Create Target for Discovered Asset

POST 
/discovery/assets/:id/create_target/

Call auditlog tasks if applicable to query.

Request

Path Parameters

id stringrequired

application/json

Body

is_create_and_scan boolean

If true, the target is created, and a scan is automatically started to identify its vulnerabilities.
If false, the target is created without starting a scan.
Defaults to false.

target

object

Target to be created.

site

object

Core settings of the targets.
Includes basic target information (like the name, description, and URL) and scanning information (like the authentication and navigation sequences).

name string

Possible values: <= 255 characters

Name of the target or extra host.
The maximum length is 255 characters.

desc stringnullable

Description of the target.

has_form_login boolean

If true, the target authentication is done through a login form.
Read more about how to set up target authentication (login form).
Defaults to false.

form_login_url uri

URL of the login form of the target.

form_login_check_pattern string

Possible values: <= 255 characters

Pattern to check a successful login.
The maximum length is 255 characters.

form_login

object[]

Field and value pairs to fill the login form.

Array [

name stringrequired

value stringrequired

]

logout_detection_enabled boolean

If true, detects any undesired logouts that may occur during scans to log back in.
Requires check_session_url and logout_detectors to be defined.
Defaults to false.

has_sequence_login boolean

If true, the target authentication is done through a recorded login sequence.
Read more about how to set up target authentication (login sequence).
Defaults to false.

has_basic_auth boolean

If true, the target authentication is done through username and password credentials.
Defaults to false.

basic_auth

object

Username and password credentials for the basic auth.

username stringrequired

Possible values: <= 255 characters

password stringrequired

Possible values: <= 255 characters

headers

object[]

Custom headers to send.

Array [

name stringrequired

value stringrequired

]

cookies

object[]

Custom cookies to send.

Array [

name stringrequired

value stringrequired

]

whitelist

object

Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

property name* any

Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

blacklist

object

URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

property name* any

URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

auth_enabled boolean

If true, the target has authentication.
Defaults to false.

logout_condition string

Possible values: [any, all]

Type of combination of the logout conditions:

• any - Is logged out if any condition is verified.
• all - Is logged out only if all condition are verified.

check_session_url string

URL to check session.

has_otp boolean

If true, the target has two-factor authentication (2FA).
Read more about how to set up target two-factor authentication (2FA).
Defaults to false.

otp_secret string

The seed/secret obtained when the QR code is displayed to be scanned by the third-party authenticator (TPA) app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
Read more about how to set up target two-factor authentication (2FA).

otp_algorithm string

Possible values: [SHA1, SHA256, SHA512]

Default value: SHA1

Secure hash algorithm (SHA) to generate the one-time password (OTP):
(Defaults to SHA1)

• SHA1 - Sha1
• SHA256 - Sha256
• SHA512 - Sha512

otp_digits integer

Possible values: >= -2147483648 and <= 2147483647, [6, 7, 8]

Default value: 6

Number of digits of the one-time password (OTP):
(Defaults to 6)

• 6 - Six
• 7 - Seven
• 8 - Eight

otp_field string

CSS selector of the HTML element in the page to enter the one-time password (OTP).
For example, a text input field. Read more about how to obtain a CSS selector.
Defaults to "".

otp_submit string

CSS selector of the HTML element in the page to submit the one-time password (OTP). For example, a button.
Read more about how to obtain a CSS selector.
Defaults to "".

otp_login_sequence_totp_value string

Possible values: >= 6 characters and <= 8 characters

One-time password (OTP) obtained at the time when the login sequence was recorded, i.e., the time-based one-time password (TOTP).
Defaults to "".

otp_type string

stack string[]

Technologies to consider in the scan.
The scanning engine uses them to fine-tune vulnerability tests and texts about how to fix the vulnerabilities.

api_scan_settings

object

required

Scanning settings if the target is an API.

api_schema_type string

Possible values: [openapi, postman]

Type of schema that defines the API:

• openapi - OpenAPI schema.
• postman - Postman collection.

api_schema_url stringnullable

api_schema_file stringnullable

custom_api_parameters

object[]

Array [

name stringrequired

value stringrequired

]

media_type string

Possible values: [application/json, application/x-www-form-urlencoded]

Format of the payload:

• application/json - The payload is in JSON format in the request body.
• application/x-www-form-urlencoded - The payload is encoded in the request URL.

api_login_url string

Possible values: <= 2048 characters

URL to make the authentication request to the API.
The maximum length is 2048 characters.

api_login_payload string

Possible values: <= 4096 characters

Payload to send in the authentication request.
The maximum length is 4096 characters.

api_login_enabled boolean

api_login_token_field string

Possible values: <= 256 characters

Field containing the authentication token in the response to the authentication request.
The maximum length is 256 characters.

token_prefix string

Possible values: <= 16 characters

Prefix to add to the authentication token.
For example, "Bearer" or "JWT".
The maximum length is 16 characters.

token_parameter_name string

Possible values: <= 256 characters

Parameter name to send the authentication token.
For example, "Authorization".
The maximum length is 256 characters.

token_parameter_location string

Possible values: [cookie, header]

Where to send the parameter name with the authentication token and the prefix:

• cookie - Cookie
• header - Header

scan_profile string

Identifier of the scan profile.

type string

Type of target.
Possible values are "single" for a web application and "api" for an API.
Defaults to "single".

unlimited boolean

If true, the target has unlimited scans.
If false, the target scans consume credits.
Learn more about unlimited scans vs scans with credits.

report_type string

Possible values: [default, executive_summary, owasp, pci, pci4, iso27001, hipaa]

Type of scan report produced for the target:
(Defaults to default)

• default - Standard
• executive_summary - Executive Summary
• owasp - OWASP Top 10
• pci - PCI v3.2.1
• pci4 - PCI v4.0.1
• iso27001 - ISO 27001
• hipaa - HIPAA

report_fileformat string

Possible values: [pdf, docx]

Report format for the target:
(Defaults to pdf)

• pdf - PDF file format.
• docx - DOCX file format.

labels

object[]

Labels of the target.

Array [

name stringrequired

Possible values: <= 255 characters

Name of the label.
The maximum length is 255 characters.

color string

Possible values: Value must match regular expression ^[a-zA-Z0-9#_-]*$

Color of the label, in RGB hexadecimal format prefixed with "#".
For example, "#00FF00" for green.

]

scanning_agent

object

nullable

Scanning agent of the target. Learn more on how to scan internal applications with a scanning agent.

id string

include_deduplicated_endpoints booleannullable

If true, scans include deduplicated endpoints.
If false or null, scans exclude deduplicated endpoints.
A deduplicated endpoint has the same simhash as another scanned endpoint.

teams

object[]

Array [

id string

A unique Base58 value identifying this object.

