Description

API Endpoint

This is the documentation for the Detectify API available at https://api.detectify.com.

The Detectify API enables connectivity and automation through a RESTful interface with the following features:

The API can be accessed using an API key that is handled at team level. API keys can be created in the Team page. For more details, see Authentication. Depending on your plan, some API functions may not be available.

Examples

Please have a look at our example implementations of the API if you need help to get started. You can find them on our GitHub.

Authentication

All HTTP messages must be authenticated using the API key generated by the website.

The API key can be specified in the following formats:

  • HTTP Authentication using your API key as username (BASE64 encoded):

    GET /rest/v2/domains/ HTTP/1.1
    Host: api.detectify.com
    Authorization: Basic MTNhMTMxMTg4MzgwNGRhNWI4NWVhZWFlM2Q4NjY1NmQ6
  • Using the X-Detectify-Key HTTP header:

    GET /rest/v2/domains/ HTTP/1.1
    Host: api.detectify.com
    X-Detectify-Key: 13a1311883804da5b85eaeae3d86656d
  • Include in URL:

    https://13a1311883804da5b85eaeae3d86656d@api.detectify.com/rest/v2/domains/

Scans

Scanning functionality includes starting/stopping scans and retrieving scan status. Scans are managed through scan profiles, which contains the settings for the scan. Scans can only be executed on verified domains, and only one scan can run at a time for a scan profile.

Scans are managed using the scan profile token.

For optimization purposes starting/stopping queries only requests the specified operation to be executed, but actual execution time is determined by the Detectify infrastructure. In general, the delay is usually a few seconds.

Manage scans

POST /rest/v2/scans/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses202400401403404409423500502503504

Accepted - Scan start request accepted.

Bad Request - Malformed scan profile token.

Unauthorized - Invalid API key.

Forbidden - The API key cannot access this functionality.

Not Found - The specified scan profile does not exist or the API cannot access the profile.

Conflict - A scan is already running on the specified profile.

Locked - The domain is not verified.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

Start scan
POST/rest/v2/scans/{scan_profile_token}/

Requests starting a new scan for the scan profile identified by the scan profile token. The scan profile token can be retrieved using List scan profiles.

The request will set the scan to starting phase, and actual start will be performed by the infrastructure usually within a few seconds after the request. Scans can only be started on verified domains, and only one scan can run at a time for a scan profile. To validate whether the scan started, use Scan status.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


DELETE /rest/v2/scans/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses202400401403404409423500502503504

Accepted - Scan stop request accepted.

Bad Request - Malformed scan profile token.

Unauthorized - Invalid API key.

Forbidden - The API key cannot access this functionality.

Not Found - No scan found.

Conflict - A scan is already running on the specified profile.

Locked - The domain is not verified.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

Stop scan
DELETE/rest/v2/scans/{scan_profile_token}/

Requests stopping the currently running scan for the scan profile identified by the scan profile token. The scan profile token can be retrieved using List scan profiles.

The request will set the scan to stopping phase, and actual stop will be performed by the infrastructure usually within a few seconds after the request. To validate whether the scan stopped, use Scan status.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


GET /rest/v2/scans/5605b488634efe810dff4276e28ca7f9/
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses200400401403404500502503504

OK - Returned scan status.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "scan_profile_token": "5605b488634efe810dff4276e28ca7f9",
  "created": "2018-01-10T08:34:15Z",
  "started": "2018-01-16T16:01:38Z",
  "phase": "general",
  "state": "starting"
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "scan_profile_token": {
      "type": "string",
      "description": "the token of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the date the scan was created"
    },
    "started": {
      "type": "string",
      "description": "the date the scan started"
    },
    "phase": {
      "type": "string",
      "enum": [
        "general",
        "information gathering",
        "crawling",
        "fingerprinting",
        "information analysis",
        "exploitation",
        "finalization"
      ],
      "description": "the scanning phase"
    },
    "state": {
      "type": "string",
      "enum": [
        "starting",
        "running",
        "stopping",
        "stopped"
      ],
      "description": "the scanning state"
    }
  }
}

Bad Request - Malformed scan profile token.

Unauthorized - Invalid API key.

Forbidden - The API key cannot access this functionality.

Not Found - The specified scan profile does not exist or the API cannot access the profile.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

Scan status
GET/rest/v2/scans/{scan_profile_token}/

Retrieves the status of the currently running scan for the scan profile identified by the scan profile token. The status contains basic information, such as scanning phase and state. If there is no scan running on the profile a status with stopped state is returned (without times and phase). The scan profile token can be retrieved using List scan profiles.

Dates are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


Domains

A domain represents a single host that can have one or more scan profiles associated with it. In order to enable scanning, the domain must be verified first using the website.

Domains are identified by the domain token.

Domains

GET /rest/v2/domains/
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses200401403500502503504

OK - Returned domain list.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "name": "example.com",
    "status": "verified",
    "created": "2018-01-10T08:34:15Z",
    "token": "9cf53dabf7e213189c89587db33c9cfa"
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "name": {
        "type": "string",
        "enum": [
          "example.com"
        ],
        "description": "host name"
      },
      "status": {
        "type": "string",
        "enum": [
          "verified",
          "unverified"
        ],
        "description": "indicates whether the domain is verified"
      },
      "created": {
        "type": "string",
        "enum": [
          "2018-01-10T08:34:15Z"
        ],
        "description": "the date the domain was created"
      },
      "token": {
        "type": "string",
        "enum": [
          "9cf53dabf7e213189c89587db33c9cfa"
        ],
        "description": "the domain token"
      }
    },
    "required": [
      "name",
      "status",
      "created",
      "token"
    ],
    "additionalProperties": false
  }
}

Unauthorized - Invalid API key.

Forbidden - The API key cannot access this functionality.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

List domains
GET/rest/v2/domains/

Returns an array of all domains for the team.

If the team has no scan profiles an empty array is returned.

Dates are in ISO 8601 format, UTC.


Scan profiles

A scan profile represents the target of a scan, which can be domain, subdomain or IP address. Several scan profiles can be created for a domain with different settings or different endpoints. In order to enable scanning, the domain must be verified first using the website.

Scan profiles are identified by the scan profile token.

Scan profiles

GET /rest/v2/profiles/
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses200401403500502503504

OK - Returned scan profile list.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "name": "example profile",
    "endpoint": "http://www.example.com",
    "status": "verified",
    "created": "2018-01-10T08:34:15Z",
    "token": "5605b488634efe810dff4276e28ca7f9"
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "name": {
        "type": "string",
        "description": "scan profile name"
      },
      "endpoint": {
        "type": "string",
        "description": "the endpoint of the scan profile"
      },
      "status": {
        "type": "string",
        "enum": [
          "verified",
          "unverified"
        ],
        "description": "indicates whether the scan profile is verified"
      },
      "created": {
        "type": "string",
        "description": "the date the scan profile was created"
      },
      "token": {
        "type": "string",
        "description": "the scan profile token"
      }
    }
  }
}

Unauthorized - Invalid API key.

Forbidden - The API key cannot access this functionality.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

List scan profiles
GET/rest/v2/profiles/

Returns an array of all scan profiles for the team.

If the team has no scan profiles an empty array is returned.

Dates are in ISO 8601 format, UTC.


Scan Profiles for domain

GET /rest/v2/profiles/9cf53dabf7e213189c89587db33c9cfa/
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses200400401403404500502503504

OK - Returned scan profile list.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "name": "example profile",
    "endpoint": "http://www.example.com",
    "status": "verified",
    "created": "2018-01-10T08:34:15Z",
    "token": "5605b488634efe810dff4276e28ca7f9"
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "name": {
        "type": "string",
        "description": "scan profile name"
      },
      "endpoint": {
        "type": "string",
        "description": "the endpoint of the scan profile"
      },
      "status": {
        "type": "string",
        "enum": [
          "verified",
          "unverified"
        ],
        "description": "indicates whether the scan profile is verified"
      },
      "created": {
        "type": "string",
        "description": "the date the scan profile was created"
      },
      "token": {
        "type": "string",
        "description": "the scan profile token"
      }
    }
  }
}

Bad Request - Malformed scan profile token.

Unauthorized - Malformed parameters.

Forbidden - The API key cannot access this functionality.

Not Found - The specified domain does not exist or the API cannot access the domain.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

List scan profiles for domain
GET/rest/v2/profiles/{domain_token}/

Returns all scan profiles for the domain identified by the domain token. The domain token can be retrieved using List domains.

If the domain has no scan profiles an empty array is returned.

Dates are in ISO 8601 format, UTC.

URI Parameters
HideShow
domain_token
string (required) Example: 9cf53dabf7e213189c89587db33c9cfa

The domain token.


Reports

Reports present the result of a scan and are created at the instance a scan starts. Therefore, the latest report for a scan profile may be partial and can receive updates until the scan has finished.

Reports are identified by the report token.

Reports are presented at four levels:

  • basic report information contains only the report token and creation time;

  • report summary contains generic information, such as the report URL, overall CVSS score and the number of findings at different threat levels;

  • detailed report summary contains the report summary and the UUIDs for findings, which can be used to retrieve finding information;

  • full report contains the report summary and information on findings.

For convenience, queries for reports containing findings have additional filtering options. However, filters do not affect information in the report summary.

