Nuclei · Capability
PDCP API — results
PDCP API — results. 7 operations. Lead operation: Get Scan Results. Self-contained Naftiko capability covering one Nuclei business surface.
What You Can Do
GET
Getv1scansresultscanid
— Get Scan Results
/v1/v1/scans/result/{scanid}
GET
Getv1results
— Get All Results
/v1/v1/scans/results
GET
Getv1scansresultsfilters
— Get Scans Result Filters
/v1/v1/scans/results/filters
GET
Getv1scansresultsstats
— Get Results Stats
/v1/v1/scans/results/stats
GET
Getv1scansvulnchangelogs
— Get all Vulnerability Changelogs
/v1/v1/scans/vuln/changelogs
GET
Getv1scansvulnvulnid
— Get Scan Vulnerability
/v1/v1/scans/vuln/{vuln-id}
GET
Getv1scansvulnvulnidchangelogs
— Get Vulnerability Changelogs
/v1/v1/scans/vuln/{vuln-id}/changelogs
MCP Tools
get-scan-results
Get Scan Results
read-only
idempotent
get-all-results
Get All Results
read-only
idempotent
get-scans-result-filters
Get Scans Result Filters
read-only
idempotent
get-results-stats
Get Results Stats
read-only
idempotent
get-all-vulnerability-changelogs
Get all Vulnerability Changelogs
read-only
idempotent
get-scan-vulnerability
Get Scan Vulnerability
read-only
idempotent
get-vulnerability-changelogs
Get Vulnerability Changelogs
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: PDCP API — results
description: 'PDCP API — results. 7 operations. Lead operation: Get Scan Results. Self-contained Naftiko capability covering
one Nuclei business surface.'
tags:
- Nuclei
- results
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
NUCLEI_API_KEY: NUCLEI_API_KEY
capability:
consumes:
- type: http
namespace: nuclei-results
baseUri: https://api.projectdiscovery.io
description: PDCP API — results business capability. Self-contained, no shared references.
resources:
- name: v1-scans-result-scanId
path: /v1/scans/result/{scanId}
operations:
- name: getv1scansresultscanid
method: GET
description: Get Scan Results
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: severity
in: query
type: string
description: comma separated severity e.g. severity=info,high
- name: search
in: query
type: string
description: search term
- name: limit
in: query
type: integer
description: number of results
- name: offset
in: query
type: integer
description: number of results to skip
- name: templates
in: query
type: string
description: comma separated templates e.g. templates=tech-detect,azure-takeover
- name: hosts
in: query
type: string
description: comma separated host e.g. hosts=https://example.com,https://x.com
- name: domain
in: query
type: string
description: comma separated domain names e.g-> domain=domain1.com,domain2.com
- name: port
in: query
type: string
description: comma separated ports e.g. ports=80,443
- name: time
in: query
type: string
description: filter by time ( last_day, last_week, last_month )
- name: vuln_status
in: query
type: string
description: comma separated vuln_status e.g vuln_status=open,fixed
- name: sort_asc
in: query
type: string
description: comma separated ascending sorting e.g sort_asc=created_at,severity
- name: sort_desc
in: query
type: string
description: comma separated descending sorting e.g sort_desc=created_at,severity
- name: asset_metadata
in: query
type: boolean
description: Asset details for the vulnerability
- name: X-Team-Id
in: header
type: string
description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team'
- name: v1-scans-results
path: /v1/scans/results
operations:
- name: getv1results
method: GET
description: Get All Results
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: offset
in: query
type: integer
description: number of results to skip
- name: limit
in: query
type: integer
description: number of results to get
- name: severity
in: query
type: string
description: string separated by comma e.g. info,high
- name: search
in: query
type: string
description: search term
- name: host
in: query
type: string
description: comma separated host e.g. hosts=https://example.com,https://x.com
- name: domain
in: query
type: string
description: comma separated domain names e.g-> domain=domain1.com,domain2.com
- name: port
in: query
type: string
description: comma separated ports e.g. ports=80,443
- name: templates
in: query
type: string
description: comma separated templates e.g. templates=tech-detect,azure-takeover
- name: time
in: query
type: string
description: filter by time ( last_day, last_week, last_month )
- name: vuln_status
in: query
type: string
description: comma separated vuln_status e.g vuln_status=open,fixed
- name: tags
in: query
type: string
description: comma separated tags e.g tags=xss,cve
- name: sort_asc
in: query
type: string
