Probely Developers (1.2.0)

Download OpenAPI specification:Download

Probely is a Web Vulnerability Scanning suite for Agile Teams. It provides continuous scanning of your Web Applications and lets you efficiently manage the lifecycle of the vulnerabilities found, in a sleek and intuitive web interface API.

Quick-Start

Authentication

To use the API, you first need to create a token (API Key). To create a token, select a target from the drop-down list, go to the "Settings" page, and click on the "Integrations" tab.

Write a name for the API Key. For example, if you want to use the API Key for travis, you could name it "travis". In this example, we chose "example.com_key"

Creating API key

The API key was created successfully:

API key created

On every request, you need to pass this token in the authorization header, like this:

Authorization: JWT eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJBRlNJQlp
3elFsMDEiLCJ1c2VybmFtZSI6IkNIZ2tkSUROdzV0NSJ9.90UwiPGS2hlvgOLktFU0LfKuatNKm
mEP79u17VnqT9M

WARNING: Treat this token as a password. With this token, you have the power to fully manage the target.

In the following examples, the token will be named as PROBELY_AUTH_TOKEN.

Scan target

First let's view our target list:

curl https://api.probely.com/targets/ \
  -X GET \
  -H "Content-Type: application/json" \
  -H "Authorization: JWT PROBELY_AUTH_TOKEN"

From the results, we need the target id:

{
   "count":1,
   "page_total":1,
   "page":1,
   "length":10,
   "results":[
      {
         "id":"AxtkqTE0v3E-",
         "name":"test-site",
         "desc":"",
         "url":"https://test-site.example.com",
         "settings":
            "(...)"
         ,
         "stack":
            "(...)"
         ,
         "verified":true,
         "(...)": "(...)"
      }
   ]
}

Now we can send a request to start a scan on target id AxtkqTE0v3E-

curl https://api.probely.com/targets/AxtkqTE0v3E-/scan_now/ \
  -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: JWT PROBELY_AUTH_TOKEN"

And we get a response saying that the scan is scheduled: the status is queued, and we've got a scan id:

{
   "changed":"2017-08-01T13:37:00.843339Z",
   "started":null,
   "completed":null,
   "mediums":0,
   "changed_by":
    "(...)"
   ,
   "highs":0,
   "status":"queued",
   "id":"S6dOMPn0SnoH",
   "created_by":
    "(...)"
   ,
   "target":
    "(...)"
   ,
   "created":"2017-08-01T13:37:00.843339Z",
   "lows":0
}

Using the scan id S6dOMPn0SnoH, we can pool the scan status:

curl https://api.probely.com/targets/AxtkqTE0v3E-/scans/S6dOMPn0SnoH/ \
  -X GET \
  -H "Content-Type: application/json" \
  -H "Authorization: JWT PROBELY_AUTH_TOKEN"

And we get a response saying that the scan status is now started:

{
   "id":"S6dOMPn0SnoH",
   "changed":"2017-08-01T13:38:12.623650Z",
   "started":null,
   "completed":null,
   "mediums":0,
   "changed_by":
    "(...)"
   ,
   "highs":0,
   "status":"started",
   "created_by":
    "(...)"
   ,
   "target":
    "(...)"
   ,
   "created":"2017-08-01T13:37:00.843339Z",
   "lows":0
}

The possible statuses are:

Status Name Description
queued Queued The scan is queued to start
started Started The scan is currently running
under_review Under Review The scan is complete but has some findings under review
completed Completed The scan is complete
completed_with_errors Completed with errors The scan is complete even after getting some error(s)
failed Failed The scan failed
canceled Canceled The scan was canceled
canceling Canceling The scan is being canceled

During the scan, the keys "lows", "mediums", and "highs" will be updated with the findings, as they are being found.

After we get either the status completed or completed_with_errors, we can view the findings.

Get vulnerabilities

Using the previous scan id S6dOMPn0SnoH, we can get the scan results:

curl https://api.probely.com/targets/AxtkqTE0v3E-/scans/S6dOMPn0SnoH/ \
  -X GET \
  -H "Content-Type: application/json" \
  -H "Authorization: JWT PROBELY_AUTH_TOKEN"

We get a response saying that the scan status is now completed, and that 45 vulnerabilities were found. 14 low, 11 medium and 20 high:

{
   "id":"S6dOMPn0SnoH",
   "target":
    "(...)"
   ,
   "status":"completed",
   "started":"2017-08-01T13:37:12.623650Z",
   "completed":"2017-08-01T14:17:48.559514Z",
   "lows":14,
   "mediums":11,
   "highs":20,
   "created":"2017-08-01T13:37:00.843339Z",
   "created_by":
    "(...)"
   ,
   "changed":"2017-08-01T14:17:48.559514Z",
   "changed_by":
    "(...)"
}

You can now view the results of this scan, or the target findings.