List reports

GET /rest/v2/reports/5605b488634efe810dff4276e28ca7f9/?from=1516114800&to=1516119398
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses200400401403404500502503504

OK - Returned report list.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
    "created": "2018-01-09T06:07:12Z"
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "token": {
        "type": "string",
        "description": "the report token"
      },
      "created": {
        "type": "string",
        "description": "the time the report was created"
      }
    }
  }
}

Bad Request - Malformed parameters.

Unauthorized - Invalid API key.

Forbidden - The API key cannot access this functionality.

Not Found - The specified scan profile does not exist or the API cannot access the profile.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

List reports
GET/rest/v2/reports/{scan_profile_token}/?from={start_time}&to={end_time}

Returns report tokens and creation times for the scan profile identified by the scan profile token. The scan profile token can be retrieved using List scan profiles.

The results can be filtered for a time interval using the from and to arguments, which must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time. If there are no reports available for the specified arguments, an empty array is returned.

Dates are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

start_time
string (optional) Example: 1516114800

Filters the reports created before the specified time.

end_time
string (optional) Example: 1516119398

Filters the reports created after the specified time.


Get report

GET /rest/v2/reports/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses200400401403404500502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    }
  }
}

Bad Request - Malformed parameters.

Unauthorized - Invalid API key.

Forbidden - The API key cannot access this functionality.

Not Found - The specified report does not exist or the API key cannot access the report.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

Get report
GET/rest/v2/reports/{scan_profile_token}/{report_token}/

Returns the report summary for the report identified by the scan profile token and report token.

Dates are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

report_token
string (required) Example: 60a0fae258d2c952765e81054929c8e6a6fdbdf77

The report token.


Get latest report

GET /rest/v2/reports/5605b488634efe810dff4276e28ca7f9/latest/
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses200400401403404500502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    }
  }
}

Bad Request - Malformed scan profile token.

Unauthorized - Invalid API key.

Forbidden - The API key cannot access this functionality.

Not Found - The specified scan profile does not exist or the API cannot access the profile.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

Get latest report
GET/rest/v2/reports/{scan_profile_token}/latest/

Returns the report summary for latest report for the scan profile identified by the scan profile token. The scan profile token can be retrieved using List scan profiles.

If there is no scan running for the profile, the report of the last scan is returned; otherwise the (partial) report for the ongoing scan is returned.

Dates are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.


Get detailed report

GET /rest/v2/detailedreports/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/?severity=high, medium, low, information&from=1516114800&to=1516119398
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses200400401403404500502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18,
  "findings": [
    "941c4794-379b-4efd-bccf-21c4f0c034b1"
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    },
    "findings": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "the finding UUIDs"
    }
  }
}

Bad Request - Malformed parameters.

Unauthorized - Invalid API key.

Forbidden - The API key cannot access this functionality.

Not Found - The specified report does not exist or the API cannot access the report.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

Get detailed report
GET/rest/v2/detailedreports/{scan_profile_token}/{report_token}/?severity={severity}&from={start_time}&to={end_time}

Only available for Enterprise plan.

Returns the detailed report summary for latest report for the scan profile identified by the scan profile token and report token.

The detailed report includes the collection of finding UUIDs above the report summary to identify findings within the report. The findings within the report can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time.

Dates are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

report_token
string (required) Example: 60a0fae258d2c952765e81054929c8e6a6fdbdf77

The report token.

severity
enum (optional) Example: high, medium, low, information

Filters the findings based on the finding severity.

start_time
string (optional) Example: 1516114800

Filters the last updated findings before the specified time.

end_time
string (optional) Example: 1516119398

Filters the last updated findings after the specified time.


Get latest detailed report

GET /rest/v2/detailedreports/5605b488634efe810dff4276e28ca7f9/latest/?severity=high, medium, low, information&from=1516114800&to=1516119398
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses200400401403404409423500502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18,
  "findings": [
    "941c4794-379b-4efd-bccf-21c4f0c034b1"
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    },
    "findings": {
      "type": "array",
      "items": {
        "type": "string"
      },
      "description": "the finding UUIDs"
    }
  }
}

Bad Request - Malformed parameters.

Unauthorized - Invalid API key.

Forbidden - The API key cannot access this functionality.

Not Found - The specified scan profile does not exist or the API cannot access the profile.

Conflict - A scan is already running on the specified profile.

Locked - The domain is not verified.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

Get latest detailed report
GET/rest/v2/detailedreports/{scan_profile_token}/latest/?severity={severity}&from={start_time}&to={end_time}

Only available for Enterprise plan.

Returns the detailed report summary for the latest report for the scan profile identified by the scan profile token. The scan profile token can be retrieved using List scan profiles.

If there is no scan running for the profile, the report of the last scan is returned; otherwise the (partial) report for the ongoing scan is returned. The detailed report includes the collection of finding UUIDs above the report summary to identify findings within the report. The findings within the report can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time.

Dates are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

severity
enum (optional) Example: high, medium, low, information

Filters the findings based on the finding severity.

start_time
string (optional) Example: 1516114800

Filters the last updated findings before the specified time.

end_time
string (optional) Example: 1516119398

Filters the last updated findings after the specified time.


