Detectify <3 Developers

The power of Detectify in your hands.

With our API you're able to connect Detectify to your favorite systems.

Warning: This API is becoming deprecated!
A new and improved version is being worked on.
		

Baking the request

The requests are built like this:
https://api.detectify.com/Type/Version/Object/Token/Function

Type Required.
This parameter is used to define which type of the API is to be used. As of the making of this document, REST is the only type available.

Version Required.
This parameter is used to define which version of the API is to be used. Only v1 is available.

Object Required.
This parameter is used to select which kind of object to work with.

Token Required for some functions, however not all.
A unique identifier used for identifying which specific object to work with.

Function Required.
This parameter specifies what function you would like to use on the selected object. This parameter can override the HTTP verb.

For example:

DELETE /rest/v1/user/acb1acba5bc2cba HTTP/1.1 
Host: api.detectify.com /


Is synonymous to

GET /rest/v1/user/acb1acba5bc2cba/delete HTTP/1.1 
Host: api.detectify.com

Authorization

To authorize your requests to the API, you must use HTTP Authentication using your API key as username.

For example:

GET /rest/v1/user HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6

Or in a browser/client that supports username in URI:

https://MYKEY@api.detectify.com/rest/v1/user

If you are a premium user you can do requests with multiple keys. One will be used to check your privileges and the other will do the actual request. In order to achieve this you must provide your premium key as the username, and the secondary key (for processing) as the password.

For example:

GET /rest/v1/user HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlQUkVNSVVNS0VZOk1ZT1RIRVJLRVk=

Or in a browser/client that supports username in URI:

https://MYPREMIUMKEY:MYOTHERKEY@api.detectify.com/rest/v1/user

Obtaining an API-key

You can create a basic API-key using the API. Using a basic API-key you'll have access to all the functions of the API with the exception of log/GETFULL. To create an API-key call key/PUT.
For example:

PUT /rest/v1/key/ HTTP/1.1 
Host: api.detectify.com


Alongside the basic API-key there's premium keys. Premium keys may have access to the following perks depending on what's required.

If you need access to a premium key then send us an email at api@detectify.com


Using a secure connection

We care about your security. Take an extra good look when building your API interface. The SSL/TLS parameters most be properly configured (as shown in the example below), otherwise you may risk being subject to man-in-the-middle attacks.

Click to download our certificate.
(MD5 checksum: 5e6df61ce84004bb1283de40d3a88e92).
(SHA1 checksum: de5910beeb293e9957fa08cc01d08d1fd2929044).
(SHA256 checksum: 45d5aabdca8fc7151d7c8da0c1d8efb4fe6ab26edc77d08f5fb0ae8f79d175b1).

<?php
// This is the API end point you will launch requests against.
const END_POINT = 'https://api.detectify.com/';

// Initialize the cURL client.
$ch = curl_init();

// This is very important. The SSL must be properly validated. You can download the certificate from the link above.
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, 'detectify_certificate.crt');

// Launch requests like so (this will generate an unique API key):
curl_setopt($ch, CURLOPT_URL, END_POINT.'rest/v1/key//put');

// The response from curl_exec may contain the message body.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

// Execute the request.
$response = curl_exec($ch);

// Show the body or potential errors.
if($response===false){
	var_dump(curl_error($ch));
} else {
	var_dump($response);
}

// Close the client.
curl_close($ch);

Objects

Currently there are four object types available:


Functions

All functions will return a JSON associative array containing key-value data. You can find all the codes further down in this document. Function parameters should also be JSON associative arrays sent in POST data like so:

POST /type/v1/object/token/function HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6

{"parameter": "value"}

If your client doesn’t support sending raw POST data, you may instead send the parameters through GET variable “body” like so:

GET /type/v1/object/token/function/post?body={“parameter": "value"} HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6


Fetch users

  • URL
  • /rest/v1/user//get
  • Description
  • Returns information about the all connected users.

Responses

  • FETCHED_ALL_USERS
{
   "code": 2009,
   "message": "User information",
   "data": {
      "users":[
         {
            "user_token":"de748859d1fb196449de1ab3be256b05",
            "user_name":"Name goes here",
            "user_email":"valid@email.com"
         },
         {
            "user_token":"a145e7e3713f626b87c2dd240f2e4fda",
            "user_name":"Another user",
            "user_email":"another.valid@email.com"
         }
      ],
      "unverified_users":[
         {
            "user_name":"Unverified Name",
            "user_email":"unverified@email.com"
         }
      ]
   }
}

Example

GET /rest/v1/user// HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6


Fetch single user

  • URL
  • /rest/v1/user/{User Token}/get
  • Description
  • Returns information about the specified user.

