# Vulnerability Verification {#vulnverification} ## Overview **Vulnerability Verification** automatically verifies whether a reported vulnerability can actually be reproduced. It executes attack scenarios against the target application and determines whether the vulnerability exists. This can be used not only for re-testing after a fix, but also for validating the legitimacy of vulnerability reports from various sources such as bug bounties or third-party audits. ## Creating a Verification Task There are two ways to create a vulnerability verification task. ### From a Takumi Assessment Result To re-verify a vulnerability detected in a previous blackbox assessment, you can create a task directly from the assessment report page. 1. Open the report page of a completed blackbox assessment. 2. Click the **"Verify Vulnerability"** button. 3. Select the vulnerability you want to verify, then click **"Start Verification"**. ![Select Finding to Verify modal](/docs/_md-assets/960b03d3b4-select-finding-modal.png) :::info You cannot create duplicate tasks for the same vulnerability. To re-verify, delete the existing task first and then create a new one. ::: ### Create Manually You can also verify vulnerabilities discovered outside of Takumi assessments, such as those from bug bounties or third-party vulnerability reports. 1. Open the **Vulnerability Verification** list page from the tab. 2. Click the **"Create Task"** button. 3. Fill in the following information: - **Title**: Name of the vulnerability (e.g., SQL Injection in login form) - **Vulnerability Report**: Detailed description of the vulnerability. Include reproduction steps, affected endpoints, and impact - **Vulnerability Type**: Classification such as XSS, SQL Injection, etc. (optional) - **Target URL**: URL of the application to verify - **Credentials**: Enter if the target application requires authentication (optional) 4. Click **"Start Verification"**. :::info The more detailed the vulnerability report, the more accurate the verification will be. Including reproduction steps and specific request examples is recommended. ::: ## Reviewing the Result Processing typically takes several minutes. Select the target task from the list to open its detail panel with the verification result. ![Vulnerability Verification result panel](/docs/_md-assets/d7e5717b1a-list-expand-result.png) ## Task Operations The following operations are available from each task's action menu: - **Retry**: Re-run the verification with the same conditions. Use this after redeploying a fix or to retry after an error. - **Cancel**: Stop a running verification. - **Delete**: Remove the task from the list. ## Statuses and Results | Category | Item | Description | | :----------- | :----------------- | :---------------------------------------------------------------------------------------- | | **Progress** | **Running** | Verification is in progress. | | | **Cancelled** | Execution was stopped by the user. | | **Result** | **Not Vulnerable** | The vulnerability could not be reproduced. | | | **Vulnerable** | The vulnerability was reproduced. | | | **Waiting Review** | An error occurred during processing, or the result could not be determined automatically. | ## Important Notes - **Verdict accuracy**: Verdicts are produced automatically, so results may vary depending on network conditions or application state. For critical issues, review the reasoning and perform a manual final check as needed. - **One finding per task**: Each task verifies a single vulnerability. To verify multiple vulnerabilities, create one task per finding. ## Credit Consumption {#credits} Credits are required to use this feature. Credit consumption varies depending on the vulnerability under verification and the complexity of the operations needed to reproduce it.