Get full report

GET /rest/v2/fullreports/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/?severity=high, medium, low, information&from=1516114800&to=1516119398
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses200400401403404500502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18,
  "findings": [
    {
      "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
      "report_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
      "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
      "signature": "52eadaa2-fb97-11e7-8c3f-9a214cf093ae",
      "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/941c4794-379b-4efd-bccf-21c4f0c034b1/",
      "found_at": "http://www.example.com/index.html",
      "timestamp": "2018-01-09T06:18:32Z",
      "title": "Cross Site Scripting (XSS)",
      "definition": {
        "uuid": "7fe484a3-0072-43a4-9051-17b02e47e9c8",
        "description": "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain.",
        "risk": "An attacker can use this to steal cookies, phishing, tabnabbing etc.",
        "references": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "link": "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting",
            "name": "REMEDIATION - Detectify Support Center - Cross Site Scripting",
            "source": "Detectify"
          }
        ]
      },
      "score": [
        {
          "version": "2.0",
          "score": "6.4",
          "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
        }
      ],
      "owasp": [
        {
          "year": "A7",
          "classification": "2017"
        }
      ],
      "details": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "type": "Geography",
          "name": "service_provider_host",
          "value": "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
        }
      ],
      "tags": [
        {
          "type": "Tag New",
          "value": "new"
        }
      ],
      "target": {
        "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
        "type": "Cookie",
        "url": "http://www.example.com/index.html",
        "address": "1.1.1.1",
        "port": 80,
        "name": "SessionId",
        "value": "7jq7ffrpe251o7rh5sapo079p2",
        "domain": "example.com",
        "path": "/",
        "secure": true,
        "httponly": "false",
        "expires": "2018-01-09T09:12:50Z",
        "request_method": "GET",
        "request_version": "1.1",
        "request_headers": [
          {
            "name": "Accept",
            "value": "text/html"
          }
        ],
        "request_body": "...",
        "request_body_base64": false,
        "response_status_code": 200,
        "response_reason_phrase": "OK",
        "response_version": "1.1",
        "response_headers": [
          {
            "name": "Accept",
            "value": "text/html"
          }
        ],
        "response_body": "...",
        "response_body_base64": false,
        "response_encoding": "utf-8"
      },
      "vulnerable_resources": {
        "vulnerable_headers": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "Strict-Transport-Security",
            "direction": "Request"
          }
        ],
        "expected_headers": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "Strict-Transport-Security",
            "direction": "Request",
            "value": "max-age=60000"
          }
        ],
        "vulnerable_cookies": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "SessionId"
          }
        ],
        "vulnerable_variables": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "username",
            "method": "GET"
          }
        ]
      },
      "command_lines": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "unix": "traceroute -m 40 -w 0.5 213.80.101.97",
          "windows": "tracert -h 40 -w 500 213.80.101.97"
        }
      ],
      "highlights": [
        {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "field": "url",
          "offset": 7,
          "length": 15
        }
      ]
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    },
    "findings": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the finding UUID"
          },
          "report_token": {
            "type": "string",
            "description": "the report token"
          },
          "scan_profile_token": {
            "type": "string",
            "description": "the scan profile token"
          },
          "signature": {
            "type": "string",
            "description": "the finding signature"
          },
          "url": {
            "type": "string",
            "description": "the direct URL of the finding"
          },
          "found_at": {
            "type": "string",
            "description": "the URL where the vulnerability was found"
          },
          "timestamp": {
            "type": "string",
            "description": "the time when the vulnerability was found"
          },
          "title": {
            "type": "string",
            "description": "the title of the finding"
          },
          "definition": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "description": {
                "type": "string",
                "description": "the generic description of the finding"
              },
              "risk": {
                "type": "string",
                "description": "the possible effect of the vulnerability"
              },
              "references": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "link": {
                      "type": "string",
                      "description": "the URL of the reference"
                    },
                    "name": {
                      "type": "string",
                      "description": "the name of the reference"
                    },
                    "source": {
                      "type": "string",
                      "description": "the name of the reference source"
                    }
                  }
                },
                "description": "a collection of references for further reading"
              }
            },
            "description": "generic information about the vulnerability"
          },
          "score": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "version": {
                  "type": "string",
                  "description": "the CVSS version"
                },
                "score": {
                  "type": "string",
                  "description": "the CVSS score"
                },
                "vector": {
                  "type": "string",
                  "description": "the CVSS vector"
                }
              }
            },
            "description": "the CVSS scores of the finding"
          },
          "owasp": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "year": {
                  "type": "string",
                  "description": "the year of the OWASP classification"
                },
                "classification": {
                  "type": "string",
                  "description": "the OWASP classification"
                }
              }
            },
            "description": "the OWASP classification of the finding"
          },
          "details": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "type": {
                  "type": "string",
                  "enum": [
                    "Geography",
                    "Graph",
                    "HTML",
                    "Image",
                    "Markdown",
                    "Text",
                    "Video"
                  ],
                  "description": "the type of the detail"
                },
                "name": {
                  "type": "string",
                  "enum": [
                    "service_provider_host",
                    "service_provider_name",
                    "service_provider_mail",
                    "domain_statistics_seed",
                    "domain_statistics_dns",
                    "domain_statistics_vhost",
                    "domain_statistics_crawler",
                    "boolean_based_sql_injection"
                  ],
                  "description": "the name of the detail"
                },
                "value": {
                  "type": "string",
                  "description": "the value of the detail"
                }
              }
            },
            "description": "detailed information on the finding"
          },
          "tags": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "type": {
                  "type": "string",
                  "description": "the type of the tag"
                },
                "value": {
                  "type": "string",
                  "description": "the value of the tag"
                }
              }
            },
            "description": "finding tags"
          },
          "target": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "type": {
                "type": "string",
                "enum": [
                  "Cookie",
                  "Domain",
                  "HTTP",
                  "IP",
                  "URL"
                ],
                "description": "the type of the target"
              },
              "url": {
                "type": "string",
                "description": "the target URL (Domain, URL)"
              },
              "address": {
                "type": "string",
                "description": "the domain or IP address (Domain, IP)"
              },
              "port": {
                "type": "number",
                "description": "the port (IP)"
              },
              "name": {
                "type": "string",
                "description": "the cookie name (Cookie)"
              },
              "value": {
                "type": "string",
                "description": "the cookie value (Cookie)"
              },
              "domain": {
                "type": "string",
                "description": "the cookie domain (Cookie)"
              },
              "path": {
                "type": "string",
                "description": "the cookie path (Cookie)"
              },
              "secure": {
                "type": "boolean",
                "description": "indicates whether the cookie is HTTPS only (Cookie)"
              },
              "httponly": {
                "type": "string",
                "description": "indicates whether the cookie is server side only (Cookie)"
              },
              "expires": {
                "type": "string",
                "description": "the date when the cookie expires (Cookie)"
              },
              "request_method": {
                "type": "string",
                "description": "the request method (HTTP)"
              },
              "request_version": {
                "type": "string",
                "description": "the request version (HTTP)"
              },
              "request_headers": {
                "type": "array",
                "description": "the array of request headers (HTTP)"
              },
              "request_body": {
                "type": "string",
                "description": "the request body (HTTP)"
              },
              "request_body_base64": {
                "type": "boolean",
                "description": "indicates whether the request body is BASE64 encoded (HTTP)"
              },
              "response_status_code": {
                "type": "number",
                "description": "the response status code (HTTP)"
              },
              "response_reason_phrase": {
                "type": "string",
                "description": "the response reason phrase (HTTP)"
              },
              "response_version": {
                "type": "string",
                "description": "the response version (HTTP)"
              },
              "response_headers": {
                "type": "array",
                "description": "the array of response headers (HTTP)"
              },
              "response_body": {
                "type": "string",
                "description": "the response body (HTTP)"
              },
              "response_body_base64": {
                "type": "boolean",
                "description": "indicates whether the response body is BASE64 encoded (HTTP)"
              },
              "response_encoding": {
                "type": "string",
                "description": "the response encoding"
              }
            },
            "description": "the target of the finding"
          },
          "vulnerable_resources": {
            "type": "object",
            "properties": {
              "vulnerable_headers": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the header name"
                    },
                    "direction": {
                      "type": "string",
                      "enum": [
                        "Request",
                        "Response",
                        "Request/Response"
                      ],
                      "description": "the direction of the header"
                    }
                  }
                },
                "description": "the array of vulnerable headers"
              },
              "expected_headers": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the header name"
                    },
                    "direction": {
                      "type": "string",
                      "enum": [
                        "Request",
                        "Response",
                        "Request/Response"
                      ],
                      "description": "the direction of the header"
                    },
                    "value": {
                      "type": "string",
                      "description": "the expected value"
                    }
                  }
                },
                "description": "the array of expected headers"
              },
              "vulnerable_cookies": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the cookie name"
                    }
                  }
                },
                "description": "the array of vulnerable cookies"
              },
              "vulnerable_variables": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the variable name"
                    },
                    "method": {
                      "type": "string",
                      "description": "the HTTP method"
                    }
                  }
                },
                "description": "the array of vulnerable variables"
              }
            },
            "description": "resources on the vulnerability"
          },
          "command_lines": {
            "type": "array",
            "description": "the command lines to reproduce the finding"
          },
          "highlights": {
            "type": "array",
            "description": "the highlights within the finding"
          }
        }
      },
      "description": "the findings"
    }
  }
}

Bad Request - Malformed parameters.

Unauthorized - Invalid API key.

Forbidden - The API key cannot access this functionality.

Not Found - The specified report does not exist or the API cannot access the report.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

Get full report
GET/rest/v2/fullreports/{scan_profile_token}/{report_token}/?severity={severity}&from={start_time}&to={end_time}

Only available for Enterprise plan.

Returns the report for latest report for the scan profile identified by the scan profile token and report token.

The findings within the report can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time. The call returns at most one thousand findings. Please use filtering if the report contains more.

Dates are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

report_token
string (required) Example: 60a0fae258d2c952765e81054929c8e6a6fdbdf77

The report token.

severity
enum (optional) Example: high, medium, low, information

Filters the findings based on the finding severity.

start_time
string (optional) Example: 1516114800

Filters the last updated findings before the specified time.

end_time
string (optional) Example: 1516119398

Filters the last updated findings after the specified time.


Get latest full report

GET /rest/v2/fullreports/5605b488634efe810dff4276e28ca7f9/latest/?severity=high, medium, low, information&from=1516114800&to=1516119398
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses200400401403404500502503504