Responses

  • FETCHED_USER
{
   "code": 2008,
   "message": "User information",
   "data": {
      "user_token":"de748859d1fb196449de1ab3be256b05",
      "user_name":"Name goes here",
      "user_email":"valid@email.com",
      "verified":"true",
      "domain_count":8,
      "domain_limit":10,
      "target_limit":10,
      "scan_credits":4,
      "plans":[
         "Free"
      ]
   }
}

  • USER_NOT_FOUND
{
   "code": 4006,
   "message": "User not found",
   "data": ""
}

Example

GET /rest/v1/user/4dd87d6cd90dad07d24016340c4d1a2b2efd6225/ HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6


Fetch domains

  • URL
  • /rest/v1/domain//get
  • Description
  • Returns information about the all connected domains and connected users.

Responses

  • FETCHED_ALL_DOMAINS
{
   "code": 2006,
   "message": "Domain information",
   "data": {
      "domains":[
         {
            "domain_url":"www.johndose.ninja",
            "domain_token":"9aed1f64a9244f5e886bacdb85b0bd75",
            "domain_meta_verified":"1",
            "user_token":"e452d2e781b16129d22f903009236617",
            "user_verified":"1",
            "meta_key":"cda41a175759bb970d354fa674c0bacd"
         }
      ],
      "unverified_users":[
         {
            "domain_url":"small.johndos.ninja",
            "domain_token":"9aed1f64a9244f5e886bacdb85b0bd75",
            "domain_meta_verified":"1",
            "user_token":"e452d2e781b16129d22f903009236617",
            "user_verified":"",
            "meta_key":"cda41a175759bb970d354fa674c0bacd"
         }
      ]
   }
}

Example

GET /rest/v1/domain// HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6


Fetch single domain

  • URL
  • /rest/v1/domain/{Domain Token}/get
  • Description
  • Returns information about the specified domain and connected user.

Responses

  • FETCHED_DOMAIN
{
   "code": 2005,
   "message": "Domain information",
   "data": {
      "domain_url":"www.johndose.ninja",
      "domain_token":"9aed1f64a9244f5e886bacdb85b0bd75",
      "domain_meta_verified":"1",
      "user_token":"e452d2e781b16129d22f903009236617",
      "user_verified":"1",
      "meta_key":"cda41a175759bb970d354fa674c0bacd"
   }
}

  • DOMAIN_NOT_FOUND
{
   "code": 4004,
   "message": "Domain not found",
   "data": ""
}

Example

GET /rest/v1/domain/4dd87d6cd90dad07d24016340c4d1a2b2efd6225/ HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6


Fetch logs for single domain

  • URL
  • /rest/v1/domain/{Domain Token}/getlogs
  • Description
  • Get information about logs connected to a specific domain.

Responses

  • FETCHED_DOMAIN_LOGS
{
   "code": 2032,
   "message": "Log information",
   "data": [
      {
         "log_token":"aaf46974829c2ef1add59aa84b47b78655b6ed82",
         "log_link":"https://detectify.com/report/f0de7058fd4b71f34f100857d2c640af/b98f45896924900f0317e1bac628f19e68c3376a",
         "log_status":"stopped",
         "log_exploits":4,
         "log_warnings":15,
         "log_notices":9,
         "log_scan_started":"2014-03-14 13:09:15",
         "log_scan_ended":"2014-03-14 11:09:15",
         "domain_token":"f7ed14f999a60f266927b8e028e78387"
      },
      {
         "log_token":"aaf46974829c2ef1add59aa84b47b78655b6ed82",
         "log_link":"https://detectify.com/report/f0de7058fd4b71f34f100857d2c640af/b98f45896924900f0317e1bac628f19e68c3376a",
         "log_status":"stopped",
         "log_exploits":4,
         "log_warnings":15,
         "log_notices":9,
         "log_scan_started":"2014-02-11 03:04:45",
         "log_scan_ended":"2014-02-11 21:02:05",
         "domain_token":"f7ed14f999a60f266927b8e028e78387"
      }
   ]
}

  • DOMAIN_NOT_FOUND
{
   "code": 4004,
   "message": "Domain not found",
   "data": ""
}

Example

GETLOGS /rest/v1/domain/4dd87d6cd90dad07d24016340c4d1a2b2efd6225/ HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6


Create domain

  • URL
  • /rest/v1/domain//post
  • Description
  • Creates a new domain and connects to the specified user.