]

blackout_period

object

Time window during which scans are temporarily interrupted.

begin timerequired

Time of when the blackout period starts, in ISO 8601 UTC format.
For example, "13:27".

cease timerequired

Time of when the blackout period ceases, in ISO 8601 UTC format.
For example, "13:27".

weekdays integer[]required

enabled boolean

If true, the blackout period is enabled.

timezone string

Possible values: <= 64 characters

fail_fast boolean

If true, scans fail on recoverable errors.
If false, scans continue on recoverable errors.
Defaults to true.

incremental boolean

If true, on-demand scans can be incremental to narrow the coverage to new and updated URLs.
Learn more about partial scans.
Defaults to false.

reduced_scope boolean

If true, on-demand scans can have reduced scope to narrow the coverage to defined URLs.
Learn more about partial scans.
Defaults to false.

schedule_incremental boolean

If true, scheduled scans can be incremental to narrow the coverage to new and updated URLs.
Learn more about partial scans.
Defaults to false.

schedule_reduced_scope boolean

If true, scheduled scans can have reduced scope to narrow the coverage to defined URLs.
Learn more about partial scans.
Defaults to false.

crawl_sequences_only boolean

If true, on-demand scans can only crawl navigation sequences to narrow the coverage.
Learn more about partial scans.
Defaults to false.

schedule_crawl_sequences_only boolean

If true, scheduled scans can only crawl navigation sequences to narrow the coverage.
Learn more about partial scans.
Defaults to false.

application/x-www-form-urlencoded

Body

is_create_and_scan boolean

If true, the target is created, and a scan is automatically started to identify its vulnerabilities.
If false, the target is created without starting a scan.
Defaults to false.

target

object

Target to be created.

site

object

Core settings of the targets.
Includes basic target information (like the name, description, and URL) and scanning information (like the authentication and navigation sequences).

name string

Possible values: <= 255 characters

Name of the target or extra host.
The maximum length is 255 characters.

desc stringnullable

Description of the target.

has_form_login boolean

If true, the target authentication is done through a login form.
Read more about how to set up target authentication (login form).
Defaults to false.

form_login_url uri

URL of the login form of the target.

form_login_check_pattern string

Possible values: <= 255 characters

Pattern to check a successful login.
The maximum length is 255 characters.

form_login

object[]

Field and value pairs to fill the login form.

Array [

name stringrequired

value stringrequired

]

logout_detection_enabled boolean

If true, detects any undesired logouts that may occur during scans to log back in.
Requires check_session_url and logout_detectors to be defined.
Defaults to false.

has_sequence_login boolean

If true, the target authentication is done through a recorded login sequence.
Read more about how to set up target authentication (login sequence).
Defaults to false.

has_basic_auth boolean

If true, the target authentication is done through username and password credentials.
Defaults to false.

basic_auth

object

Username and password credentials for the basic auth.

username stringrequired

Possible values: <= 255 characters

password stringrequired

Possible values: <= 255 characters

headers

object[]

Custom headers to send.

Array [

name stringrequired

value stringrequired

]

cookies

object[]

Custom cookies to send.

Array [

name stringrequired

value stringrequired

]

whitelist

object

Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

property name* any

Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

blacklist

object

URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

property name* any

URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

auth_enabled boolean

If true, the target has authentication.
Defaults to false.

logout_condition string

Possible values: [any, all]

Type of combination of the logout conditions:

• any - Is logged out if any condition is verified.
• all - Is logged out only if all condition are verified.

check_session_url string

URL to check session.

has_otp boolean

If true, the target has two-factor authentication (2FA).
Read more about how to set up target two-factor authentication (2FA).
Defaults to false.

otp_secret string

The seed/secret obtained when the QR code is displayed to be scanned by the third-party authenticator (TPA) app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
Read more about how to set up target two-factor authentication (2FA).

otp_algorithm string

Possible values: [SHA1, SHA256, SHA512]

Default value: SHA1

Secure hash algorithm (SHA) to generate the one-time password (OTP):
(Defaults to SHA1)

• SHA1 - Sha1
• SHA256 - Sha256
• SHA512 - Sha512

otp_digits integer

Possible values: >= -2147483648 and <= 2147483647, [6, 7, 8]

Default value: 6

Number of digits of the one-time password (OTP):
(Defaults to 6)

• 6 - Six
• 7 - Seven
• 8 - Eight

otp_field string

CSS selector of the HTML element in the page to enter the one-time password (OTP).
For example, a text input field. Read more about how to obtain a CSS selector.
Defaults to "".

otp_submit string

CSS selector of the HTML element in the page to submit the one-time password (OTP). For example, a button.
Read more about how to obtain a CSS selector.
Defaults to "".

otp_login_sequence_totp_value string

Possible values: >= 6 characters and <= 8 characters

One-time password (OTP) obtained at the time when the login sequence was recorded, i.e., the time-based one-time password (TOTP).
Defaults to "".

otp_type string

stack string[]

Technologies to consider in the scan.
The scanning engine uses them to fine-tune vulnerability tests and texts about how to fix the vulnerabilities.

api_scan_settings

object

required

Scanning settings if the target is an API.

api_schema_type string

Possible values: [openapi, postman]

Type of schema that defines the API:

• openapi - OpenAPI schema.
• postman - Postman collection.

api_schema_url stringnullable

api_schema_file stringnullable

custom_api_parameters

object[]

Array [

name stringrequired

value stringrequired

]

media_type string

Possible values: [application/json, application/x-www-form-urlencoded]

Format of the payload:

• application/json - The payload is in JSON format in the request body.
• application/x-www-form-urlencoded - The payload is encoded in the request URL.

api_login_url string

Possible values: <= 2048 characters

URL to make the authentication request to the API.
The maximum length is 2048 characters.

api_login_payload string

Possible values: <= 4096 characters

Payload to send in the authentication request.
The maximum length is 4096 characters.

api_login_enabled boolean

api_login_token_field string

Possible values: <= 256 characters

Field containing the authentication token in the response to the authentication request.
The maximum length is 256 characters.

token_prefix string

Possible values: <= 16 characters

Prefix to add to the authentication token.
For example, "Bearer" or "JWT".
The maximum length is 16 characters.

token_parameter_name string

Possible values: <= 256 characters

Parameter name to send the authentication token.
For example, "Authorization".
The maximum length is 256 characters.

token_parameter_location string

Possible values: [cookie, header]

Where to send the parameter name with the authentication token and the prefix:

• cookie - Cookie
• header - Header

scan_profile string

Identifier of the scan profile.

type string

Type of target.
Possible values are "single" for a web application and "api" for an API.
Defaults to "single".

unlimited boolean

If true, the target has unlimited scans.
If false, the target scans consume credits.
Learn more about unlimited scans vs scans with credits.

report_type string

Possible values: [default, executive_summary, owasp, pci, pci4, iso27001, hipaa]

Type of scan report produced for the target:
(Defaults to default)

• default - Standard
• executive_summary - Executive Summary
• owasp - OWASP Top 10
• pci - PCI v3.2.1
• pci4 - PCI v4.0.1
• iso27001 - ISO 27001
• hipaa - HIPAA

report_fileformat string

Possible values: [pdf, docx]

Report format for the target:
(Defaults to pdf)

• pdf - PDF file format.
• docx - DOCX file format.

labels

object[]

Labels of the target.

