<p>The extension checks the following things:</p>

<ol>
	<li>Application response bodies for specific strings that indicate a vulnerability is present, such as error output indicative of SQLi, Serialization issues, XXE issues, etc</li>
	<li>Application requests in the URL and Body for potential targets of SSRF/LFI/RFI/Directory Traversal/URL Injection attack</li>
	<li>Application requests and responses in URLs, bodies, and headers for AWS S3 buckets/Azure Storage containers/Google storage containers</li>
	<li>Application requests for parameters that might indicate targets for other common attack vectors (similar to HUNT)</li>
	<li>Application responses for potential leaking of secrets</li>
</ol>

<p>Usage Note</p>

<p>Items must be in scope for the checks to apply.</p>