Parameters

  • Name
  • Description
  • Required
  • user_token
  • A unique token identifying the user.
  • Yes
  • domain_url
  • A valid URL.
  • Yes

Responses

  • UNVERIFIED_DOMAIN_SUCCESSFULLY_ADDED
{
   "code": 2003,
   "message": "Added unverified domain",
   "data": {
      "token":"e452d2e781b16129d22f903009236617"
   }
}

  • DOMAIN_SUCCESSFULLY_ADDED (Premium)
{
   "code": 2004,
   "message": "Added domain",
   "data": {
      "token":"e452d2e781b16129d22f903009236617"
   }
}

  • PARAMETER_NOT_PROVIDED
{
   "code": 3005,
   "message": "Parameter(s) not provided",
   "data": {
      "user_token",
      "domain_url"
   }
}

  • PARAMETER_INVALID
{
   "code": 3006,
   "message": "Parameter(s) invalid",
   "data": {
      "domain_url"
   }
}

  • USER_NOT_FOUND
{
   "code": 4006,
   "message": "User not found",
   "data": ""
}

  • DOMAIN_ALREADY_EXISTS_ON_ACCOUNT
{
   "code": 3007,
   "message": "This user already has this domain",
   "data": ""
}

Example

POST /rest/v1/domain// HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6

{"user_token":"e452d2e781b16129d22f903009236617","domain_url":"www.johndose.ninja"}


Delete single domain

  • URL
  • /rest/v1/domain/{Domain Token}/delete
  • Description
  • Removed the specified domain.
  • Note
  • When deleting a domain that you have not verified we'll not delete it, only remove it from your list.

Responses

  • DOMAIN_SUCCESSFULLY_REMOVED (Verified)
{
   "code": 2017,
   "message": "Domain removed",
   "data": ""
}

  • DOMAIN_SUCCESSFULLY_UNLISTED (Unverified)
{
   "code": 2029,
   "message": "Domain unlisted",
   "data": ""
}

  • DOMAIN_NOT_FOUND
{
   "code": 4004,
   "message": "Domain not found",
   "data": ""
}

Example

DELETE /rest/v1/domain/4dd87d6cd90dad07d24016340c4d1a2b2efd6225/ HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6


Start scanning

  • URL
  • /rest/v1/domain/{Domain Token}/startscan
  • Description
  • Start a scan on the specified domain.
  • Limitations
  • Only one scan can be activate per domain.

Responses

  • PLACED_IN_QUEUE
{
   "code": 2001,
   "message": "Scan placed in queue",
   "data": ""
}

  • UNABLE_TO_START
{
   "code": 4003,
   "message": "Unable to start scan",
   "data": ""
}

  • PROVIDE_TOKEN
{
   "code": 3002,
   "message": "This method can not be used all objects at once! Please provide token",
   "data": ""
}

  • INSUFFICIENT_PERMISSIONS
{
   "code": 4001,
   "message": "The specified user does not have enough permissions to start a scan on this domain",
   "data": ""
}

  • VERIFY_DOMAIN
{
   "code": 4002,
   "message": "You need to verify this domain",
   "data": ""
}

  • SCAN_ALREADY_STARTED
{
   "code": 3001,
   "message": "Scan already started",
   "data": ""
}

  • DOMAIN_NOT_FOUND
{
   "code": 4004,
   "message": "Domain not found",
   "data": ""
}

Example

STARTSCAN /rest/v1/domain/4dd87d6cd90dad07d24016340c4d1a2b2efd6225/ HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6


Stop running scanning

  • URL
  • /rest/v1/domain/{Domain Token}/stopscan
  • Description
  • Stop an active scan on the specified domain.

Responses

  • STOPPING_SCAN
{
   "code": 2002,
   "message": "Scan is stopping",
   "data": ""
}

  • SCAN_ALREADY_STOPPING
{
   "code": 3004,
   "message": "Scan is already stopping",
   "data": ""
}

  • SCAN_NOT_FOUND
{
   "code": 4005,
   "message": "Scan not found",
   "data": ""
}

  • INSUFFICIENT_PERMISSIONS
{
   "code": 4001,
   "message": "The specified user does not have enough permissions to stop this scan",
   "data": ""
}

  • PROVIDE_TOKEN
{
   "code": 3002,
   "message": "This method can not be used all objects at once! Please provide token Please provide token",
   "data": ""
}