OK - Returned report.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_name": "example profile",
  "created": "2018-01-09T06:07:12Z",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/",
  "cvss": 9.3,
  "high_level_findings": 4,
  "medium_level_findings": 7,
  "low_level_findings": 11,
  "information_findings": 18,
  "findings": [
    {
      "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
      "report_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
      "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
      "signature": "52eadaa2-fb97-11e7-8c3f-9a214cf093ae",
      "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/941c4794-379b-4efd-bccf-21c4f0c034b1/",
      "found_at": "http://www.example.com/index.html",
      "timestamp": "2018-01-09T06:18:32Z",
      "title": "Cross Site Scripting (XSS)",
      "definition": {
        "uuid": "7fe484a3-0072-43a4-9051-17b02e47e9c8",
        "description": "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain.",
        "risk": "An attacker can use this to steal cookies, phishing, tabnabbing etc.",
        "references": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "link": "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting",
            "name": "REMEDIATION - Detectify Support Center - Cross Site Scripting",
            "source": "Detectify"
          }
        ]
      },
      "score": [
        {
          "version": "2.0",
          "score": "6.4",
          "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
        }
      ],
      "owasp": [
        {
          "year": "A7",
          "classification": "2017"
        }
      ],
      "details": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "type": "Geography",
          "name": "service_provider_host",
          "value": "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
        }
      ],
      "tags": [
        {
          "type": "Tag New",
          "value": "new"
        }
      ],
      "target": {
        "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
        "type": "Cookie",
        "url": "http://www.example.com/index.html",
        "address": "1.1.1.1",
        "port": 80,
        "name": "SessionId",
        "value": "7jq7ffrpe251o7rh5sapo079p2",
        "domain": "example.com",
        "path": "/",
        "secure": true,
        "httponly": "false",
        "expires": "2018-01-09T09:12:50Z",
        "request_method": "GET",
        "request_version": "1.1",
        "request_headers": [
          {
            "name": "Accept",
            "value": "text/html"
          }
        ],
        "request_body": "...",
        "request_body_base64": false,
        "response_status_code": 200,
        "response_reason_phrase": "OK",
        "response_version": "1.1",
        "response_headers": [
          {
            "name": "Accept",
            "value": "text/html"
          }
        ],
        "response_body": "...",
        "response_body_base64": false,
        "response_encoding": "utf-8"
      },
      "vulnerable_resources": {
        "vulnerable_headers": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "Strict-Transport-Security",
            "direction": "Request"
          }
        ],
        "expected_headers": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "Strict-Transport-Security",
            "direction": "Request",
            "value": "max-age=60000"
          }
        ],
        "vulnerable_cookies": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "SessionId"
          }
        ],
        "vulnerable_variables": [
          {
            "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
            "name": "username",
            "method": "GET"
          }
        ]
      },
      "command_lines": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "unix": "traceroute -m 40 -w 0.5 213.80.101.97",
          "windows": "tracert -h 40 -w 500 213.80.101.97"
        }
      ],
      "highlights": [
        {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "field": "url",
          "offset": 7,
          "length": 15
        }
      ]
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "scan_profile_name": {
      "type": "string",
      "description": "the name of the scan profile"
    },
    "created": {
      "type": "string",
      "description": "the time the report was created"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the report"
    },
    "cvss": {
      "type": "number",
      "description": "the overall CVSS score of the report"
    },
    "high_level_findings": {
      "type": "number",
      "description": "the number of high level vulnerabilities"
    },
    "medium_level_findings": {
      "type": "number",
      "description": "the number of medium level vulnerabilities"
    },
    "low_level_findings": {
      "type": "number",
      "description": "the number of low level vulnerabilities"
    },
    "information_findings": {
      "type": "number",
      "description": "the number of information findings"
    },
    "findings": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the finding UUID"
          },
          "report_token": {
            "type": "string",
            "description": "the report token"
          },
          "scan_profile_token": {
            "type": "string",
            "description": "the scan profile token"
          },
          "signature": {
            "type": "string",
            "description": "the finding signature"
          },
          "url": {
            "type": "string",
            "description": "the direct URL of the finding"
          },
          "found_at": {
            "type": "string",
            "description": "the URL where the vulnerability was found"
          },
          "timestamp": {
            "type": "string",
            "description": "the time when the vulnerability was found"
          },
          "title": {
            "type": "string",
            "description": "the title of the finding"
          },
          "definition": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "description": {
                "type": "string",
                "description": "the generic description of the finding"
              },
              "risk": {
                "type": "string",
                "description": "the possible effect of the vulnerability"
              },
              "references": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "link": {
                      "type": "string",
                      "description": "the URL of the reference"
                    },
                    "name": {
                      "type": "string",
                      "description": "the name of the reference"
                    },
                    "source": {
                      "type": "string",
                      "description": "the name of the reference source"
                    }
                  }
                },
                "description": "a collection of references for further reading"
              }
            },
            "description": "generic information about the vulnerability"
          },
          "score": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "version": {
                  "type": "string",
                  "description": "the CVSS version"
                },
                "score": {
                  "type": "string",
                  "description": "the CVSS score"
                },
                "vector": {
                  "type": "string",
                  "description": "the CVSS vector"
                }
              }
            },
            "description": "the CVSS scores of the finding"
          },
          "owasp": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "year": {
                  "type": "string",
                  "description": "the year of the OWASP classification"
                },
                "classification": {
                  "type": "string",
                  "description": "the OWASP classification"
                }
              }
            },
            "description": "the OWASP classification of the finding"
          },
          "details": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "type": {
                  "type": "string",
                  "enum": [
                    "Geography",
                    "Graph",
                    "HTML",
                    "Image",
                    "Markdown",
                    "Text",
                    "Video"
                  ],
                  "description": "the type of the detail"
                },
                "name": {
                  "type": "string",
                  "enum": [
                    "service_provider_host",
                    "service_provider_name",
                    "service_provider_mail",
                    "domain_statistics_seed",
                    "domain_statistics_dns",
                    "domain_statistics_vhost",
                    "domain_statistics_crawler",
                    "boolean_based_sql_injection"
                  ],
                  "description": "the name of the detail"
                },
                "value": {
                  "type": "string",
                  "description": "the value of the detail"
                }
              }
            },
            "description": "detailed information on the finding"
          },
          "tags": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "type": {
                  "type": "string",
                  "description": "the type of the tag"
                },
                "value": {
                  "type": "string",
                  "description": "the value of the tag"
                }
              }
            },
            "description": "finding tags"
          },
          "target": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "type": {
                "type": "string",
                "enum": [
                  "Cookie",
                  "Domain",
                  "HTTP",
                  "IP",
                  "URL"
                ],
                "description": "the type of the target"
              },
              "url": {
                "type": "string",
                "description": "the target URL (Domain, URL)"
              },
              "address": {
                "type": "string",
                "description": "the domain or IP address (Domain, IP)"
              },
              "port": {
                "type": "number",
                "description": "the port (IP)"
              },
              "name": {
                "type": "string",
                "description": "the cookie name (Cookie)"
              },
              "value": {
                "type": "string",
                "description": "the cookie value (Cookie)"
              },
              "domain": {
                "type": "string",
                "description": "the cookie domain (Cookie)"
              },
              "path": {
                "type": "string",
                "description": "the cookie path (Cookie)"
              },
              "secure": {
                "type": "boolean",
                "description": "indicates whether the cookie is HTTPS only (Cookie)"
              },
              "httponly": {
                "type": "string",
                "description": "indicates whether the cookie is server side only (Cookie)"
              },
              "expires": {
                "type": "string",
                "description": "the date when the cookie expires (Cookie)"
              },
              "request_method": {
                "type": "string",
                "description": "the request method (HTTP)"
              },
              "request_version": {
                "type": "string",
                "description": "the request version (HTTP)"
              },
              "request_headers": {
                "type": "array",
                "description": "the array of request headers (HTTP)"
              },
              "request_body": {
                "type": "string",
                "description": "the request body (HTTP)"
              },
              "request_body_base64": {
                "type": "boolean",
                "description": "indicates whether the request body is BASE64 encoded (HTTP)"
              },
              "response_status_code": {
                "type": "number",
                "description": "the response status code (HTTP)"
              },
              "response_reason_phrase": {
                "type": "string",
                "description": "the response reason phrase (HTTP)"
              },
              "response_version": {
                "type": "string",
                "description": "the response version (HTTP)"
              },
              "response_headers": {
                "type": "array",
                "description": "the array of response headers (HTTP)"
              },
              "response_body": {
                "type": "string",
                "description": "the response body (HTTP)"
              },
              "response_body_base64": {
                "type": "boolean",
                "description": "indicates whether the response body is BASE64 encoded (HTTP)"
              },
              "response_encoding": {
                "type": "string",
                "description": "the response encoding"
              }
            },
            "description": "the target of the finding"
          },
          "vulnerable_resources": {
            "type": "object",
            "properties": {
              "vulnerable_headers": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the header name"
                    },
                    "direction": {
                      "type": "string",
                      "enum": [
                        "Request",
                        "Response",
                        "Request/Response"
                      ],
                      "description": "the direction of the header"
                    }
                  }
                },
                "description": "the array of vulnerable headers"
              },
              "expected_headers": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the header name"
                    },
                    "direction": {
                      "type": "string",
                      "enum": [
                        "Request",
                        "Response",
                        "Request/Response"
                      ],
                      "description": "the direction of the header"
                    },
                    "value": {
                      "type": "string",
                      "description": "the expected value"
                    }
                  }
                },
                "description": "the array of expected headers"
              },
              "vulnerable_cookies": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the cookie name"
                    }
                  }
                },
                "description": "the array of vulnerable cookies"
              },
              "vulnerable_variables": {
                "type": "array",
                "items": {
                  "type": "object",
                  "properties": {
                    "uuid": {
                      "type": "string",
                      "description": "the unique identifier of the node"
                    },
                    "name": {
                      "type": "string",
                      "description": "the variable name"
                    },
                    "method": {
                      "type": "string",
                      "description": "the HTTP method"
                    }
                  }
                },
                "description": "the array of vulnerable variables"
              }
            },
            "description": "resources on the vulnerability"
          },
          "command_lines": {
            "type": "array",
            "description": "the command lines to reproduce the finding"
          },
          "highlights": {
            "type": "array",
            "description": "the highlights within the finding"
          }
        }
      },
      "description": "the findings"
    }
  }
}

Bad Request - Malformed parameters.

Unauthorized - Invalid API key.

Forbidden - The API key cannot access this functionality.

Not Found - The specified scan profile does not exist or the API cannot access the profile.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

Get latest full report
GET/rest/v2/fullreports/{scan_profile_token}/latest/?severity={severity}&from={start_time}&to={end_time}

Only available for Enterprise plan.

Returns the latest report for the scan profile identified by the scan profile token. The scan profile token can be retrieved using List scan profiles.

If there is no scan running for the profile, the report of the last scan is returned; otherwise the (partial) report for the ongoing scan is returned. The findings within the report can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time. The call returns at most one thousand findings. Please use filtering if the report contains more.

Dates are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

severity
enum (optional) Example: high, medium, low, information

Filters the findings based on the finding severity.

start_time
string (optional) Example: 1516114800

Filters the last updated findings before the specified time.

end_time
string (optional) Example: 1516119398

Filters the last updated findings after the specified time.


Findings

Findings are the individual entries in a report that represent either a vulnerability or other information acquired or produced during a scan. Findings have multi-level structure as various information is gathered and aggregated.

Findings are identified by the finding universally unique identifier (UUID). The finding UUID is unique for each finding. Therefore, even if the same vulnerability occurs for multiple scans on the same scan profile, the UUID will be different. To track reoccuring findings between different reports, use finding signature. In addition to finding UUID, most nodes within findings have additional UUID values which are used to identify the node for highlighting. For more details, see highlighting.

Findings include basic information as the title and location of the finding, the direct finding URL, and more complex information:

  • signature: The finding signature, which is a hash of finding information and will be the same for findings occuring in multiple scans for the same scan profile. Hence, the signature can be used to track reoccuring findings.

  • definition: Generic information about a vulnerability, such as risk and a collection of references for further reading.

  • score: The CVSS score information, that contains the CVSS version and vector used to compute the score. Multiple scores can be present for different CVSS versions (e.g. CVSS v2 and v3).