description: comma separated ascending sorting e.g sort_asc=created_at,severity
- name: sort_desc
in: query
type: string
description: comma separated descending sorting e.g sort_desc=created_at,severity
- name: is_ticket
in: query
type: boolean
description: Return the records that have issue trackers
- name: labels
in: query
type: string
description: filter by comma separated labels e.g labels=p1,p2
- name: category
in: query
type: string
description: filter by comma separated categories e.g category=cve,xss
- name: is_regression
in: query
type: boolean
description: filter by is_regression
- name: is_internal
in: query
type: boolean
description: filter by is_internal (internal vs external hosts)
- name: asset_metadata
in: query
type: boolean
description: Asset details for the vulnerability
- name: X-Team-Id
in: header
type: string
description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team'
- name: v1-scans-results-filters
path: /v1/scans/results/filters
operations:
- name: getv1scansresultsfilters
method: GET
description: Get Scans Result Filters
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: offset
in: query
type: integer
description: The number of items to skip before starting to collect the result set
- name: limit
in: query
type: integer
description: The numbers of items to return
- name: scan_id
in: query
type: string
description: specific scan_id results filters
- name: severity
in: query
type: string
description: comma separated severity e.g. severities=info,high
- name: templates
in: query
type: string
description: comma separated templates e.g. templates=tech-detect,azure-takeover
- name: host
in: query
type: string
description: comma separated host e.g. hosts=https://example.com,https://x.com
- name: domain
in: query
type: string
description: comma separated domain names e.g-> domain=domain1.com,domain2.com
- name: port
in: query
type: string
description: comma separated ports e.g. ports=80,443
- name: search
in: query
type: string
description: search term
- name: type
in: query
type: string
description: type of filter
required: true
- name: time
in: query
type: string
description: filter by time ( last_day, last_week, last_month )
- name: vuln_status
in: query
type: string
description: comma separated vuln_status e.g vuln_status=open,fixed
- name: sort_asc
in: query
type: string
description: comma separated ascending sorting e.g sort_asc=created_at,severity
- name: sort_desc
in: query
type: string
description: comma separated descending sorting e.g sort_desc=created_at,severity
- name: tags
in: query
type: string
description: comma separated tags e.g tags=xss,cve
- name: not_hosts
in: query
type: string
description: comma separated hosts that should not be returned e.g. not_hosts=https://example.com,https://x.com
- name: not_severity
in: query
type: string
description: comma separated severity that should not be returned e.g. not_severity=info,high
- name: not_templates
in: query
type: string
description: comma separated templates that should not be returned e.g. not_templates=tech-detect,azure-takeover
- name: labels
in: query
type: string
description: filter by comma separated labels e.g labels=p1,p2
- name: category
in: query
type: string
description: filter by comma separated categories e.g category=cve,xss
- name: is_regression
in: query
type: boolean
description: filter by is_regression
- name: is_internal
in: query
type: boolean
description: filter by is_internal (internal vs external hosts)
- name: X-Team-Id
in: header
type: string
description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team'
- name: start_date
in: query
type: string
description: time filter start date
- name: end_date
in: query
type: string
description: time filter end date
- name: v1-scans-results-stats
path: /v1/scans/results/stats
operations:
- name: getv1scansresultsstats
method: GET
description: Get Results Stats
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: offset
in: query
type: integer
description: The number of items to skip before starting to collect the result set
- name: limit
in: query
type: integer
description: The numbers of items to return
- name: host
in: query
type: string
description: comma separated host e.g. hosts=https://example.com,https://x.com
- name: domain
in: query
type: string
description: comma separated domain names e.g-> domain=domain1.com,domain2.com
- name: port
in: query
type: string
description: comma separated ports e.g. ports=80,443
- name: templates
in: query
type: string
description: comma separated templates e.g. templates=tech-detect,azure-takeover
- name: severity
in: query
type: string
description: comma separated severity e.g. severities=info,high
