Expand your ScoreB system with custom plugins

The ScoreB ecosystem is plugin-driven. Plugins must follow a simple, consistent format so the core engines (scoreb_client / scoreb_analyzer) can parse and ingest results reliably.

ScoreB supports two integration methods that are open and interoperable: Method 1 – Local custom plugins and Method 2 – Direct API submissions.

Method 1 — Local custom plugins

Use this method when you run your own tools or scripts (third-party tools, penetration-test scripts, or tailored probes) but want ScoreB to perform centralized analysis and reporting. The example plugin distributed with ScoreB acts as a template and shows exactly how plugins should be structured and how they interact with the core engines.

Quick FAQ

Where to place plugins?
Install custom plugins under: /usr/share/scoreb/plugins/.
What languages are supported?
Any language — there is no restriction. Common choices: bash, python, perl, C/C++. The only requirement is that the plugin is executable and runnable as ./myplugin.
What must a plugin do?
Perform checks, format results according to the example template, and output findings in the expected fields.

Method 2 — Direct API submissions

Use the API method when you prefer to push findings over HTTPS directly to ScoreB (independent from the local client). This is useful for cloud-based tools, CI pipelines, or remote scripts.

Example curl submission

$curl -m 30 -k -s --retry 3 --retry-max-time 4 --connect-timeout 15 \
-d "apikey=$APIKEY" \
-d "logtype=$LOGTYPE" \
-d "hostip=$HOSTIP" \
-d "parameter=$PARAMETER" \
-d "value=$VALUE" \
-d "application=$APPLICATION" \
-d "category=$CATEGORY" \
-d "description=$DESCRIPTION" \
-d "solution=$SOLUTION" \
-d "severity=$SEVERITY" \
-d "information=$INFORMATION" \
-d "cve=$CVE" \
-d "score=$SCORE" \
-d "port=$PORT" \
$SCOREB_SERVER/rlogger.php >/dev/null

Note: Use HTTPS in production, keep API keys confidential, and return a JSON response for verification.

Best practices

  • Follow the example template for correct parsing and scoring.
  • Sanitize and validate all inputs before submission.
  • Use HTTPS and protect API credentials.
  • Implement retry/backoff logic for transient errors.

Getting started

  1. Copy the example plugin from /usr/share/scoreb/plugins/example.
  2. Modify it to run your checks and populate the required fields.
  3. Make the plugin executable and test it locally.
  4. Verify the results in ScoreB or via the API.

Talk to an Expert

Expand your ScoreB system with custom plugins

The ScoreB ecosystem is plugin-driven. Plugins must follow a simple, consistent format so the core engines (scoreb_client / scoreb_analyzer) can parse and ingest results reliably.

ScoreB supports two integration methods that are open and interoperable: Method 1 – Local custom plugins and Method 2 – Direct API submissions.

Method 1 — Local custom plugins

Use this method when you run your own tools or scripts (third-party tools, penetration-test scripts, or tailored probes) but want ScoreB to perform centralized analysis and reporting. The example plugin distributed with ScoreB acts as a template and shows exactly how plugins should be structured and how they interact with the core engines.

Quick FAQ

Where to place plugins?
Install custom plugins under: /usr/share/scoreb/plugins/.
What languages are supported?
Any language — there is no restriction. Common choices: bash, python, perl, C/C++. The only requirement is that the plugin is executable and runnable as ./myplugin.
What must a plugin do?
Perform checks, format results according to the example template, and output findings in the expected fields.

Method 2 — Direct API submissions

Use the API method when you prefer to push findings over HTTPS directly to ScoreB (independent from the local client). This is useful for cloud-based tools, CI pipelines, or remote scripts.

Example curl submission

$curl -m 30 -k -s --retry 3 --retry-max-time 4 --connect-timeout 15 \
-d "apikey=$APIKEY" \
-d "logtype=$LOGTYPE" \
-d "hostip=$HOSTIP" \
-d "parameter=$PARAMETER" \
-d "value=$VALUE" \
-d "application=$APPLICATION" \
-d "category=$CATEGORY" \
-d "description=$DESCRIPTION" \
-d "solution=$SOLUTION" \
-d "severity=$SEVERITY" \
-d "information=$INFORMATION" \
-d "cve=$CVE" \
-d "score=$SCORE" \
-d "port=$PORT" \
$SCOREB_SERVER/rlogger.php >/dev/null

Note: Use HTTPS in production, keep API keys confidential, and return a JSON response for verification.

Best practices

  • Follow the example template for correct parsing and scoring.
  • Sanitize and validate all inputs before submission.
  • Use HTTPS and protect API credentials.
  • Implement retry/backoff logic for transient errors.

Getting started

  1. Copy the example plugin from /usr/share/scoreb/plugins/example.
  2. Modify it to run your checks and populate the required fields.
  3. Make the plugin executable and test it locally.
  4. Verify the results in ScoreB or via the API.

Talk to an Expert
Have a question about our products or services ?   Contact Us
ABOUT COMPANY CONTACT ADDRESS
CyberX Networks (A.I CyberX Networks) is a registered brand name under CDE Open Source Solutions LTD (parent company).
Privacy Policy		 info@cyberxnetworks.com
 
5 Dositheou Str,
Office 102, 1st Floor,
1071 Nicosia
CYPRUS		 167-169 Great Portland Str,
5th Floor,
London, W1W 5PF,
UNITED KINDOM
Copyright © 2025 - CDE Open Source Solutions LTD - All rights reserved
Have a question about our products or services ?  

Contact Us
ABOUT COMPANY
CyberX Networks (A.I CyberX Networks) is a registered brand name under CDE Open Source Solutions LTD (parent company).
Privacy Policy
CONTACT
info@cyberxnetworks.com
 
ADDRESS
5 Dositheou Str,
Office 102, 1st Floor,
1071 Nicosia
CYPRUS		 167-169 Great Portland Str,
5th Floor,
London, W1W 5PF,
UNITED KINDOM
Copyright © 2025 - CDE Open Source Solutions LTD
All rights reserved