Let's start with the scan results:

curl https://api.probely.com/targets/AxtkqTE0v3E-/findings/?scan=S6dOMPn0SnoH&page=1 \
  -X GET \
  -H "Content-Type: application/json" \
  -H "Authorization: JWT PROBELY_AUTH_TOKEN"
{
   "count":45,
   "page_total":5,
   "page":1,
   "length":10,
   "results":[
      {
         "id":79,
         "target":
          "(...)"
         ,
         "scans":
          "(...)"
         ,
         "labels":
          "(...)"
         ,
         "fix":"To fix an SQL Injection in PHP, you should use Prepared Statements. Prepared Statements can be thought of as a kind of compiled template for the SQL that an application wants to run, that can be customized using variable parameters.\n\nPHP's PDO extension supports Prepared Statements, so that's probably your best option.\n\nIn the example below you can see the use of prepared statements. Variables ```$username``` and ```$hashedPassword``` come from user input.\n\n```\n$stmt = $dbg->prepare(\"SELECT id, name FROM users\n                       WHERE username=? AND password=?\");\n$stmt->bindParam(1, $username);\n$stmt->bindParam(2, $hashedPassword);\nif ($stmt->execute()) {\n\t$user = $stmt->fetch();\n\tif ($user) {\n\t\t$_SESSION['authID'] = $user['id'];\n\t\techo \"Hello \" . $user['name'];\n\t} else {\n\t\techo \"Invalid Login\";\n\t}\n}\n```  \n\nAs an added bonus, if you're executing the same query several times, then it'll be even faster than when you're not using prepared statements. This is because when using prepared statements, the query needs to be parsed (prepared) only once, but can be executed multiple times with the same or different parameters. \n",
         "requests":[
            {
               "request":"(...)",
               "response":"(...)"
            },
            {
               "request":"(...)",
               "response":"(...)"
            }
         ],
         "evidence":null,
         "extra":"",
         "definition":{
            "id":"xnV8PJVmSoLS",
            "name":"SQL Injection",
            "desc":"SQL Injections are the most common form of injections because SQL databases are very popular in dynamic web applications. This vulnerability allows an attacker to tamper existing SQL queries performed by the web application. Depending on the queries, the attacker might be able to access, modify or even destroy data from the database.\n\nSince databases are commonly used to store private data, such as authentication information, personal user data and site content, if an attacker gains access to it, the consequences are typically very severe, ranging from defacement of the web application to users data leakage or loss, or even full control of the web application or database server.",
         },
         "url":"http://test-site.example.com/login.php",
         "path":"login.php",
         "method":"post",
         "parameter":"username",
         "value":"",
         "params":{
            "username":[
               "probely'"
            ],
            "password":[
               "probely"
            ]
         },
         "reporter":
          "(...)"
         ,
         "assignee":null,
         "state":"notfixed",
         "severity":30,
         "last_found":"2017-08-01T14:03:56.207794Z",
         "changed":"2017-08-01T14:03:56.207794Z",
         "changed_by":
          "(...)"
         ,
         "comment":""
      },
      "(...)"
   ]
}

You can also view all the target findings, which will show all the findings that are not yet fixed. \ The structure is similar to the previous result.

curl https://api.probely.com/targets/AxtkqTE0v3E-/findings/ \
  -X GET \
  -H "Content-Type: application/json" \
  -H "Authorization: JWT PROBELY_AUTH_TOKEN"

Get vulnerability details

You can also get details for a particular finding in a target. \ In this example we will get the details for the same finding as in the previous section:

curl https://api.probely.com/targets/AxtkqTE0v3E-/findings/79/ \
  -X GET \
  -H "Content-Type: application/json" \
  -H "Authorization: JWT PROBELY_AUTH_TOKEN"

This will result on the same information, but just for this particular finding:

{
   "id":79,
   "target":
    "(...)"
   ,
   "scans":
    "(...)"
   ,
   "labels":
    "(...)"
   ,
   "fix":"To fix an SQL Injection in PHP, you shou