  • DOMAIN_NOT_FOUND
{
   "code": 4004,
   "message": "Domain not found",
   "data": ""
}

Example

STOPSCAN /rest/v1/domain/4dd87d6cd90dad07d24016340c4d1a2b2efd6225/ HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6


Get scanning status

  • URL
  • /rest/v1/domain/{Domain Token}/status
  • Description
  • Get information about a scan on the specified domain.
  • Note
  • ETA is in minutes

Responses

  • SCAN_NOT_FOUND
{
   "code": 4005,
   "message": "Scan not found",
   "data": ""
}

  • SCAN_INITIALIZING
{
   "code": 2028,
   "message": "Initializing",
   "data": ""
}

  • SCAN_STOPPING
{
   "code": 2018,
   "message": "Scan status",
   "data": {
      "description":"Stopping",
      "progress_status":"Progress not available"
   }
}

OR

{
   "code": 2018,
   "message": "Scan status",
   "data": {
      "description":"Stopping",
      "progress_status":{
         "progress":{
            "done":10,
            "total":59
         }
      },
      "eta":100
   }
}

  • SCAN_INFORMATION_GATHERING
{
   "code": 2019,
   "message": "Scan status",
   "data": {
      "description":"Information Gathering",
      "progress_status":"Progress not available"
   }
}

OR

{
   "code": 2019,
   "message": "Scan status",
   "data": {
      "description":"Information Gathering",
      "progress_status":{
         "progress":{
            "done":10,
            "total":59
         }
      },
      "eta":100
   }
}

  • SCAN_CRAWLING
{
   "code": 2020,
   "message": "Scan status",
   "data": {
      "description":"Crawling",
      "progress_status":"Progress not available"
   }
}

OR

{
   "code": 2020,
   "message": "Scan status",
   "data": {
      "description":"Crawling",
      "progress_status":{
         "progress":{
            "done":10,
            "total":59
         }
      },
      "eta":100
   }
}

  • SCAN_INFORMATION_ANALYSIS
{
   "code": 2021,
   "message": "Scan status",
   "data": {
      "description":"Information Analysis",
      "progress_status":"Progress not available"
   }
}

OR

{
   "code": 2021,
   "message": "Scan status",
   "data": {
      "description":"Information Analysis",
      "progress_status":{
         "progress":{
            "done":10,
            "total":59
         }
      },
      "eta":100
   }
}

  • SCAN_FINGERPRINTING
{
   "code": 2022,
   "message": "Scan status",
   "data": {
      "description":"Fingerprinting",
      "progress_status":"Progress not available"
   }
}

OR

{
   "code": 2022,
   "message": "Scan status",
   "data": {
      "description":"Fingerprinting",
      "progress_status":{
         "progress":{
            "done":10,
            "total":59
         }
      },
      "eta":100
   }
}

  • SCAN_EXPLOITATION
{
   "code": 2023,
   "message": "Scan status",
   "data": {
      "description":"Exploitation",
      "progress_status":"Progress not available"
   }
}

OR

{
   "code": 2023,
   "message": "Scan status",
   "data": {
      "description":"Exploitation",
      "progress_status":{
         "progress":{
            "done":10,
            "total":59
         }
      },
      "eta":100
   }
}

  • SCAN_SYNCHRONOUS_EXPLOITATION
{
   "code": 2024,
   "message": "Scan status",
   "data": {
      "description":"Synchronous Exploitation",
      "progress_status":"Progress not available"
   }
}

OR

{
   "code": 2024,
   "message": "Scan status",
   "data": {
      "description":"Synchronous Exploitation",
      "progress_status":{
         "progress":{
            "done":10,
            "total":59
         }
      },
      "eta":100
   }
}

  • SCAN_FINALIZATION
{
   "code": 2025,
   "message": "Scan status",
   "data": {
      "description":"Finalization",
      "progress_status":"Progress not available"
   }
}

OR

{
   "code": 2025,
   "message": "Scan status",
   "data": {
      "description":"Finalization",
      "progress_status":{
         "progress":{
            "done":10,
            "total":59
         }
      },
      "eta":100
   }
}

  • SCAN_STARTING
{
   "code": 2026,
   "message": "Scan status",
   "data": {
      "description":"Starting Cloud...",
      "progress_status":"Progress not available"
   }
}

OR

{
   "code": 2026,
   "message": "Scan status",
   "data": {
      "description":"Starting Cloud...",
      "progress_status":{
         "progress":{
            "done":10,
            "total":59
         }
      },
      "eta":100
   }
}

  • SCAN_SCHEDULED
{
   "code": 2027,
   "message": "Scan status",
   "data": {
      "description":"Scheduled",
      "date":"2012-03-09 09:59:56"
   }
}

Example

STATUS /rest/v1/domain/4dd87d6cd90dad07d24016340c4d1a2b2efd6225/ HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6


Get logs

  • URL
  • /rest/v1/log//get
  • Description
  • Get information about all logs.