- name: search
in: query
type: string
description: search term
- name: scan_id
in: query
type: string
description: specific scan_id results filters
- name: time
in: query
type: string
description: filter by time ( last_day, last_week, last_month )
- name: vuln_status
in: query
type: string
description: comma separated vuln_status e.g vuln_status=open,fixed
- name: tags
in: query
type: string
description: comma separated tags e.g tags=xss,cve
- name: not_hosts
in: query
type: string
description: comma separated hosts that should not be returned e.g. not_hosts=https://example.com,https://x.com
- name: not_severity
in: query
type: string
description: comma separated severity that should not be returned e.g. not_severity=info,high
- name: not_templates
in: query
type: string
description: comma separated templates that should not be returned e.g. not_templates=tech-detect,azure-takeover
- name: labels
in: query
type: string
description: filter by comma separated labels e.g labels=p1,p2
- name: category
in: query
type: string
description: filter by comma separated categories e.g category=cve,xss
- name: is_regression
in: query
type: boolean
description: filter by is_regression
- name: is_internal
in: query
type: boolean
description: filter by is_internal (internal vs external hosts)
- name: X-Team-Id
in: header
type: string
description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team'
- name: start_date
in: query
type: string
description: time filter start date
- name: end_date
in: query
type: string
description: time filter end date
- name: v1-scans-vuln-changelogs
path: /v1/scans/vuln/changelogs
operations:
- name: getv1scansvulnchangelogs
method: GET
description: Get all Vulnerability Changelogs
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: time
in: query
type: string
description: time filter to select
- name: event_type
in: query
type: string
description: comma separated event_type e.g. event_type=vul_status,vul_status_change
- name: sort_asc
in: query
type: string
description: comma separated ascending sorting e.g sort_asc=created_at,severity
- name: sort_desc
in: query
type: string
description: comma separated descending sorting e.g sort_desc=created_at,severity
- name: limit
in: query
type: integer
description: number of results to get
- name: offset
in: query
type: integer
description: number of results to skip
- name: X-Team-Id
in: header
type: string
description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team'
- name: v1-scans-vuln-vuln_id
path: /v1/scans/vuln/{vuln_id}
operations:
- name: getv1scansvulnvulnid
method: GET
description: Get Scan Vulnerability
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: X-Team-Id
in: header
type: string
description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team'
- name: v1-scans-vuln-vuln_id-changelogs
path: /v1/scans/vuln/{vuln_id}/changelogs
operations:
- name: getv1scansvulnvulnidchangelogs
method: GET
description: Get Vulnerability Changelogs
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: time
in: query
type: string
description: time filter to select
- name: event_type
in: query
type: string
description: comma separated event_type e.g. event_type=vul_status,vul_status_change
- name: sort_asc
in: query
type: string
description: comma separated ascending sorting e.g sort_asc=created_at,severity
- name: sort_desc
in: query
type: string
description: comma separated descending sorting e.g sort_desc=created_at,severity
- name: limit
in: query
type: integer
description: number of results to get
- name: offset
in: query
type: integer
description: number of results to skip
- name: X-Team-Id
in: header
type: string
description: 'Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team'
authentication:
type: apikey
key: X-API-Key
value: '{{env.NUCLEI_API_KEY}}'
placement: header
exposes:
- type: rest
namespace: nuclei-results-rest
port: 8080
description: REST adapter for PDCP API — results. One Spectral-compliant resource per consumed operation, prefixed with
/v1.
resources:
- path: /v1/v1/scans/result/{scanid}
name: v1-scans-result-scanid
description: REST surface for v1-scans-result-scanId.
operations:
- method: GET
name: getv1scansresultscanid
description: Get Scan Results
call: nuclei-results.getv1scansresultscanid
with:
severity: rest.severity
search: rest.search
limit: rest.limit
offset: rest.offset
templates: rest.templates
hosts: rest.hosts
domain: rest.domain
port: rest.port
time: rest.time
vuln_status: rest.vuln_status
sort_asc: rest.sort_asc
sort_desc: rest.sort_desc
asset_metadata: rest.asset_metadata
X-Team-Id: rest.X-Team-Id
outputParameters:
- type: object
mapping: $.