Array [

name stringrequired

Possible values: <= 255 characters

Name of the label.
The maximum length is 255 characters.

color string

Possible values: Value must match regular expression ^[a-zA-Z0-9#_-]*$

Color of the label, in RGB hexadecimal format prefixed with "#".
For example, "#00FF00" for green.

]

scanning_agent

object

nullable

Scanning agent of the target. Learn more on how to scan internal applications with a scanning agent.

id string

include_deduplicated_endpoints booleannullable

If true, scans include deduplicated endpoints.
If false or null, scans exclude deduplicated endpoints.
A deduplicated endpoint has the same simhash as another scanned endpoint.

teams

object[]

Array [

id string

A unique Base58 value identifying this object.

]

blackout_period

object

Time window during which scans are temporarily interrupted.

begin timerequired

Time of when the blackout period starts, in ISO 8601 UTC format.
For example, "13:27".

cease timerequired

Time of when the blackout period ceases, in ISO 8601 UTC format.
For example, "13:27".

weekdays integer[]required

enabled boolean

If true, the blackout period is enabled.

timezone string

Possible values: <= 64 characters

fail_fast boolean

If true, scans fail on recoverable errors.
If false, scans continue on recoverable errors.
Defaults to true.

incremental boolean

If true, on-demand scans can be incremental to narrow the coverage to new and updated URLs.
Learn more about partial scans.
Defaults to false.

reduced_scope boolean

If true, on-demand scans can have reduced scope to narrow the coverage to defined URLs.
Learn more about partial scans.
Defaults to false.

schedule_incremental boolean

If true, scheduled scans can be incremental to narrow the coverage to new and updated URLs.
Learn more about partial scans.
Defaults to false.

schedule_reduced_scope boolean

If true, scheduled scans can have reduced scope to narrow the coverage to defined URLs.
Learn more about partial scans.
Defaults to false.

crawl_sequences_only boolean

If true, on-demand scans can only crawl navigation sequences to narrow the coverage.
Learn more about partial scans.
Defaults to false.

schedule_crawl_sequences_only boolean

If true, scheduled scans can only crawl navigation sequences to narrow the coverage.
Learn more about partial scans.
Defaults to false.

multipart/form-data

Body

is_create_and_scan boolean

If true, the target is created, and a scan is automatically started to identify its vulnerabilities.
If false, the target is created without starting a scan.
Defaults to false.

target

object

Target to be created.

site

object

Core settings of the targets.
Includes basic target information (like the name, description, and URL) and scanning information (like the authentication and navigation sequences).

name string

Possible values: <= 255 characters

Name of the target or extra host.
The maximum length is 255 characters.

desc stringnullable

Description of the target.

has_form_login boolean

If true, the target authentication is done through a login form.
Read more about how to set up target authentication (login form).
Defaults to false.

form_login_url uri

URL of the login form of the target.

form_login_check_pattern string

Possible values: <= 255 characters

Pattern to check a successful login.
The maximum length is 255 characters.

form_login

object[]

Field and value pairs to fill the login form.

Array [

name stringrequired

value stringrequired

]

logout_detection_enabled boolean

If true, detects any undesired logouts that may occur during scans to log back in.
Requires check_session_url and logout_detectors to be defined.
Defaults to false.

has_sequence_login boolean

If true, the target authentication is done through a recorded login sequence.
Read more about how to set up target authentication (login sequence).
Defaults to false.

has_basic_auth boolean

If true, the target authentication is done through username and password credentials.
Defaults to false.

basic_auth

object

Username and password credentials for the basic auth.

username stringrequired

Possible values: <= 255 characters

password stringrequired

Possible values: <= 255 characters

headers

object[]

Custom headers to send.

Array [

name stringrequired

value stringrequired

]

cookies

object[]

Custom cookies to send.

Array [

name stringrequired

value stringrequired

]

whitelist

object

Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

property name* any

Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

blacklist

object

URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

property name* any

URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

auth_enabled boolean

If true, the target has authentication.
Defaults to false.

logout_condition string

Possible values: [any, all]

Type of combination of the logout conditions:

• any - Is logged out if any condition is verified.
• all - Is logged out only if all condition are verified.

check_session_url string

URL to check session.

has_otp boolean

If true, the target has two-factor authentication (2FA).
Read more about how to set up target two-factor authentication (2FA).
Defaults to false.

otp_secret string

The seed/secret obtained when the QR code is displayed to be scanned by the third-party authenticator (TPA) app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
Read more about how to set up target two-factor authentication (2FA).

otp_algorithm string

Possible values: [SHA1, SHA256, SHA512]

Default value: SHA1

Secure hash algorithm (SHA) to generate the one-time password (OTP):
(Defaults to SHA1)

• SHA1 - Sha1
• SHA256 - Sha256
• SHA512 - Sha512

otp_digits integer

Possible values: >= -2147483648 and <= 2147483647, [6, 7, 8]

Default value: 6

Number of digits of the one-time password (OTP):
(Defaults to 6)

• 6 - Six
• 7 - Seven
• 8 - Eight

otp_field string

CSS selector of the HTML element in the page to enter the one-time password (OTP).
For example, a text input field. Read more about how to obtain a CSS selector.
Defaults to "".

otp_submit string

CSS selector of the HTML element in the page to submit the one-time password (OTP). For example, a button.
Read more about how to obtain a CSS selector.
Defaults to "".

otp_login_sequence_totp_value string

Possible values: >= 6 characters and <= 8 characters

One-time password (OTP) obtained at the time when the login sequence was recorded, i.e., the time-based one-time password (TOTP).
Defaults to "".

otp_type string

stack string[]

Technologies to consider in the scan.
The scanning engine uses them to fine-tune vulnerability tests and texts about how to fix the vulnerabilities.

api_scan_settings

object

required

Scanning settings if the target is an API.

api_schema_type string

Possible values: [openapi, postman]

Type of schema that defines the API:

• openapi - OpenAPI schema.
• postman - Postman collection.

api_schema_url stringnullable

api_schema_file stringnullable

custom_api_parameters

object[]

Array [

name stringrequired

value stringrequired

]

media_type string

Possible values: [application/json, application/x-www-form-urlencoded]

Format of the payload:

• application/json - The payload is in JSON format in the request body.
• application/x-www-form-urlencoded - The payload is encoded in the request URL.