Responses

  • FETCHED_ALL_LOGS
{
   "code": 2013,
   "message": "Log information",
   "data": [
      {
         "log_token":"aaf46974829c2ef1add59aa84b47b78655b6ed82",
         "log_link":"https://detectify.com/report/f0de7058fd4b71f34f100857d2c640af/b98f45896924900f0317e1bac628f19e68c3376a",
         "log_status":"stopped",
         "log_exploits":4,
         "log_warnings":15,
         "log_notices":9,
         "log_scan_started":"2014-03-14 13:09:15",
         "log_scan_ended":"2014-03-14 11:09:15",
         "domain_token":"f7ed14f999a60f266927b8e028e78387"
      },
      {
         "log_token":"aaf46974829c2ef1add59aa84b47b78655b6ed82",
         "log_link":"https://detectify.com/report/f0de7058fd4b71f34f100857d2c640af/b98f45896924900f0317e1bac628f19e68c3376a",
         "log_status":"stopped",
         "log_exploits":4,
         "log_warnings":15,
         "log_notices":9,
         "log_scan_started":"2014-02-11 03:04:45",
         "log_scan_ended":"2014-02-11 21:02:05",
         "domain_token":"f7ed14f999a60f266927b8e028e78387"
      }
   ]
}

Example

GET /rest/v1/log// HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6


Get single log

  • URL
  • /rest/v1/log/{Log Token}/get
  • Description
  • Get information about a specific log.

Responses

  • FETCHED_LOG
{
   "code": 2014,
   "message": "Log information",
   "data": [
      "log_token":"aaf46974829c2ef1add59aa84b47b78655b6ed82",
      "log_link":"https://detectify.com/report/f0de7058fd4b71f34f100857d2c640af/b98f45896924900f0317e1bac628f19e68c3376a/hashashhashash",
      "log_status":"stopped",
      "log_exploits":4,
      "log_warnings":15,
      "log_notices":9,
      "log_scan_started":"2014-02-11 03:04:45",
      "log_scan_ended":"2014-02-11 21:02:05",
      "domain_token":"f7ed14f999a60f266927b8e028e78387"
   ]
}

  • LOG_NOT_FOUND
{
   "code": 4009,
   "message": "Log not found!",
   "data": ""
}

Example

GET /rest/v1/log/4dd87d6cd90dad07d24016340c4d1a2b2efd6225/ HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6


Delete log

  • URL
  • /rest/v1/log/{Log Token}/delete
  • Description
  • Delete a specific log.

Responses

  • LOG_DELETED
{
   "code": 2016,
   "message": "This log has been deleted",
   "data": ""
}

  • CANT_DELETE_ACTIVE_LOG
{
   "code": 3009,
   "message": "Can’t delete a log that is still being populated. If you want to remove this log, then stop the scan first",
   "data": ""
}

  • INSUFFICIENT_PERMISSIONS
{
   "code": 4001,
   "message": "The specified user does not have enough permissions to delete this log",
   "data": ""
}

  • LOG_NOT_FOUND
{
   "code": 4009,
   "message": "Log not found",
   "data": ""
}

  • PROVIDE_TOKEN
{
   "code": 3002,
   "message": "This method can not be used all objects at once! Please provide token Please provide token!",
   "data": ""
}

Example

DELETE /rest/v1/log/4dd87d6cd90dad07d24016340c4d1a2b2efd6225/ HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6


Get findings

  • URL
  • /rest/v1/log/{Log Token}/findings
  • Description
  • Get findings from a specific log.
  • Limitations
  • Premium only
  • Important
  • This function will only work on logs created after the 30th of April 2015

Responses

  • LOG_FINDING_LIST
{
   "code": 2033,
   "message": "Finding List",
   "data": [
      "total_findings":0,
      "findings":[
         {
            "uuid":"087d1edd-3f57-4685-909c-fc91bb2237d3",
            "version":1.0,
            "updated":1429113930,
            "finding_id":173,
            "target":"{Target Structure}",
            "score":"{Score Structure}",
            "finding_title":"Potential Vulnerabilities In The Web Server",
            "finding_description":"The web server is leaking information about which version of the web server is running. The specific version used have been looked up for known vulnerabilities and are listed below. Note though that these are just potential vulnerabilities and have not been verified."
         }
      ]
   ]
}