- path: /v1/v1/scans/results
name: v1-scans-results
description: REST surface for v1-scans-results.
operations:
- method: GET
name: getv1results
description: Get All Results
call: nuclei-results.getv1results
with:
offset: rest.offset
limit: rest.limit
severity: rest.severity
search: rest.search
host: rest.host
domain: rest.domain
port: rest.port
templates: rest.templates
time: rest.time
vuln_status: rest.vuln_status
tags: rest.tags
sort_asc: rest.sort_asc
sort_desc: rest.sort_desc
is_ticket: rest.is_ticket
labels: rest.labels
category: rest.category
is_regression: rest.is_regression
is_internal: rest.is_internal
asset_metadata: rest.asset_metadata
X-Team-Id: rest.X-Team-Id
outputParameters:
- type: object
mapping: $.
- path: /v1/v1/scans/results/filters
name: v1-scans-results-filters
description: REST surface for v1-scans-results-filters.
operations:
- method: GET
name: getv1scansresultsfilters
description: Get Scans Result Filters
call: nuclei-results.getv1scansresultsfilters
with:
offset: rest.offset
limit: rest.limit
scan_id: rest.scan_id
severity: rest.severity
templates: rest.templates
host: rest.host
domain: rest.domain
port: rest.port
search: rest.search
type: rest.type
time: rest.time
vuln_status: rest.vuln_status
sort_asc: rest.sort_asc
sort_desc: rest.sort_desc
tags: rest.tags
not_hosts: rest.not_hosts
not_severity: rest.not_severity
not_templates: rest.not_templates
labels: rest.labels
category: rest.category
is_regression: rest.is_regression
is_internal: rest.is_internal
X-Team-Id: rest.X-Team-Id
start_date: rest.start_date
end_date: rest.end_date
outputParameters:
- type: object
mapping: $.
- path: /v1/v1/scans/results/stats
name: v1-scans-results-stats
description: REST surface for v1-scans-results-stats.
operations:
- method: GET
name: getv1scansresultsstats
description: Get Results Stats
call: nuclei-results.getv1scansresultsstats
with:
offset: rest.offset
limit: rest.limit
host: rest.host
domain: rest.domain
port: rest.port
templates: rest.templates
severity: rest.severity
search: rest.search
scan_id: rest.scan_id
time: rest.time
vuln_status: rest.vuln_status
tags: rest.tags
not_hosts: rest.not_hosts
not_severity: rest.not_severity
not_templates: rest.not_templates
labels: rest.labels
category: rest.category
is_regression: rest.is_regression
is_internal: rest.is_internal
X-Team-Id: rest.X-Team-Id
start_date: rest.start_date
end_date: rest.end_date
outputParameters:
- type: object
mapping: $.
- path: /v1/v1/scans/vuln/changelogs
name: v1-scans-vuln-changelogs
description: REST surface for v1-scans-vuln-changelogs.
operations:
- method: GET
name: getv1scansvulnchangelogs
description: Get all Vulnerability Changelogs
call: nuclei-results.getv1scansvulnchangelogs
with:
time: rest.time
event_type: rest.event_type
sort_asc: rest.sort_asc
sort_desc: rest.sort_desc
limit: rest.limit
offset: rest.offset
X-Team-Id: rest.X-Team-Id
outputParameters:
- type: object
mapping: $.
- path: /v1/v1/scans/vuln/{vuln-id}
name: v1-scans-vuln-vuln-id
description: REST surface for v1-scans-vuln-vuln_id.
operations:
- method: GET
name: getv1scansvulnvulnid
description: Get Scan Vulnerability
call: nuclei-results.getv1scansvulnvulnid
with:
X-Team-Id: rest.X-Team-Id
outputParameters:
- type: object
mapping: $.
- path: /v1/v1/scans/vuln/{vuln-id}/changelogs
name: v1-scans-vuln-vuln-id-changelogs
description: REST surface for v1-scans-vuln-vuln_id-changelogs.
operations:
- method: GET
name: getv1scansvulnvulnidchangelogs
description: Get Vulnerability Changelogs
call: nuclei-results.getv1scansvulnvulnidchangelogs
with:
time: rest.time
event_type: rest.event_type
sort_asc: rest.sort_asc
sort_desc: rest.sort_desc
limit: rest.limit
offset: rest.offset
X-Team-Id: rest.X-Team-Id
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: nuclei-results-mcp
port: 9090
transport: http
description: MCP adapter for PDCP API — results. One tool per consumed operation, routed inline through this capability's
consumes block.
tools:
- name: get-scan-results
description: Get Scan Results
hints:
readOnly: true
destructive: false
idempotent: true
call: nuclei-results.getv1scansresultscanid
with:
severity: tools.severity
search: tools.search
limit: tools.limit
offset: tools.offset
templates: tools.templates
hosts: tools.hosts
domain: tools.domain
port: tools.port
time: tools.time
vuln_status: tools.vuln_status
sort_asc: tools.sort_asc
sort_desc: tools.sort_desc
asset_metadata: tools.asset_metadata
X-Team-Id: tools.X-Team-Id
outputParameters:
- type: object
mapping: $.
