfo |
| Security headers | 100+ | Missing CSP, HSTS, X-Frame-Options |
Writing custom rules
Create a YAML file following the schema above and place it in a rules directory:
cyweb scan https://target.com --rules ./my-rules/
Rules are loaded from the built-in set plus any additional directories you specify.
Baseline diffing
Cyweb sends a probe to a known-nonexistent path before scanning. If the target returns 200 for everything (common with SPAs), cyweb compares each result against this baseline. Only responses that differ meaningfully from the baseline are reported as findings — eliminating false positives from catch-all routers.