  • API_VERSION_INCOMPATIBLE
{
   "code": 5001,
   "message": "Log is not compatible with this version of the API!",
   "data": ""
}

  • LOG_NOT_FOUND
{
   "code": 4009,
   "message": "Log not found!",
   "data": ""
}

  • INSUFFICIENT_PERMISSIONS
{
   "code": 4001,
   "message": "Your api-user does not have access to this function. Contact us if you think you should have access to this",
   "data": ""
}

  • PROVIDE_TOKEN
{
   "code": 3002,
   "message": "This method can not be used all objects at once! Please provide token Please provide token",
   "data": ""
}

Example

findings /rest/v1/log/4dd87d6cd90dad07d24016340c4d1a2b2efd6225/ HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6


Get single finding

  • URL
  • /rest/v1/log/{Log Token}/findings/{Finding UUID}
  • Description
  • Get single finding from a specific log.
  • Limitations
  • Premium only
  • Important
  • This function will only work on logs created after the 30th of April 2015

Responses

  • LOG_FINDING
{
   "code": 2034,
   "message": "Finding",
   "data": [
      "finding":[
         "uuid":"087d1edd-3f57-4685-909c-fc91bb2237d3",
         "version":1.0,
         "finding_id":173,
         "target":"{Target Structure}",
         "score":"{Score Structure}",
         "match_collections":[
            "{Match Collection Structure}"
         ],
         "finding_title":"Potential Vulnerabilities In The Web Server",
         "finding_description":"The web server is leaking information about which version of the web server is running. The specific version used have been looked up for known vulnerabilities and are listed below. Note though that these are just potential vulnerabilities and have not been verified.",
         "finding_match_title":"Details"
      ]
   ]
}

  • API_VERSION_INCOMPATIBLE
{
   "code": 5001,
   "message": "Log is not compatible with this version of the API!",
   "data": ""
}

  • LOG_NOT_FOUND
{
   "code": 4009,
   "message": "Log not found!",
   "data": ""
}

  • INSUFFICIENT_PERMISSIONS
{
   "code": 4001,
   "message": "Your api-user does not have access to this function. Contact us if you think you should have access to this",
   "data": ""
}

  • PROVIDE_TOKEN
{
   "code": 3002,
   "message": "This method can not be used all objects at once! Please provide token Please provide token",
   "data": ""
}

Example

findings /rest/v1/log/4dd87d6cd90dad07d24016340c4d1a2b2efd6225/ HTTP/1.1 
Host: api.detectify.com
Authorization: Basic TVlLRVk6

Response values

  • Name
  • Description
  • user_verified
  • Indicates if the user has verified ownership of the domain.
  • domain_meta_verified
  • Indicates if the domain meta has been verified (or using analytics).


Structures

Match Collection Structure

  • Default 1.0
{
  "version": "1.0",
  "name": "",
  "matches": ["{Match Structure}",]
}

  • boolean_based_sql_injection 1.0
{
  "version": "1.0",
  "name": "boolean_based_sql_injection",
  "matches": ["{Match Structure}",]
}

Match Structure

  • Text 1.0
{
  "version": "1.0",
  "type": "Text",
  "value": "We analyzed the IP TTL (Time-to-Live) with our traceroute results against your server, and estimate your operating-system to be FreeBSD or Linux."
}

  • HTML 1.0
{
  "version": "1.0",
  "type": "HTML",
  "value": "<form method=\"get\" action=\"index.php\">\r\n<input type=\"text\" name=\"vector1\" value=\"\" />\r\n<input type=\"submit\" />\r\n</form>"
}

  • Graph 1.0
{
  "version": "1.0",
  "type": "Graph",
  "data": {
    "Positive Probes": [
      5.0712901,
      5.0632896,
      5.0612895,
      5.0632896,
      5.0612895,
      5.0612895,
      5.0572892,
      5.0572906,
      5.0602937,
      5.0612924,
      5.0622896,
      5.1022919
    ],
    "Negative Probes": [
      0.0670038,
      0.0640036,
      0.0630036,
      0.0610035,
      0.0610035,
      0.0620035,
      0.0660038,
      0.0600035,
      0.0610035,
      0.0620036,
      0.0620035,
      0.0570032
    ]
  }
}