api_login_url string

Possible values: <= 2048 characters

URL to make the authentication request to the API.
The maximum length is 2048 characters.

api_login_payload string

Possible values: <= 4096 characters

Payload to send in the authentication request.
The maximum length is 4096 characters.

api_login_enabled boolean

api_login_token_field string

Possible values: <= 256 characters

Field containing the authentication token in the response to the authentication request.
The maximum length is 256 characters.

token_prefix string

Possible values: <= 16 characters

Prefix to add to the authentication token.
For example, "Bearer" or "JWT".
The maximum length is 16 characters.

token_parameter_name string

Possible values: <= 256 characters

Parameter name to send the authentication token.
For example, "Authorization".
The maximum length is 256 characters.

token_parameter_location string

Possible values: [cookie, header]

Where to send the parameter name with the authentication token and the prefix:

• cookie - Cookie
• header - Header

scan_profile string

Identifier of the scan profile.

type string

Type of target.
Possible values are "single" for a web application and "api" for an API.
Defaults to "single".

unlimited boolean

If true, the target has unlimited scans.
If false, the target scans consume credits.
Learn more about unlimited scans vs scans with credits.

report_type string

Possible values: [default, executive_summary, owasp, pci, pci4, iso27001, hipaa]

Type of scan report produced for the target:
(Defaults to default)

• default - Standard
• executive_summary - Executive Summary
• owasp - OWASP Top 10
• pci - PCI v3.2.1
• pci4 - PCI v4.0.1
• iso27001 - ISO 27001
• hipaa - HIPAA

report_fileformat string

Possible values: [pdf, docx]

Report format for the target:
(Defaults to pdf)

• pdf - PDF file format.
• docx - DOCX file format.

labels

object[]

Labels of the target.

Array [

name stringrequired

Possible values: <= 255 characters

Name of the label.
The maximum length is 255 characters.

color string

Possible values: Value must match regular expression ^[a-zA-Z0-9#_-]*$

Color of the label, in RGB hexadecimal format prefixed with "#".
For example, "#00FF00" for green.

]

scanning_agent

object

nullable

Scanning agent of the target. Learn more on how to scan internal applications with a scanning agent.

id string

include_deduplicated_endpoints booleannullable

If true, scans include deduplicated endpoints.
If false or null, scans exclude deduplicated endpoints.
A deduplicated endpoint has the same simhash as another scanned endpoint.

teams

object[]

Array [

id string

A unique Base58 value identifying this object.

]

blackout_period

object

Time window during which scans are temporarily interrupted.

begin timerequired

Time of when the blackout period starts, in ISO 8601 UTC format.
For example, "13:27".

cease timerequired

Time of when the blackout period ceases, in ISO 8601 UTC format.
For example, "13:27".

weekdays integer[]required

enabled boolean

If true, the blackout period is enabled.

timezone string

Possible values: <= 64 characters

fail_fast boolean

If true, scans fail on recoverable errors.
If false, scans continue on recoverable errors.
Defaults to true.

incremental boolean

If true, on-demand scans can be incremental to narrow the coverage to new and updated URLs.
Learn more about partial scans.
Defaults to false.

reduced_scope boolean

If true, on-demand scans can have reduced scope to narrow the coverage to defined URLs.
Learn more about partial scans.
Defaults to false.

schedule_incremental boolean

If true, scheduled scans can be incremental to narrow the coverage to new and updated URLs.
Learn more about partial scans.
Defaults to false.

schedule_reduced_scope boolean

If true, scheduled scans can have reduced scope to narrow the coverage to defined URLs.
Learn more about partial scans.
Defaults to false.

crawl_sequences_only boolean

If true, on-demand scans can only crawl navigation sequences to narrow the coverage.
Learn more about partial scans.
Defaults to false.

schedule_crawl_sequences_only boolean

If true, scheduled scans can only crawl navigation sequences to narrow the coverage.
Learn more about partial scans.
Defaults to false.

Responses

200

application/json

Schema

Schema

target

object

required

id stringrequired

A unique Base58 value identifying this object.

site

object

required

Core settings of the target.
Includes basic target information (like the name, description, and URL) and scanning information (like the authentication and navigation sequences).

id string

A unique Base58 value identifying this object.

name string

Possible values: <= 255 characters

Name of the target or extra host.
The maximum length is 255 characters.

desc stringnullable

Description of the target.

url uri

URL of the target.

host string

Hostname of the target.

has_form_login boolean

If true, the target authentication is done through a login form.
Read more about how to set up target authentication (login form).
Defaults to false.

form_login_url uri

URL of the login form of the target.

form_login_check_pattern string

Possible values: <= 255 characters

Pattern to check a successful login.
The maximum length is 255 characters.

form_login

object[]

Field and value pairs to fill the login form.

Array [

name stringrequired

value stringrequired

]

logout_detection_enabled boolean

If true, detects any undesired logouts that may occur during scans to log back in.
Requires check_session_url and logout_detectors to be defined.
Defaults to false.

has_sequence_login boolean

If true, the target authentication is done through a recorded login sequence.
Read more about how to set up target authentication (login sequence).
Defaults to false.

has_sequence_navigation boolean

has_basic_auth boolean

If true, the target authentication is done through username and password credentials.
Defaults to false.

basic_auth

object

Username and password credentials for the basic auth.

username stringrequired

Possible values: <= 255 characters

password stringrequired

Possible values: <= 255 characters

headers

object[]

Custom headers to send.

Array [

name stringrequired

value stringrequired

]

cookies

object[]

Custom cookies to send.

Array [

name stringrequired

value stringrequired

]

whitelist

object

Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

property name* any

Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

blacklist

object

URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

property name* any

URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

changed date-time

Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".

changed_by

object

User who last made changes.

id stringrequired

A unique Base58 value identifying this object.

email email

Possible values: <= 254 characters

Email of the user.

name stringrequired

Possible values: <= 60 characters

Name of the user.

auth_enabled boolean

If true, the target has authentication.
Defaults to false.

logout_condition string

Possible values: [any, all]

Type of combination of the logout conditions:

• any - Is logged out if any condition is verified.
• all - Is logged out only if all condition are verified.

check_session_url string

URL to check session.

has_otp boolean

If true, the target has two-factor authentication (2FA).
Read more about how to set up target two-factor authentication (2FA).
Defaults to false.

otp_secret string

The seed/secret obtained when the QR code is displayed to be scanned by the third-party authenticator (TPA) app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
Read more about how to set up target two-factor authentication (2FA).

otp_algorithm string

Possible values: [SHA1, SHA256, SHA512]

Default value: SHA1

Secure hash algorithm (SHA) to generate the one-time password (OTP):
(Defaults to SHA1)

• SHA1 - Sha1
• SHA256 - Sha256
• SHA512 - Sha512

otp_digits integer

Possible values: >= -2147483648 and <= 2147483647, [6, 7, 8]

Default value: 6

Number of digits of the one-time password (OTP):
(Defaults to 6)

• 6 - Six
• 7 - Seven
• 8 - Eight

otp_field string

CSS selector of the HTML element in the page to enter the one-time password (OTP).
For example, a text input field. Read more about how to obtain a CSS selector.
Defaults to "".

otp_submit string

CSS selector of the HTML element in the page to submit the one-time password (OTP). For example, a button.
Read more about how to obtain a CSS selector.
Defaults to "".

otp_login_sequence_totp_value string

Possible values: >= 6 characters and <= 8 characters

One-time password (OTP) obtained at the time when the login sequence was recorded, i.e., the time-based one-time password (TOTP).
Defaults to "".

otp_type string

otp_url string

stack

object[]

Technologies identified in the target during scans.
The scanning engine uses them to fine-tune vulnerability tests and improve the explanation of how to fix vulnerabilities.