  • OWASP: The OWASP Top 10 classification information based on the year. Multiple scores can be present for different years.

  • details: Detailed information on the vulnerability/information. Finding details include type, name and value.

    The type indicates the format of the value, which can be:

    • Geography: Indicates geographic information following this scheme:

      {latitude}, {longitude}, {country name} ({county code}), {region}, {city} {zip code}

    • Graph: Indicates differences between two sets of data points following this scheme:

      {unit of measurement}, pos=[{positive probe 1}, …], neg=[{negative probe 2}, …]

    • HTML: Indicates a HTML snippet.

    • Image: Indicates an image URL (which can be data URL).

    • Markdown: Indicates a markdown snippet written in GitHub flawored markdown.

    • Text: Indicates plain text.

    • Video: Indicates a video URL.

    The name indicates the topic of the value:

    • boolean_based_sql_injection: Indicates an SQL injection.
    • service_provider_name: Indicates the name provider/name service used.
    • service_provider_host: Indicates the hosting provider/providers used.
    • service_provider_mail: Indicates the mail provider/providers used.
    • domain_statistics_seed: Indicates the seeded domains discovered.
    • domain_statistics_dns: Indicates the domains discovered by DNS bruteforcing.
    • domain_statistics_vhost: Indicates the domains discovered by VHOST bruteforcing.
    • domain_statistics_crawler: Indicates the domains discovered by crawling around on the web application.
  • tags: Provides additional information about the finding and enables categorization. Tags come with type and value, where type reflects to the purpose of the tag. Currently supported tag types:

    • Accepted Risk: Marks a finding as accepted risk. Can be added/removed by the user through the website.
    • Crowdsourced: Indicates that the finding comes from a module implemented from crowdsource.
    • False Positive: Marks a finding as accepted risk. Can be added/removed by the user through the website.
    • Fixed/Patched: Marks a finding as fixed. Can be added/removed by the user through the website.
    • High/Medium/Low: Marks the finding severity, used in the website.
    • New: Indicates that the finding is new, and did not appear in previous scans.
  • target: Provides information on the target of the vulnerability. The information depends on the type value. Supported types are:

    • Cookie: Indicates a HTTP cookie. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "Cookie",
          "version": "1.1",
          "name": "SessionId",
          "value": "7jq7ffrpe251o7rh5sapo079p2",
          "domain": "example.com",
          "path": "/",
          "secure": true,
          "httponly": false,
          "expires": "2018-01-09T09:12:50Z"
      }
    • Domain: Indicates a domain. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "Domain",
          "address": "example.com"
      }
    • HTTP: Indicates a HTTP request with complete information on request/response. Example:

      {
          "uuid":"c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "HTTP",
          "url": "http://www.example.com/index.html",
          "request_method": "GET",
          "request_version": "1.1",
          "request_headers": [
              {
                  "name": "Accept",
                  "value": "text/html"
              }
          ],
          "request_body": "",
          "request_body_base64": false,
          "response_status_code": 200,
          "response_reason_phrase": "OK",
          "response_version": "1.1",
          "response_headers": [
              {
                  "name": "Transfer-Encoding",
                  "value": "chunked"
              }
          ],
          "response_body": "...",
          "response_body_base64": false,
          "response_encoding": "utf-8"
      }
    • IP: Indicates an IP address and optionally a port number. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "IP",
          "address": "1.1.1.1",
          "port": 80
      }
    • URL: Indicates an URL. Example:

      {
          "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
          "type": "URL",
          "url": "http://www.example.com/index.html"
      }
  • vulnerable_resources: The collection of resources that result in the vulnerability grouped into headers, cookies and variables and expected headers (the lack of which causes the vulnerability).

  • command_lines: The collection of commands that can be used to recreate the vulnerabilty in a terminal.

  • highlights: Highlighting is a formatting possibility for the findings to mark important information. Highlighting is based on the UUID of the nodes within the finding JSON. Hence, all possible nodes that can be highlighted have a uuid field. The higlight nodes specifies the marked part using field, offset and length values. Field contains the key of the field, whilst offset and length define the part of the value, which is highlighted.

    Example for highlighting www.example.com in the above specified HTTP target’s URL:

    {
        "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
        "field": "url",
        "offset": 7,
        "length": 15
    }

Get findings for scan profile

GET /rest/v2/findings/5605b488634efe810dff4276e28ca7f9/?severity=high, medium, low, information&from=1516114800&to=1516119398
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses200400401403404500502503504

OK - Returned findings.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
    "report_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
    "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
    "signature": "52eadaa2-fb97-11e7-8c3f-9a214cf093ae",
    "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/941c4794-379b-4efd-bccf-21c4f0c034b1/",
    "found_at": "http://www.example.com/index.html",
    "timestamp": "2018-01-09T06:18:32Z",
    "title": "Cross Site Scripting (XSS)",
    "definition": {
      "uuid": "7fe484a3-0072-43a4-9051-17b02e47e9c8",
      "description": "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain.",
      "risk": "An attacker can use this to steal cookies, phishing, tabnabbing etc.",
      "references": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "link": "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting",
          "name": "REMEDIATION - Detectify Support Center - Cross Site Scripting",
          "source": "Detectify"
        }
      ]
    },
    "score": [
      {
        "version": "2.0",
        "score": "6.4",
        "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
      }
    ],
    "owasp": [
      {
        "year": "A7",
        "classification": "2017"
      }
    ],
    "details": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "type": "Geography",
        "name": "service_provider_host",
        "value": "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
      }
    ],
    "tags": [
      {
        "type": "Tag New",
        "value": "new"
      }
    ],
    "target": {
      "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
      "type": "Cookie",
      "url": "http://www.example.com/index.html",
      "address": "1.1.1.1",
      "port": 80,
      "name": "SessionId",
      "value": "7jq7ffrpe251o7rh5sapo079p2",
      "domain": "example.com",
      "path": "/",
      "secure": true,
      "httponly": "false",
      "expires": "2018-01-09T09:12:50Z",
      "request_method": "GET",
      "request_version": "1.1",
      "request_headers": [
        {
          "name": "Accept",
          "value": "text/html"
        }
      ],
      "request_body": "...",
      "request_body_base64": false,
      "response_status_code": 200,
      "response_reason_phrase": "OK",
      "response_version": "1.1",
      "response_headers": [
        {
          "name": "Accept",
          "value": "text/html"
        }
      ],
      "response_body": "...",
      "response_body_base64": false,
      "response_encoding": "utf-8"
    },
    "vulnerable_resources": {
      "vulnerable_headers": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "Strict-Transport-Security",
          "direction": "Request"
        }
      ],
      "expected_headers": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "Strict-Transport-Security",
          "direction": "Request",
          "value": "max-age=60000"
        }
      ],
      "vulnerable_cookies": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "SessionId"
        }
      ],
      "vulnerable_variables": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "username",
          "method": "GET"
        }
      ]
    },
    "command_lines": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "unix": "traceroute -m 40 -w 0.5 213.80.101.97",
        "windows": "tracert -h 40 -w 500 213.80.101.97"
      }
    ],
    "highlights": [
      {
        "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
        "field": "url",
        "offset": 7,
        "length": 15
      }
    ]
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "uuid": {
        "type": "string",
        "description": "the finding UUID"
      },
      "report_token": {
        "type": "string",
        "description": "the report token"
      },
      "scan_profile_token": {
        "type": "string",
        "description": "the scan profile token"
      },
      "signature": {
        "type": "string",
        "description": "the finding signature"
      },
      "url": {
        "type": "string",