  • Geography 1.0
{
  "version": "1.0",
  "type": "Geography",
  "country_code": "IE",
  "longitude": "53.344",
  "latitude": "-6.26719",
  "country_name": "Ireland",
  "region": "Dublin City",
  "city": "Dublin City",
  "zip":"D8"
}

Score Structure

  • CVSS 2.0
{
  "version": "2.0",
  "type": "CVSS",
  "score": "7.9"
  "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:N"
}

Target Structure

  • Domain 1.0
{
  "version": "1.0",
  "type": "Domain",
  "address": "heroku.example.com"
}

  • IP 1.0
{
  "version": "1.0",
  "type": "IP",
  "address": "1.3.3.7"
}

  • IPEP 1.0
{
  "version": "1.0",
  "type": "IPEP",
  "address": "1.3.3.7",
  "port": 80
}

  • URL 1.0
{
  "version": "1.0",
  "type": "URL",
  "url": "http://example.com/backup/db_2015-03-27.sql"
}

  • HTTP 1.0
{
  "version": "1.0",
  "type": "HTTP",
  "url": "http://example.com/",
  "request_method": "GET",
  "request_version": "1.1",
  "request_headers": [
    {
      "header": "Accept",
      "value": "text/html application/xhtml+xml application/xml; q=0.9 image/webp */*; q=0.8"
    },
    {
      "header": "Host",
      "value": "example.com"
    },
    {
      "header": "Cache-Control",
      "value": "no-store, no-cache"
    },
    {
      "header": "Pragma",
      "value": "no-cache"
    },
    {
      "header": "Accept-Encoding",
      "value": "gzip deflate"
    },
    {
      "header": "Connection",
      "value": "Keep-Alive"
    }
  ],
  "request_body": "",
  "response_status_code": 200,
  "response_reason_phrase": "OK",
  "response_version": "1.1",
  "response_headers": [
    {
      "header": "Transfer-Encoding",
      "value": "chunked"
    },
    {
      "header": "Connection",
      "value": "keep-alive"
    },
    {
      "header": "Content-Encoding",
      "value": ""
    },
    {
      "header": "Content-Type",
      "value": "text/html"
    },
    {
      "header": "Date",
      "value": "Fri, 27 Mar 2015 13:35:49 GMT"
    },
    {
      "header": "Last-Modified",
      "value": "Fri, 11 Jul 2014 08:42:09 GMT"
    },
    {
      "header": "Server",
      "value": "nginx/1.4.6 (Ubuntu)"
    }
  ]
}