Array [

id stringrequired

A unique Base58 value identifying this object.

name Framework Name (string)required

Possible values: <= 255 characters

Name of the technology.
For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
The maximum lenght is 255 characters.

desc Framework Description (string)nullablerequired

Description of the technology.
Defaults to "".

]

verified boolean

If true, the domain is verified. Read-only.

verification_token string

Token used to verify the domain. Read-only.

verification_date date-time

Date and time of the verification of the domain, in ISO 8601 UTC format. For example, "2023-08-09T13:27:43.8208302". Read-only.

verification_method string

Possible values: [file, back_office, existing_domain, dns_txt, dns, dns_cname, meta_tag, whitelist, email, aws_route53, cloudflare, waved]

Method used in the domain verification:

• file - Verifies the domain against a text file in the root directory of the website. Learn more in this article.

• back_office - Automatically set if manually verified in the back-office. Read-only.

• existing_domain - Automatically set if the upper-level domain is verified. For example, "my.example.com" is automatically verified if "example.com" is verified. Read-only.

• dns_txt - Verifies the domain against a TXT record in the Domain Name System (DNS). Learn more in this article.

• dns - Same as dns_txt.

• dns_cname - Verifies the domain against a CNAME record in the Domain Name System (DNS). Learn more in this article.

• meta_tag - Verifies the domain against a meta tag in the index page of the website. Learn more in this article.

• whitelist - Automatically verifies if the domain is in the whitelist

• email - Automatically verifies a domain if the user's email is in the same domain as the target

• aws_route53 - Automatically verifies a domain if the hostname exists as an AWS Route53 Zone.

• cloudflare - Automatically verifies a domain if the host name exists and is verified as a CloudflareZone.

• waved - Automatically verifies a domain if there is a waver agreement.

verification_last_error string

Error of the last verification of the domain. Read-only.

api_scan_settings

object

Scanning settings if the target is an API.

api_schema_type string

Possible values: [openapi, postman]

Type of schema that defines the API:

• openapi - OpenAPI schema.
• postman - Postman collection.

api_schema_url stringnullable

api_schema_file stringnullable

custom_api_parameters

object[]

Array [

name stringrequired

value stringrequired

]

media_type string

Possible values: [application/json, application/x-www-form-urlencoded]

Format of the payload:

• application/json - The payload is in JSON format in the request body.
• application/x-www-form-urlencoded - The payload is encoded in the request URL.

api_login_url string

Possible values: <= 2048 characters

URL to make the authentication request to the API.
The maximum length is 2048 characters.

api_login_payload string

Possible values: <= 4096 characters

Payload to send in the authentication request.
The maximum length is 4096 characters.

api_login_enabled boolean

api_login_token_field string

Possible values: <= 256 characters

Field containing the authentication token in the response to the authentication request.
The maximum length is 256 characters.

token_prefix string

Possible values: <= 16 characters

Prefix to add to the authentication token.
For example, "Bearer" or "JWT".
The maximum length is 16 characters.

token_parameter_name string

Possible values: <= 256 characters

Parameter name to send the authentication token.
For example, "Authorization".
The maximum length is 256 characters.

token_parameter_location string

Possible values: [cookie, header]

Where to send the parameter name with the authentication token and the prefix:

• cookie - Cookie
• header - Header

lows integernullablerequired

Number of unresolved vulnerability findings with low severity.

mediums integernullablerequired

Number of unresolved vulnerability findings with medium severity.

highs integernullablerequired

Number of unresoved vulnerability findings with high severity.

risk integernullablerequired

last_scan

object

required

Last scan done for the target.

id stringrequired

A unique Base58 value identifying this object.

status stringrequired

Possible values: [canceled, canceling, completed, completed_with_errors, failed, paused, pausing, queued, resuming, started, under_review, finishing_up]

Status of the scan:

• canceled - Canceled
• canceling - Canceling
• completed - Completed
• completed_with_errors - Completed with errors - DEPRECATED
• failed - Failed
• paused - Paused
• pausing - Pausing
• queued - Queued
• resuming - Resuming
• started - Started
• under_review - Under Review
• finishing_up - Finishing up

started date-timenullablerequired

Date and time of when the scan started.

completed date-timenullablerequired

Date and time of when the scan was completed.

scan_profile stringrequired

Identifier of the scan profile.

lows integernullablerequired

Number of vulnerability findings with low severity.

mediums integernullablerequired

Number of vulnerability findings with medium severity.

highs integernullablerequired

Number of vulnerability findings with high severity.

created date-timerequired

running_scan

object

required

Current scan running for the target.

id stringrequired

A unique Base58 value identifying this object.

status stringrequired

Possible values: [canceled, canceling, completed, completed_with_errors, failed, paused, pausing, queued, resuming, started, under_review, finishing_up]

Status of the scan:

• canceled - Canceled
• canceling - Canceling
• completed - Completed
• completed_with_errors - Completed with errors - DEPRECATED
• failed - Failed
• paused - Paused
• pausing - Pausing
• queued - Queued
• resuming - Resuming
• started - Started
• under_review - Under Review
• finishing_up - Finishing up

started date-timenullablerequired

Date and time of when the scan started.

completed date-timenullablerequired

Date and time of when the scan was completed.

scan_profile stringrequired

Identifier of the scan profile.

lows integernullablerequired

Number of vulnerability findings with low severity.

mediums integernullablerequired

Number of vulnerability findings with medium severity.

highs integernullablerequired

Number of vulnerability findings with high severity.

created date-timerequired

crawler

object

Status of the crawler.

state stringrequired

State of the crawler execution.
For example, "started" or "ended".

status string[]required

List with two numbers where the first is the crawled URLs and the second is the total of URLs to crawl.

warning

object[]

required

List of warnings occurred during the crawler execution.

Array [

code stringrequired

Warning code.

message stringrequired

Warning message.

]

error

object[]

required

List of errors occurred during the crawler execution.