        "description": "the direct URL of the finding"
      },
      "found_at": {
        "type": "string",
        "description": "the URL where the vulnerability was found"
      },
      "timestamp": {
        "type": "string",
        "description": "the time when the vulnerability was found"
      },
      "title": {
        "type": "string",
        "description": "the title of the finding"
      },
      "definition": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the unique identifier of the node"
          },
          "description": {
            "type": "string",
            "description": "the generic description of the finding"
          },
          "risk": {
            "type": "string",
            "description": "the possible effect of the vulnerability"
          },
          "references": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "link": {
                  "type": "string",
                  "description": "the URL of the reference"
                },
                "name": {
                  "type": "string",
                  "description": "the name of the reference"
                },
                "source": {
                  "type": "string",
                  "description": "the name of the reference source"
                }
              }
            },
            "description": "a collection of references for further reading"
          }
        },
        "description": "generic information about the vulnerability"
      },
      "score": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "version": {
              "type": "string",
              "description": "the CVSS version"
            },
            "score": {
              "type": "string",
              "description": "the CVSS score"
            },
            "vector": {
              "type": "string",
              "description": "the CVSS vector"
            }
          }
        },
        "description": "the CVSS scores of the finding"
      },
      "owasp": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "year": {
              "type": "string",
              "description": "the year of the OWASP classification"
            },
            "classification": {
              "type": "string",
              "description": "the OWASP classification"
            }
          }
        },
        "description": "the OWASP classification of the finding"
      },
      "details": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "uuid": {
              "type": "string",
              "description": "the unique identifier of the node"
            },
            "type": {
              "type": "string",
              "enum": [
                "Geography",
                "Graph",
                "HTML",
                "Image",
                "Markdown",
                "Text",
                "Video"
              ],
              "description": "the type of the detail"
            },
            "name": {
              "type": "string",
              "enum": [
                "service_provider_host",
                "service_provider_name",
                "service_provider_mail",
                "domain_statistics_seed",
                "domain_statistics_dns",
                "domain_statistics_vhost",
                "domain_statistics_crawler",
                "boolean_based_sql_injection"
              ],
              "description": "the name of the detail"
            },
            "value": {
              "type": "string",
              "description": "the value of the detail"
            }
          }
        },
        "description": "detailed information on the finding"
      },
      "tags": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "type": {
              "type": "string",
              "description": "the type of the tag"
            },
            "value": {
              "type": "string",
              "description": "the value of the tag"
            }
          }
        },
        "description": "finding tags"
      },
      "target": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the unique identifier of the node"
          },
          "type": {
            "type": "string",
            "enum": [
              "Cookie",
              "Domain",
              "HTTP",
              "IP",
              "URL"
            ],
            "description": "the type of the target"
          },
          "url": {
            "type": "string",
            "description": "the target URL (Domain, URL)"
          },
          "address": {
            "type": "string",
            "description": "the domain or IP address (Domain, IP)"
          },
          "port": {
            "type": "number",
            "description": "the port (IP)"
          },
          "name": {
            "type": "string",
            "description": "the cookie name (Cookie)"
          },
          "value": {
            "type": "string",
            "description": "the cookie value (Cookie)"
          },
          "domain": {
            "type": "string",
            "description": "the cookie domain (Cookie)"
          },
          "path": {
            "type": "string",
            "description": "the cookie path (Cookie)"
          },
          "secure": {
            "type": "boolean",
            "description": "indicates whether the cookie is HTTPS only (Cookie)"
          },
          "httponly": {
            "type": "string",
            "description": "indicates whether the cookie is server side only (Cookie)"
          },
          "expires": {
            "type": "string",
            "description": "the date when the cookie expires (Cookie)"
          },
          "request_method": {
            "type": "string",
            "description": "the request method (HTTP)"
          },
          "request_version": {
            "type": "string",
            "description": "the request version (HTTP)"
          },
          "request_headers": {
            "type": "array",
            "description": "the array of request headers (HTTP)"
          },
          "request_body": {
            "type": "string",
            "description": "the request body (HTTP)"
          },
          "request_body_base64": {
            "type": "boolean",
            "description": "indicates whether the request body is BASE64 encoded (HTTP)"
          },
          "response_status_code": {
            "type": "number",
            "description": "the response status code (HTTP)"
          },
          "response_reason_phrase": {
            "type": "string",
            "description": "the response reason phrase (HTTP)"
          },
          "response_version": {
            "type": "string",
            "description": "the response version (HTTP)"
          },
          "response_headers": {
            "type": "array",
            "description": "the array of response headers (HTTP)"
          },
          "response_body": {
            "type": "string",
            "description": "the response body (HTTP)"
          },
          "response_body_base64": {
            "type": "boolean",
            "description": "indicates whether the response body is BASE64 encoded (HTTP)"
          },
          "response_encoding": {
            "type": "string",
            "description": "the response encoding"
          }
        },
        "description": "the target of the finding"
      },
      "vulnerable_resources": {
        "type": "object",
        "properties": {
          "vulnerable_headers": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the header name"
                },
                "direction": {
                  "type": "string",
                  "enum": [
                    "Request",
                    "Response",
                    "Request/Response"
                  ],
                  "description": "the direction of the header"
                }
              }
            },
            "description": "the array of vulnerable headers"
          },
          "expected_headers": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the header name"
                },
                "direction": {
                  "type": "string",
                  "enum": [
                    "Request",
                    "Response",
                    "Request/Response"
                  ],
                  "description": "the direction of the header"
                },
                "value": {
                  "type": "string",
                  "description": "the expected value"
                }
              }
            },
            "description": "the array of expected headers"
          },
          "vulnerable_cookies": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the cookie name"
                }
              }
            },
            "description": "the array of vulnerable cookies"
          },
          "vulnerable_variables": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the variable name"
                },
                "method": {
                  "type": "string",
                  "description": "the HTTP method"
                }
              }
            },
            "description": "the array of vulnerable variables"
          }
        },
        "description": "resources on the vulnerability"
      },
      "command_lines": {
        "type": "array",
        "description": "the command lines to reproduce the finding"
      },
      "highlights": {
        "type": "array",
        "description": "the highlights within the finding"
      }
    }
  }
}