Status Codes

  • Code
  • Name
  • Description
  • 2000
  • VERIFIED
  • The domain has been verified.
  • 2001
  • PLACED_IN_QUEUE
  • The domain has been placed in queue.
  • 2002
  • STOPPING_SCAN
  • The scan is currently stopping.
  • 2003
  • UNVERIFIED_DOMAIN_SUCCESSFULLY_ADDED
  • The domain has been added but not verified.
  • 2004
  • DOMAIN_SUCCESSFULLY_ADDED
  • The domain has been added and is verified.
  • 2005
  • FETCHED_DOMAIN
  • Fetched information about a single domain.
  • 2006
  • FETCHED_ALL_DOMAINS
  • Fetched information about all domains.
  • 2007
  • USER_REMOVED
  • The specified user has been removed.
  • 2008
  • FETCHED_USER
  • Fetched information about a single user.
  • 2009
  • FETCHED_ALL_USERS
  • Fetched information about all user.
  • 2010
  • USER_ADDED
  • User has been created and is verified.
  • 2011
  • EMAIL_VALIDATION_SENT
  • User has been created and an email has been sent with further instructions how to verify it.
  • 2012
  • APIKEY_CREATED
  • A basic API-key has been created.
  • 2013
  • FETCHED_ALL_LOGS
  • Fetched information from all logs.
  • 2014
  • FETCHED_LOG
  • Fetched information from a single log.
  • 2015
  • FETCH_FULL_LOG
  • Fetched raw log data from a single log. This is a Premium only function.
  • 2016
  • LOG_DELETED
  • The specified log has been deleted.
  • 2017
  • DOMAIN_SUCCESSFULLY_REMOVED
  • The specified domain has been deleted.
  • 2018
  • SCAN_STOPPING
  • Scan status: It's stopping.
  • 2019
  • SCAN_INFORMATION_GATHERING
  • Scan status: It's in Information Gathering.
  • 2020
  • SCAN_CRAWLING
  • Scan status: It's in Crawling.
  • 2021
  • SCAN_INFORMATION_ANALYSIS
  • Scan status: It's in Information Analysis.
  • 2022
  • SCAN_FINGERPRINTING
  • Scan status: It's in Fingerprinting.
  • 2023
  • SCAN_EXPLOITATION
  • Scan status: It's in Exploitation.
  • 2024
  • SCAN_SYNCHRONOUS_EXPLOITATION
  • Scan status: It's in Synchronous Exploitation.
  • 2025
  • SCAN_FINALIZATION
  • Scan status: It's in Finalization.
  • 2026
  • SCAN_STARTING
  • Scan status: It's Starting.
  • 2027
  • SCAN_SCHEDULED
  • Scan status: The scan is scheduled.
  • 2028
  • SCAN_INITIALIZING
  • Scan status: The scan is initializing.
  • 2029
  • DOMAIN_SUCCESSFULLY_UNLISTED
  • The specified domain has been removed from your domain list. However it has not been deleted. You will get this response if you delete a domain that you do not own.
  • 2030
  • USER_AUTHORIZED
  • The active API-key can now access the specified user.
  • 2031
  • USER_VERIFIED
  • The user was successfully verified.
  • 2032
  • FETCHED_DOMAIN_LOGS
  • Logs connected to the domain.
  • 2034
  • LOG_FINDING
  • Raw finding data
  • 2033
  • LOG_FINDING_LIST
  • List of findings found in the specified log.
  • 3000
  • NO_NEED_TO_VERIFY
  • The domain is already verified, no need to do it again.
  • 3001
  • SCAN_ALREADY_STARTED
  • The scan has already started, you can't start another one until it's done.
  • 3002
  • PROVIDE_TOKEN
  • This function requires a token. Please provide one.
  • 3004
  • SCAN_ALREADY_STOPPING
  • The scan is already stopping.
  • 3005
  • PARAMETER_NOT_PROVIDED
  • Missing one or more parameter.
  • 3006
  • PARAMETER_INVALID
  • One or more parameter was invalid.
  • 3007
  • DOMAIN_ALREADY_EXISTS_ON_ACCOUNT
  • The domain already exists on your account.
  • 3008
  • APIKEY_CREATE_LIMIT_REACHED
  • You have reached the maximum number of API-keys you may create this week.
  • 3009
  • CANT_DELETE_ACTIVE_LOG
  • Unable to delete a log while it's still beeing populated. Stop the scan first.
  • 3010
  • FAILED_TO_VERIFY
  • Unable to verify the ownership of your domain.
  • 3011
  • USER_AUTHORIZATION_ERROR
  • Unable to grant access to the specified user.
  • 3012
  • USER_ALREADY_VERIFIED
  • The user is already verified.
  • 3013
  • USER_VERIFY_ERROR
  • Unable to verify due to issues.
  • 3014
  • DOMAIN_LIMIT_HIT
  • Operation blocked due to domain limit reach. Please check out our other plans.
  • 4000
  • METHOD_NOT_FOUND
  • The specified method/function does not exist.
  • 4011
  • METHOD_REMOVED
  • The specified method/function have been removed.
  • 4001
  • INSUFFICENT_PERMISSIONS
  • Insufficent permissions to do the requested operation. This can be caused by not owning the domain or using a basic key and trying to run premium only functions.
  • 4002
  • VERIFY_DOMAIN
  • You need to verify the domain before you can continue.
  • 4003
  • UNABLE_TO_START
  • Unable to start the scan for some unknown reason. If you're having problem with this issue then contact us.
  • 4004
  • DOMAIN_NOT_FOUND
  • The specified domain does not exists.
  • 4005
  • SCAN_NOT_FOUND
  • The specified scan does not exists.
  • 4006
  • USER_NOT_FOUND
  • The specified user does not exists.
  • 4007
  • UNABLE_TO_CREATE_USER
  • Unable to create the specified user, it already exists. This can only happen if you're using a premium key and is going to be removed in the future.
  • 4008
  • UNAUTHORIZED
  • Your API-key is invalid.
  • 4009
  • LOG_NOT_FOUND
  • The specified log does not exists.
  • 4010
  • FINDING_NOT_FOUND
  • The specified finding does not exists.
  • 5000
  • FAILURE
  • An unexpected issue has occurred. If you're having problem with this issue then contact us.
  • 5001
  • API_VERSION_INCOMPATIBLE
  • The call you are trying to access is not able to fulfill your request. Usually due to version incompability.