Array [

code stringrequired

message stringrequired

]

full_status

object

required

Detailed information on the crawler execution.

type stringrequired

Type of information.
The value is "feedback".

iid uuidrequired

Internal information.

aid uuidrequired

Internal information.

ts stringrequired

Timestamp of the crawler execution.

subtype stringrequired

Sub-type of the type of information.
The value is "status".

stage stringrequired

Stage of the scan.
The value is "crawler".

module stringrequired

Module of the crawler that is executing.

data

object

required

Further details on the crawler execution.

type stringrequired

Type of information.
The value is "feedback".

countTimeoutEndpoints integerrequired

Number of requests with timeouts during the crawler execution.

countLoginFailed integerrequired

Number of failed login attempts during the crawler execution.

version integerrequired

Version number.

countNetworkErrorEndpoints integerrequired

Number of network errors during the crawler execution.

doingLogin booleanrequired

If true, the crawler is currently trying to log in to the target.

done integerrequired

Number of URLs crawled.

rejected integerrequired

Number of URLs deduplicated during the crawler execution.

total integerrequired

Total number of URLs to crawl.

allExtraHosts string[]required

List of extra hosts.

crawlingEndpoints string[]required

List of URLs currently being crawled.

lastLogin

object[]

required

List of the last logins.

Array [

status stringrequired

Status of the login attempt.

timestamp integerrequired

Timestamp of the login attempt.

]

status

object

required

List of HTTP response codes obtained during the crawler execution and how many of each.

property name* any

List of HTTP response codes obtained during the crawler execution and how many of each.

outOfScopeHostsCount

object

required

List of URLs out of the target's scope and the number of times the crawler hit them.

property name* any

List of URLs out of the target's scope and the number of times the crawler hit them.

allHostnames

object

required

List of all hostnames to crawl.

property name* any

List of all hostnames to crawl.

lastCrawledEndpoints

object[]

required

List of the last crawled URLs.

Array [

jobId integerrequired

Identifier of the crawler job.

status integerrequired

HTTP response status code for the crawler request.

method stringrequired

HTTP method of the crawler request.

url urirequired

URL of the crawler request.

]

statusByHost

object

required

List of HTTP response codes obtained during the crawler execution and how many of each, grouped by hostname.

property name* any

List of HTTP response codes obtained during the crawler execution and how many of each, grouped by hostname.

fingerprinter

object

Status of the fingerprinter.

state stringrequired

State of the fingerprinter execution.
For example, "started" or "ended".

count integerrequired

Number of technologies (frameworks) detected by the fingerprinter.

warning string[]required

List of warnings occurred during the fingerprinter execution.

error string[]required

List of errors occurred during the fingerprinter execution.

scanner

object

Status of the scanner.

state stringrequired

State of the scanner execution.
For example, "started" or "ended".

status string[]required

List with two numbers where the first is the scanned URLs and the second is the total of URLs to scan.

warning

object[]

required

List of warnings occurred during the scanner execution.

Array [

code stringrequired

Warning code.

message stringrequired

Warning message.

]

error string[]required

List of errors occurred during the scanner execution.

full_status

object

required

Detailed information on the scanner execution.

type stringrequired

Type of information.
The value is "feedback".

iid uuidrequired

Internal information.

aid uuidrequired

Internal information.

ts stringrequired

Timestamp of the scanner execution.

subtype stringrequired

Sub-type of the type of information.
The value is "status".

stage stringrequired

Stage of the scan.
The value is "scanner".

module stringrequired

Module of the scanner that is executing.

data

object

required

Further details on the scanner execution.

done integerrequired

Number of URLs scanned.

total integerrequired

Total number of URLs to scan.

scannerState

object

required

Details on the scanner state.

numberOfRequestBeingScanned integerrequired

Number of scanner requests executing.

currentAverageRtt doublerequired

Current average response time to scanner requests.

averageRtt doublerequired

Overall average response time to scanner requests.

nStatus3xx stringrequired

Number of HTTP 3XX response status codes during the scanner execution.

nStatus4xx stringrequired

Number of HTTP 4XX response status codes during the scanner execution.

nStatus5xx stringrequired

Number of HTTP 5XX response status codes during the scanner execution.

nConnectionErrors stringrequired

Number of connection errors during the scanner execution.

nTimeouts stringrequired

Number of request timeouts during the scanner execution.

nRequests stringrequired

Number of requests executed by the scanner.

sampleOfRequestBeingScanned

object

required

List of the current scanner requests.

httpMethod stringrequired

HTTP method of the scanner request.

url urirequired

URL of the scanner request.

stack

object[]

Technologies found in the scan.
The scanning engine uses them to fine-tune vulnerability tests and texts about how to fix the vulnerabilities.

Array [

id stringrequired

A unique Base58 value identifying this object.

name Framework Name (string)required

Possible values: <= 255 characters

Name of the technology.
For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
The maximum lenght is 255 characters.

desc Framework Description (string)nullablerequired

Description of the technology.
Defaults to "".

]

next_scan

object

required

Next scheduled scan for the target.

id stringrequired

A unique Base58 value identifying this object.

target

object

required

id stringrequired

name stringdeprecated

Possible values: <= 255 characters

Name of the target.
The maximum length is 255 characters.

site

object

Core settings of the target.
Includes basic target information (like the name, description, and URL) and scanning information (like the authentication and navigation sequences).

id stringrequired

A unique Base58 value identifying this object.

name string

Possible values: <= 255 characters

Name of the target or extra host.
The maximum length is 255 characters.

desc stringnullable

Description of the target.

url urirequired

URL of the target.

host stringrequired

Hostname of the target.

has_form_login boolean

If true, the target authentication is done through a login form.
Read more about how to set up target authentication (login form).
Defaults to false.

form_login_url uri

URL of the login form of the target.

form_login_check_pattern string

Possible values: <= 255 characters

Pattern to check a successful login.
The maximum length is 255 characters.

form_login

object[]

Field and value pairs to fill the login form.

Array [

name stringrequired

value stringrequired

]

logout_detection_enabled boolean

If true, detects any undesired logouts that may occur during scans to log back in.
Requires check_session_url and logout_detectors to be defined.
Defaults to false.

has_sequence_login boolean

If true, the target authentication is done through a recorded login sequence.
Read more about how to set up target authentication (login sequence).
Defaults to false.

has_sequence_navigation booleanrequired

has_basic_auth boolean

If true, the target authentication is done through username and password credentials.
Defaults to false.

basic_auth

object

Username and password credentials for the basic auth.

username stringrequired

Possible values: <= 255 characters

password stringrequired

Possible values: <= 255 characters

headers

object[]

Custom headers to send.

Array [

name stringrequired

value stringrequired

]

cookies

object[]

Custom cookies to send.