Bad Request - Malformed parameters.

Unauthorized - Invalid API key.

Forbidden - The API key cannot access this functionality.

Not Found - The specified scan profile does not exist or the API cannot access the profile.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

Get findings for scan profile
GET/rest/v2/findings/{scan_profile_token}/?severity={severity}&from={start_time}&to={end_time}

Only available for Enterprise plan.

Returns findings for the scan profile identified by the scan profile token. The scan profile token can be retrieved using List scan profiles.

The findings can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time. The call returns at most one thousand findings starting with the latest report. Please use filtering if the profile contains more. If there are no findings available for the specified arguments, an empty array is returned.

Dates are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

severity
enum (optional) Example: high, medium, low, information

Filters the findings based on the finding severity.

start_time
string (optional) Example: 1516114800

Filters the last updated findings before the specified time.

end_time
string (optional) Example: 1516119398

Filters the last updated findings after the specified time.


Get findings for report

GET /rest/v2/findings/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77?severity=high, medium, low, information&from=1516114800&to=1516119398
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses200400401403404500502503504

OK - Returned findings.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
[
  {
    "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
    "report_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
    "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
    "signature": "52eadaa2-fb97-11e7-8c3f-9a214cf093ae",
    "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/941c4794-379b-4efd-bccf-21c4f0c034b1/",
    "found_at": "http://www.example.com/index.html",
    "timestamp": "2018-01-09T06:18:32Z",
    "title": "Cross Site Scripting (XSS)",
    "definition": {
      "uuid": "7fe484a3-0072-43a4-9051-17b02e47e9c8",
      "description": "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain.",
      "risk": "An attacker can use this to steal cookies, phishing, tabnabbing etc.",
      "references": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "link": "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting",
          "name": "REMEDIATION - Detectify Support Center - Cross Site Scripting",
          "source": "Detectify"
        }
      ]
    },
    "score": [
      {
        "version": "2.0",
        "score": "6.4",
        "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
      }
    ],
    "owasp": [
      {
        "year": "A7",
        "classification": "2017"
      }
    ],
    "details": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "type": "Geography",
        "name": "service_provider_host",
        "value": "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
      }
    ],
    "tags": [
      {
        "type": "Tag New",
        "value": "new"
      }
    ],
    "target": {
      "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
      "type": "Cookie",
      "url": "http://www.example.com/index.html",
      "address": "1.1.1.1",
      "port": 80,
      "name": "SessionId",
      "value": "7jq7ffrpe251o7rh5sapo079p2",
      "domain": "example.com",
      "path": "/",
      "secure": true,
      "httponly": "false",
      "expires": "2018-01-09T09:12:50Z",
      "request_method": "GET",
      "request_version": "1.1",
      "request_headers": [
        {
          "name": "Accept",
          "value": "text/html"
        }
      ],
      "request_body": "...",
      "request_body_base64": false,
      "response_status_code": 200,
      "response_reason_phrase": "OK",
      "response_version": "1.1",
      "response_headers": [
        {
          "name": "Accept",
          "value": "text/html"
        }
      ],
      "response_body": "...",
      "response_body_base64": false,
      "response_encoding": "utf-8"
    },
    "vulnerable_resources": {
      "vulnerable_headers": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "Strict-Transport-Security",
          "direction": "Request"
        }
      ],
      "expected_headers": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "Strict-Transport-Security",
          "direction": "Request",
          "value": "max-age=60000"
        }
      ],
      "vulnerable_cookies": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "SessionId"
        }
      ],
      "vulnerable_variables": [
        {
          "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
          "name": "username",
          "method": "GET"
        }
      ]
    },
    "command_lines": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "unix": "traceroute -m 40 -w 0.5 213.80.101.97",
        "windows": "tracert -h 40 -w 500 213.80.101.97"
      }
    ],
    "highlights": [
      {
        "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
        "field": "url",
        "offset": 7,
        "length": 15
      }
    ]
  }
]
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "uuid": {
        "type": "string",
        "description": "the finding UUID"
      },
      "report_token": {
        "type": "string",
        "description": "the report token"
      },
      "scan_profile_token": {
        "type": "string",
        "description": "the scan profile token"
      },
      "signature": {
        "type": "string",
        "description": "the finding signature"
      },
      "url": {
        "type": "string",
        "description": "the direct URL of the finding"
      },
      "found_at": {
        "type": "string",
        "description": "the URL where the vulnerability was found"
      },
      "timestamp": {
        "type": "string",
        "description": "the time when the vulnerability was found"
      },
      "title": {
        "type": "string",
        "description": "the title of the finding"
      },
      "definition": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the unique identifier of the node"
          },
          "description": {
            "type": "string",
            "description": "the generic description of the finding"
          },
          "risk": {
            "type": "string",
            "description": "the possible effect of the vulnerability"
          },
          "references": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "link": {
                  "type": "string",
                  "description": "the URL of the reference"
                },
                "name": {
                  "type": "string",
                  "description": "the name of the reference"
                },
                "source": {
                  "type": "string",
                  "description": "the name of the reference source"
                }
              }
            },
            "description": "a collection of references for further reading"
          }
        },
        "description": "generic information about the vulnerability"
      },
      "score": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "version": {
              "type": "string",
              "description": "the CVSS version"
            },
            "score": {
              "type": "string",
              "description": "the CVSS score"
            },
            "vector": {
              "type": "string",
              "description": "the CVSS vector"
            }
          }
        },
        "description": "the CVSS scores of the finding"
      },
      "owasp": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "year": {
              "type": "string",
              "description": "the year of the OWASP classification"
            },
            "classification": {
              "type": "string",
              "description": "the OWASP classification"
            }
          }
        },
        "description": "the OWASP classification of the finding"
      },
      "details": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "uuid": {
              "type": "string",
              "description": "the unique identifier of the node"
            },
            "type": {
              "type": "string",
              "enum": [
                "Geography",
                "Graph",
                "HTML",
                "Image",
                "Markdown",
                "Text",
                "Video"
              ],
              "description": "the type of the detail"
            },
            "name": {
              "type": "string",
              "enum": [
                "service_provider_host",
                "service_provider_name",
                "service_provider_mail",
                "domain_statistics_seed",
                "domain_statistics_dns",
                "domain_statistics_vhost",
                "domain_statistics_crawler",
                "boolean_based_sql_injection"
              ],
              "description": "the name of the detail"
            },
            "value": {
              "type": "string",
              "description": "the value of the detail"
            }
          }
        },
        "description": "detailed information on the finding"
      },
      "tags": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "type": {
              "type": "string",
              "description": "the type of the tag"
            },
            "value": {
              "type": "string",
              "description": "the value of the tag"
            }
          }
        },
        "description": "finding tags"
      },
      "target": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the unique identifier of the node"
          },
          "type": {
            "type": "string",
            "enum": [
              "Cookie",
              "Domain",
              "HTTP",
              "IP",
              "URL"
            ],
            "description": "the type of the target"
          },
          "url": {
            "type": "string",
            "description": "the target URL (Domain, URL)"
          },
          "address": {
            "type": "string",
            "description": "the domain or IP address (Domain, IP)"
          },
          "port": {
            "type": "number",
            "description": "the port (IP)"
          },
          "name": {
            "type": "string",
            "description": "the cookie name (Cookie)"
          },
          "value": {
            "type": "string",
            "description": "the cookie value (Cookie)"
          },
          "domain": {
            "type": "string",
            "description": "the cookie domain (Cookie)"
          },
          "path": {
            "type": "string",
            "description": "the cookie path (Cookie)"
          },
          "secure": {
            "type": "boolean",
            "description": "indicates whether the cookie is HTTPS only (Cookie)"
          },
          "httponly": {
            "type": "string",
            "description": "indicates whether the cookie is server side only (Cookie)"
          },
          "expires": {
            "type": "string",
            "description": "the date when the cookie expires (Cookie)"
          },
          "request_method": {
            "type": "string",
            "description": "the request method (HTTP)"
          },
          "request_version": {
            "type": "string",
            "description": "the request version (HTTP)"
          },
          "request_headers": {
            "type": "array",
            "description": "the array of request headers (HTTP)"
          },
          "request_body": {
            "type": "string",
            "description": "the request body (HTTP)"
          },
          "request_body_base64": {
            "type": "boolean",
            "description": "indicates whether the request body is BASE64 encoded (HTTP)"
          },
          "response_status_code": {
            "type": "number",
            "description": "the response status code (HTTP)"
          },
          "response_reason_phrase": {
            "type": "string",
            "description": "the response reason phrase (HTTP)"
          },
          "response_version": {
            "type": "string",
            "description": "the response version (HTTP)"
          },
          "response_headers": {
            "type": "array",
            "description": "the array of response headers (HTTP)"
          },
          "response_body": {
            "type": "string",
            "description": "the response body (HTTP)"
          },
          "response_body_base64": {
            "type": "boolean",
            "description": "indicates whether the response body is BASE64 encoded (HTTP)"
          },
          "response_encoding": {
            "type": "string",
            "description": "the response encoding"
          }
        },
        "description": "the target of the finding"
      },
      "vulnerable_resources": {
        "type": "object",
        "properties": {
          "vulnerable_headers": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the header name"
                },
                "direction": {
                  "type": "string",
                  "enum": [
                    "Request",
                    "Response",
                    "Request/Response"
                  ],
                  "description": "the direction of the header"
                }
              }
            },
            "description": "the array of vulnerable headers"
          },
          "expected_headers": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the header name"
                },
                "direction": {
                  "type": "string",
                  "enum": [
                    "Request",
                    "Response",
                    "Request/Response"
                  ],
                  "description": "the direction of the header"
                },
                "value": {
                  "type": "string",
                  "description": "the expected value"
                }
              }
            },
            "description": "the array of expected headers"
          },
          "vulnerable_cookies": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the cookie name"
                }
              }
            },
            "description": "the array of vulnerable cookies"
          },
          "vulnerable_variables": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "uuid": {
                  "type": "string",
                  "description": "the unique identifier of the node"
                },
                "name": {
                  "type": "string",
                  "description": "the variable name"
                },
                "method": {
                  "type": "string",
                  "description": "the HTTP method"
                }
              }
            },
            "description": "the array of vulnerable variables"
          }
        },
        "description": "resources on the vulnerability"
      },
      "command_lines": {
        "type": "array",
        "description": "the command lines to reproduce the finding"
      },
      "highlights": {
        "type": "array",
        "description": "the highlights within the finding"
      }
    }
  }
}

Bad Request - Malformed parameters.

Unauthorized - Invalid API key.

Forbidden - The API key cannot access this functionality.

Not Found - The specified scan profile does not exist or the API cannot access the profile.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

Get findings for report
GET/rest/v2/findings/{scan_profile_token}/{report_token}?severity={severity}&from={start_time}&to={end_time}

Only available for Enterprise plan.

Returns a findings for the report identified by the scan profile token and report token.

The findings can be filtered based on severity and time interval using the from and to parameters. Time interval values must be specified in ISO 8601 format (encoded when containing UTC offset) or Unix time. The call returns at most one thousand findings. Please use filtering if the report contains more. If there are no findings available for the specified arguments, an empty array is returned.

Dates are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

report_token
string (required) Example: 60a0fae258d2c952765e81054929c8e6a6fdbdf77

The report token.

severity
enum (optional) Example: high, medium, low, information

Filters the findings based on the finding severity.

start_time
string (optional) Example: 1516114800

Filters the last updated findings before the specified time.

end_time
string (optional) Example: 1516119398

Filters the findings last updated findings after the specified time.


Get finding for report

GET /rest/v2/findings/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/941c4794-379b-4efd-bccf-21c4f0c034b1/
Requestsexample 1
Headers
Accept: application/json
Accept-Encoding: gzip
Responses200400401403404500502503504

OK - Returned finding.