- name: get-all-results
description: Get All Results
hints:
readOnly: true
destructive: false
idempotent: true
call: nuclei-results.getv1results
with:
offset: tools.offset
limit: tools.limit
severity: tools.severity
search: tools.search
host: tools.host
domain: tools.domain
port: tools.port
templates: tools.templates
time: tools.time
vuln_status: tools.vuln_status
tags: tools.tags
sort_asc: tools.sort_asc
sort_desc: tools.sort_desc
is_ticket: tools.is_ticket
labels: tools.labels
category: tools.category
is_regression: tools.is_regression
is_internal: tools.is_internal
asset_metadata: tools.asset_metadata
X-Team-Id: tools.X-Team-Id
outputParameters:
- type: object
mapping: $.
- name: get-scans-result-filters
description: Get Scans Result Filters
hints:
readOnly: true
destructive: false
idempotent: true
call: nuclei-results.getv1scansresultsfilters
with:
offset: tools.offset
limit: tools.limit
scan_id: tools.scan_id
severity: tools.severity
templates: tools.templates
host: tools.host
domain: tools.domain
port: tools.port
search: tools.search
type: tools.type
time: tools.time
vuln_status: tools.vuln_status
sort_asc: tools.sort_asc
sort_desc: tools.sort_desc
tags: tools.tags
not_hosts: tools.not_hosts
not_severity: tools.not_severity
not_templates: tools.not_templates
labels: tools.labels
category: tools.category
is_regression: tools.is_regression
is_internal: tools.is_internal
X-Team-Id: tools.X-Team-Id
start_date: tools.start_date
end_date: tools.end_date
outputParameters:
- type: object
mapping: $.
- name: get-results-stats
description: Get Results Stats
hints:
readOnly: true
destructive: false
idempotent: true
call: nuclei-results.getv1scansresultsstats
with:
offset: tools.offset
limit: tools.limit
host: tools.host
domain: tools.domain
port: tools.port
templates: tools.templates
severity: tools.severity
search: tools.search
scan_id: tools.scan_id
time: tools.time
vuln_status: tools.vuln_status
tags: tools.tags
not_hosts: tools.not_hosts
not_severity: tools.not_severity
not_templates: tools.not_templates
labels: tools.labels
category: tools.category
is_regression: tools.is_regression
is_internal: tools.is_internal
X-Team-Id: tools.X-Team-Id
start_date: tools.start_date
end_date: tools.end_date
outputParameters:
- type: object
mapping: $.
- name: get-all-vulnerability-changelogs
description: Get all Vulnerability Changelogs
hints:
readOnly: true
destructive: false
idempotent: true
call: nuclei-results.getv1scansvulnchangelogs
with:
time: tools.time
event_type: tools.event_type
sort_asc: tools.sort_asc
sort_desc: tools.sort_desc
limit: tools.limit
offset: tools.offset
X-Team-Id: tools.X-Team-Id
outputParameters:
- type: object
mapping: $.
- name: get-scan-vulnerability
description: Get Scan Vulnerability
hints:
readOnly: true
destructive: false
idempotent: true
call: nuclei-results.getv1scansvulnvulnid
with:
X-Team-Id: tools.X-Team-Id
outputParameters:
- type: object
mapping: $.
- name: get-vulnerability-changelogs
description: Get Vulnerability Changelogs
hints:
readOnly: true
destructive: false
idempotent: true
call: nuclei-results.getv1scansvulnvulnidchangelogs
with:
time: tools.time
event_type: tools.event_type
sort_asc: tools.sort_asc
sort_desc: tools.sort_desc
limit: tools.limit
offset: tools.offset
X-Team-Id: tools.X-Team-Id
outputParameters:
- type: object
mapping: $.