Array [

name stringrequired

value stringrequired

]

whitelist

object

Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

property name* any

Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

blacklist

object

URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

property name* any

URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

changed date-timerequired

Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".

changed_by

object

required

User who last made changes.

id stringrequired

A unique Base58 value identifying this object.

email email

Possible values: <= 254 characters

Email of the user.

name stringrequired

Possible values: <= 60 characters

Name of the user.

auth_enabled boolean

If true, the target has authentication.
Defaults to false.

logout_condition string

Possible values: [any, all]

Type of combination of the logout conditions:

• any - Is logged out if any condition is verified.
• all - Is logged out only if all condition are verified.

check_session_url string

URL to check session.

has_otp boolean

If true, the target has two-factor authentication (2FA).
Read more about how to set up target two-factor authentication (2FA).
Defaults to false.

otp_secret string

The seed/secret obtained when the QR code is displayed to be scanned by the third-party authenticator (TPA) app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
Read more about how to set up target two-factor authentication (2FA).

otp_algorithm string

Possible values: [SHA1, SHA256, SHA512]

Default value: SHA1

Secure hash algorithm (SHA) to generate the one-time password (OTP):
(Defaults to SHA1)

• SHA1 - Sha1
• SHA256 - Sha256
• SHA512 - Sha512

otp_digits integer

Possible values: >= -2147483648 and <= 2147483647, [6, 7, 8]

Default value: 6

Number of digits of the one-time password (OTP):
(Defaults to 6)

• 6 - Six
• 7 - Seven
• 8 - Eight

otp_field string

CSS selector of the HTML element in the page to enter the one-time password (OTP).
For example, a text input field. Read more about how to obtain a CSS selector.
Defaults to "".

otp_submit string

CSS selector of the HTML element in the page to submit the one-time password (OTP). For example, a button.
Read more about how to obtain a CSS selector.
Defaults to "".

otp_login_sequence_totp_value string

Possible values: >= 6 characters and <= 8 characters

One-time password (OTP) obtained at the time when the login sequence was recorded, i.e., the time-based one-time password (TOTP).
Defaults to "".

otp_type string

otp_url stringrequired

stack

object[]

Technologies identified in the target during scans.
The scanning engine uses them to fine-tune vulnerability tests and improve the explanation of how to fix vulnerabilities.

Array [

id stringrequired

A unique Base58 value identifying this object.

name Framework Name (string)required

Possible values: <= 255 characters

Name of the technology.
For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
The maximum lenght is 255 characters.

desc Framework Description (string)nullablerequired

Description of the technology.
Defaults to "".

]

verified booleanrequired

If true, the domain is verified. Read-only.

verification_token stringrequired

Token used to verify the domain. Read-only.

verification_date date-timerequired

Date and time of the verification of the domain, in ISO 8601 UTC format. For example, "2023-08-09T13:27:43.8208302". Read-only.

verification_method stringrequired

Possible values: [file, back_office, existing_domain, dns_txt, dns, dns_cname, meta_tag, whitelist, email, aws_route53, cloudflare, waved]

Method used in the domain verification:

• file - Verifies the domain against a text file in the root directory of the website. Learn more in this article.

• back_office - Automatically set if manually verified in the back-office. Read-only.

• existing_domain - Automatically set if the upper-level domain is verified. For example, "my.example.com" is automatically verified if "example.com" is verified. Read-only.

• dns_txt - Verifies the domain against a TXT record in the Domain Name System (DNS). Learn more in this article.

• dns - Same as dns_txt.

• dns_cname - Verifies the domain against a CNAME record in the Domain Name System (DNS). Learn more in this article.

• meta_tag - Verifies the domain against a meta tag in the index page of the website. Learn more in this article.

• whitelist - Automatically verifies if the domain is in the whitelist

• email - Automatically verifies a domain if the user's email is in the same domain as the target

• aws_route53 - Automatically verifies a domain if the hostname exists as an AWS Route53 Zone.

• cloudflare - Automatically verifies a domain if the host name exists and is verified as a CloudflareZone.

• waved - Automatically verifies a domain if there is a waver agreement.

verification_last_error stringrequired

Error of the last verification of the domain. Read-only.

api_scan_settings

object

required

Scanning settings if the target is an API.

api_schema_type string

Possible values: [openapi, postman]

Type of schema that defines the API:

• openapi - OpenAPI schema.
• postman - Postman collection.

api_schema_url stringnullable

api_schema_file stringnullable

custom_api_parameters

object[]

Array [

name stringrequired

value stringrequired

]

media_type string

Possible values: [application/json, application/x-www-form-urlencoded]

Format of the payload:

• application/json - The payload is in JSON format in the request body.
• application/x-www-form-urlencoded - The payload is encoded in the request URL.

api_login_url string

Possible values: <= 2048 characters

URL to make the authentication request to the API.
The maximum length is 2048 characters.

api_login_payload string

Possible values: <= 4096 characters

Payload to send in the authentication request.
The maximum length is 4096 characters.

api_login_enabled boolean

api_login_token_field string

Possible values: <= 256 characters

Field containing the authentication token in the response to the authentication request.
The maximum length is 256 characters.

token_prefix string

Possible values: <= 16 characters

Prefix to add to the authentication token.
For example, "Bearer" or "JWT".
The maximum length is 16 characters.

token_parameter_name string

Possible values: <= 256 characters

Parameter name to send the authentication token.
For example, "Authorization".
The maximum length is 256 characters.

token_parameter_location string

Possible values: [cookie, header]

Where to send the parameter name with the authentication token and the prefix:

• cookie - Cookie
• header - Header

type string

Type of target.
Possible values are "single" for a web application and "api" for an API.
Defaults to "single".

desc stringnullabledeprecated

Description of the target.
Defaults to "".

labels

object[]

Array [

id stringrequired

A unique Base58 value identifying this object.

name stringrequired

Possible values: <= 255 characters

Name of the label.
The maximum length is 255 characters.

color string

Possible values: Value must match regular expression ^[a-zA-Z0-9#_-]*$

Color of the label, in RGB hexadecimal format prefixed with "#".
For example, "#00FF00" for green.

changed_by

object

required

User who last made changes.

id stringrequired

A unique Base58 value identifying this object.

email email

Possible values: <= 254 characters

Email of the user.

name stringrequired

Possible values: <= 60 characters

Name of the user.

changed date-timerequired

Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".

]

has_assets booleanrequired

report_fileformat string

Possible values: [pdf, docx]

Report format for the target:
(Defaults to pdf)

• pdf - PDF file format.
• docx - DOCX file format.

scanning_agent

object

nullable

Return serializer_class with all fields as read_only except key. The key is the field use to retrieve the object in to_internal_value.