Headers
Content-Type: application/json
Content-Encoding: gzip
Body
{
  "uuid": "941c4794-379b-4efd-bccf-21c4f0c034b1",
  "report_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "scan_profile_token": "60a0fae258d2c952765e81054929c8e6a6fdbdf77",
  "signature": "52eadaa2-fb97-11e7-8c3f-9a214cf093ae",
  "url": "https://detectify.com/report/5605b488634efe810dff4276e28ca7f9/60a0fae258d2c952765e81054929c8e6a6fdbdf77/941c4794-379b-4efd-bccf-21c4f0c034b1/",
  "found_at": "http://www.example.com/index.html",
  "timestamp": "2018-01-09T06:18:32Z",
  "title": "Cross Site Scripting (XSS)",
  "definition": {
    "uuid": "7fe484a3-0072-43a4-9051-17b02e47e9c8",
    "description": "An attacker can inject JavaScript into the victim's browsers, which will execute under the vulnerable domain.",
    "risk": "An attacker can use this to steal cookies, phishing, tabnabbing etc.",
    "references": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "link": "http://support.detectify.com/customer/en/portal/articles/1711512-cross-site-scripting",
        "name": "REMEDIATION - Detectify Support Center - Cross Site Scripting",
        "source": "Detectify"
      }
    ]
  },
  "score": [
    {
      "version": "2.0",
      "score": "6.4",
      "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"
    }
  ],
  "owasp": [
    {
      "year": "A7",
      "classification": "2017"
    }
  ],
  "details": [
    {
      "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
      "type": "Geography",
      "name": "service_provider_host",
      "value": "59.3293° N, 18.0686° E, Sweden (SE), Stockholms län, Stockholm 117 33"
    }
  ],
  "tags": [
    {
      "type": "Tag New",
      "value": "new"
    }
  ],
  "target": {
    "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
    "type": "Cookie",
    "url": "http://www.example.com/index.html",
    "address": "1.1.1.1",
    "port": 80,
    "name": "SessionId",
    "value": "7jq7ffrpe251o7rh5sapo079p2",
    "domain": "example.com",
    "path": "/",
    "secure": true,
    "httponly": "false",
    "expires": "2018-01-09T09:12:50Z",
    "request_method": "GET",
    "request_version": "1.1",
    "request_headers": [
      {
        "name": "Accept",
        "value": "text/html"
      }
    ],
    "request_body": "...",
    "request_body_base64": false,
    "response_status_code": 200,
    "response_reason_phrase": "OK",
    "response_version": "1.1",
    "response_headers": [
      {
        "name": "Accept",
        "value": "text/html"
      }
    ],
    "response_body": "...",
    "response_body_base64": false,
    "response_encoding": "utf-8"
  },
  "vulnerable_resources": {
    "vulnerable_headers": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "name": "Strict-Transport-Security",
        "direction": "Request"
      }
    ],
    "expected_headers": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "name": "Strict-Transport-Security",
        "direction": "Request",
        "value": "max-age=60000"
      }
    ],
    "vulnerable_cookies": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "name": "SessionId"
      }
    ],
    "vulnerable_variables": [
      {
        "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
        "name": "username",
        "method": "GET"
      }
    ]
  },
  "command_lines": [
    {
      "uuid": "b35da650-b671-45ed-9268-8c374b02f924",
      "unix": "traceroute -m 40 -w 0.5 213.80.101.97",
      "windows": "tracert -h 40 -w 500 213.80.101.97"
    }
  ],
  "highlights": [
    {
      "uuid": "c063bd03-f4eb-4e66-bb22-425f2f90b1d2",
      "field": "url",
      "offset": 7,
      "length": 15
    }
  ]
}
Schema
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
    "uuid": {
      "type": "string",
      "description": "the finding UUID"
    },
    "report_token": {
      "type": "string",
      "description": "the report token"
    },
    "scan_profile_token": {
      "type": "string",
      "description": "the scan profile token"
    },
    "signature": {
      "type": "string",
      "description": "the finding signature"
    },
    "url": {
      "type": "string",
      "description": "the direct URL of the finding"
    },
    "found_at": {
      "type": "string",
      "description": "the URL where the vulnerability was found"
    },
    "timestamp": {
      "type": "string",
      "description": "the time when the vulnerability was found"
    },
    "title": {
      "type": "string",
      "description": "the title of the finding"
    },
    "definition": {
      "type": "object",
      "properties": {
        "uuid": {
          "type": "string",
          "description": "the unique identifier of the node"
        },
        "description": {
          "type": "string",
          "description": "the generic description of the finding"
        },
        "risk": {
          "type": "string",
          "description": "the possible effect of the vulnerability"
        },
        "references": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "link": {
                "type": "string",
                "description": "the URL of the reference"
              },
              "name": {
                "type": "string",
                "description": "the name of the reference"
              },
              "source": {
                "type": "string",
                "description": "the name of the reference source"
              }
            }
          },
          "description": "a collection of references for further reading"
        }
      },
      "description": "generic information about the vulnerability"
    },
    "score": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "version": {
            "type": "string",
            "description": "the CVSS version"
          },
          "score": {
            "type": "string",
            "description": "the CVSS score"
          },
          "vector": {
            "type": "string",
            "description": "the CVSS vector"
          }
        }
      },
      "description": "the CVSS scores of the finding"
    },
    "owasp": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "year": {
            "type": "string",
            "description": "the year of the OWASP classification"
          },
          "classification": {
            "type": "string",
            "description": "the OWASP classification"
          }
        }
      },
      "description": "the OWASP classification of the finding"
    },
    "details": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "uuid": {
            "type": "string",
            "description": "the unique identifier of the node"
          },
          "type": {
            "type": "string",
            "enum": [
              "Geography",
              "Graph",
              "HTML",
              "Image",
              "Markdown",
              "Text",
              "Video"
            ],
            "description": "the type of the detail"
          },
          "name": {
            "type": "string",
            "enum": [
              "service_provider_host",
              "service_provider_name",
              "service_provider_mail",
              "domain_statistics_seed",
              "domain_statistics_dns",
              "domain_statistics_vhost",
              "domain_statistics_crawler",
              "boolean_based_sql_injection"
            ],
            "description": "the name of the detail"
          },
          "value": {
            "type": "string",
            "description": "the value of the detail"
          }
        }
      },
      "description": "detailed information on the finding"
    },
    "tags": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "type": {
            "type": "string",
            "description": "the type of the tag"
          },
          "value": {
            "type": "string",
            "description": "the value of the tag"
          }
        }
      },
      "description": "finding tags"
    },
    "target": {
      "type": "object",
      "properties": {
        "uuid": {
          "type": "string",
          "description": "the unique identifier of the node"
        },
        "type": {
          "type": "string",
          "enum": [
            "Cookie",
            "Domain",
            "HTTP",
            "IP",
            "URL"
          ],
          "description": "the type of the target"
        },
        "url": {
          "type": "string",
          "description": "the target URL (Domain, URL)"
        },
        "address": {
          "type": "string",
          "description": "the domain or IP address (Domain, IP)"
        },
        "port": {
          "type": "number",
          "description": "the port (IP)"
        },
        "name": {
          "type": "string",
          "description": "the cookie name (Cookie)"
        },
        "value": {
          "type": "string",
          "description": "the cookie value (Cookie)"
        },
        "domain": {
          "type": "string",
          "description": "the cookie domain (Cookie)"
        },
        "path": {
          "type": "string",
          "description": "the cookie path (Cookie)"
        },
        "secure": {
          "type": "boolean",
          "description": "indicates whether the cookie is HTTPS only (Cookie)"
        },
        "httponly": {
          "type": "string",
          "description": "indicates whether the cookie is server side only (Cookie)"
        },
        "expires": {
          "type": "string",
          "description": "the date when the cookie expires (Cookie)"
        },
        "request_method": {
          "type": "string",
          "description": "the request method (HTTP)"
        },
        "request_version": {
          "type": "string",
          "description": "the request version (HTTP)"
        },
        "request_headers": {
          "type": "array",
          "description": "the array of request headers (HTTP)"
        },
        "request_body": {
          "type": "string",
          "description": "the request body (HTTP)"
        },
        "request_body_base64": {
          "type": "boolean",
          "description": "indicates whether the request body is BASE64 encoded (HTTP)"
        },
        "response_status_code": {
          "type": "number",
          "description": "the response status code (HTTP)"
        },
        "response_reason_phrase": {
          "type": "string",
          "description": "the response reason phrase (HTTP)"
        },
        "response_version": {
          "type": "string",
          "description": "the response version (HTTP)"
        },
        "response_headers": {
          "type": "array",
          "description": "the array of response headers (HTTP)"
        },
        "response_body": {
          "type": "string",
          "description": "the response body (HTTP)"
        },
        "response_body_base64": {
          "type": "boolean",
          "description": "indicates whether the response body is BASE64 encoded (HTTP)"
        },
        "response_encoding": {
          "type": "string",
          "description": "the response encoding"
        }
      },
      "description": "the target of the finding"
    },
    "vulnerable_resources": {
      "type": "object",
      "properties": {
        "vulnerable_headers": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "name": {
                "type": "string",
                "description": "the header name"
              },
              "direction": {
                "type": "string",
                "enum": [
                  "Request",
                  "Response",
                  "Request/Response"
                ],
                "description": "the direction of the header"
              }
            }
          },
          "description": "the array of vulnerable headers"
        },
        "expected_headers": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "name": {
                "type": "string",
                "description": "the header name"
              },
              "direction": {
                "type": "string",
                "enum": [
                  "Request",
                  "Response",
                  "Request/Response"
                ],
                "description": "the direction of the header"
              },
              "value": {
                "type": "string",
                "description": "the expected value"
              }
            }
          },
          "description": "the array of expected headers"
        },
        "vulnerable_cookies": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "name": {
                "type": "string",
                "description": "the cookie name"
              }
            }
          },
          "description": "the array of vulnerable cookies"
        },
        "vulnerable_variables": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "uuid": {
                "type": "string",
                "description": "the unique identifier of the node"
              },
              "name": {
                "type": "string",
                "description": "the variable name"
              },
              "method": {
                "type": "string",
                "description": "the HTTP method"
              }
            }
          },
          "description": "the array of vulnerable variables"
        }
      },
      "description": "resources on the vulnerability"
    },
    "command_lines": {
      "type": "array",
      "description": "the command lines to reproduce the finding"
    },
    "highlights": {
      "type": "array",
      "description": "the highlights within the finding"
    }
  }
}

Bad Request - Malformed parameters.

Unauthorized - Invalid API key.

Forbidden - The API key cannot access this functionality.

Not Found - The specified finding does not exist or the API cannot access the finding.

Internal Server Error - Indicates an internal error within the Detectify infrastructure. Please try again later.

Bad Gateway - Indicates that the REST API is currently offline, possibly due to an upgrade. Please try again later.

Service Unavailable - Indicates a temporary outage within the Detectify infrastructure. Please try again later.

Gateway Timeout - Indicates that the request could not be processed in time possibility due to overload. Please try again later.

Get finding for report
GET/rest/v2/findings/{scan_profile_token}/{report_token}/{finding_UUID}/

Only available for Enterprise plan.

Returns a single finding identified by the scan profile token, report token and finding UUID.

Dates are in ISO 8601 format, UTC.

URI Parameters
HideShow
scan_profile_token
string (required) Example: 5605b488634efe810dff4276e28ca7f9

The scan profile token.

report_token
string (required) Example: 60a0fae258d2c952765e81054929c8e6a6fdbdf77

The report token.

finding_UUID
string (required) Example: 941c4794-379b-4efd-bccf-21c4f0c034b1

The unique identifier of the finding.