This is for the drf-spectacular documentation generation.

id string

name stringrequired

Possible values: <= 255 characters

installer_generated booleanrequired

online booleanrequired

fallback booleanrequired

rx_bytes integerrequired

tx_bytes integerrequired

latest_handshake integerrequired

teams

object[]

required

Array [

id string

A unique Base58 value identifying this object.

name stringrequired

]

blackout_period

object

required

Time window during which scans are temporarily interrupted.

begin timerequired

Time of when the blackout period starts, in ISO 8601 UTC format.
For example, "13:27".

cease timerequired

Time of when the blackout period ceases, in ISO 8601 UTC format.
For example, "13:27".

weekdays integer[]required

enabled boolean

If true, the blackout period is enabled.

timezone string

Possible values: <= 64 characters

changed date-timerequired

Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".

changed_by

object

required

User who last made changes.

id stringrequired

A unique Base58 value identifying this object.

email email

Possible values: <= 254 characters

Email of the user.

name stringrequired

Possible values: <= 60 characters

Name of the user.

date_time date-timerequired

Date and time of next scan scheduled.

recurrence string

Possible values: [h, d, w, m, q, ``]

Scheduled scan recurrence.

• h - Hourly
• d - Daily
• w - Weekly
• m - Monthly
• q - Quarterly

changed date-timerequired

Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".

changed_by

object

required

User who last made changes.

id stringrequired

A unique Base58 value identifying this object.

email email

Possible values: <= 254 characters

Email of the user.

name stringrequired

Possible values: <= 60 characters

Name of the user.

blackout_period

object

required

Time window during which scans are temporarily interrupted.

begin timerequired

Time of when the blackout period starts, in ISO 8601 UTC format.
For example, "13:27".

cease timerequired

Time of when the blackout period ceases, in ISO 8601 UTC format.
For example, "13:27".

weekdays integer[]required

enabled boolean

If true, the blackout period is enabled.

timezone string

Possible values: <= 64 characters

changed date-timerequired

Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".

changed_by

object

required

User who last made changes.

id stringrequired

A unique Base58 value identifying this object.

email email

Possible values: <= 254 characters

Email of the user.

name stringrequired

Possible values: <= 60 characters

Name of the user.

timezone string

Possible values: <= 64 characters

Timezone to use for scheduled scan timestamp.

run_on_day_of_week boolean

Schedule scan to run on specific monthly day of week (for monthly/quarterly recurrence).

scheduled_day_of_week integernullable

Possible values: >= -2147483648 and <= 2147483647, [1, 2, 3, 4, 5, 6, 7, null]

Day of week to run scan on - monday to sunday (for run on day of week option).

• 1 - Monday
• 2 - Tuesday
• 3 - Wednesday
• 4 - Thursday
• 5 - Friday
• 6 - Saturday
• 7 - Sunday

week_index stringnullable

Possible values: [first, second, third, fourth, last, ``, null]

Which week of the month to run scan on (with run_on_day_of_week enabled).

• first - First
• second - Second
• third - Third
• fourth - Fourth
• last - Last

partial_scan boolean

Future scans set as partial scans, use in conjunction with incremental and reduced_scope.

override_target_settings boolean

Override scan target's scan settings, use in conjunction with override_target_settings.

incremental boolean

Future scans set to incremental, use in conjunction with partial_scan and override_target_settings.

reduced_scope boolean

Future scans set as reduced scope, use in conjunction with partial_scan and override_target_settings.

scan_profile stringnullable

Scan profile to use.
Use the endpoint List Scan Profiles to get all the available scan profiles.
If no scan profile is specified, the scan profile will be the one specified in the target settings.

unlimited stringrequired

assets

object[]

required

Array [

id stringrequired

A unique Base58 value identifying this object.

account stringrequired

A unique Base58 value identifying this object.

name stringrequired

Name of the target or extra host.
The maximum length is 255 characters.

host stringrequired

Extra host of the target.

desc stringnullablerequired

Description of the target.

stack

object[]

Technologies identified in the target during scans.
The scanning engine uses them to fine-tune vulnerability tests and improve the explanation of how to fix vulnerabilities.

Array [

id stringrequired

A unique Base58 value identifying this object.

name Framework Name (string)required

Possible values: <= 255 characters

Name of the technology.
For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
The maximum lenght is 255 characters.

desc Framework Description (string)nullablerequired

Description of the technology.
Defaults to "".

]

verified boolean

If true, the domain is verified. Read-only.

verification_token uuidrequired

Token used to verify the domain Read-only.

verification_date date-timerequired

Date and time of the verification of the domain, in ISO 8601 UTC format. For example, "2023-08-09T13:27:43.8208302". Read-only.

verification_method stringrequired

Possible values: [file, back_office, existing_domain, dns_txt, dns, dns_cname, meta_tag, whitelist, email, aws_route53, cloudflare, waved]

Method used in the verification of the domain: (Read-only)

• file - Verifies the domain against a text file in the root directory of the website. Learn more in this article.

• back_office - Automatically set if manually verified in the back-office. Read-only.

• existing_domain - Automatically set if the upper-level domain is verified. For example, "my.example.com" is automatically verified if "example.com" is verified. Read-only.

• dns_txt - Verifies the domain against a TXT record in the Domain Name System (DNS). Learn more in this article.

• dns - Same as dns_txt.

• dns_cname - Verifies the domain against a CNAME record in the Domain Name System (DNS). Learn more in this article.

• meta_tag - Verifies the domain against a meta tag in the index page of the website. Learn more in this article.

• whitelist - Automatically verifies if the domain is in the whitelist

• email - Automatically verifies a domain if the user's email is in the same domain as the target

• aws_route53 - Automatically verifies a domain if the hostname exists as an AWS Route53 Zone.

• cloudflare - Automatically verifies a domain if the host name exists and is verified as a CloudflareZone.

• waved - Automatically verifies a domain if there is a waver agreement.

verification_last_error stringrequired

Error of the last verification of the domain. Read-only.

changed date-timerequired

Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".

changed_by

object

required

User who last made changes.

id stringrequired

A unique Base58 value identifying this object.

email email

Possible values: <= 254 characters

Email of the user.

name stringrequired

Possible values: <= 60 characters

Name of the user.

headers

object[]

required

Custom headers to send. Read-only.

Array [

name stringrequired

value stringrequired

]

cookies

object[]

Custom cookies to send.

Array [

name stringrequired

value stringrequired

]

include booleanrequired

If true, the extra host is in the scope of the scan.
If false, the extra host is not in the scope of the scan.
Defaults to true.

]

scan_profile string

Identifier of the scan profile.

type string

Type of target.
Possible values are "single" for a web application and "api" for an API.
Defaults to "single".

unlimited boolean

If true, the target has unlimited scans.
If false, the target scans consume credits.
Learn more about unlimited scans vs scans with credits.

report_type string

Possible values: [default, executive_summary, owasp, pci, pci4, iso27001, hipaa]

Type of scan report produced for the target:
(Defaults to default)

• default - Standard
• executive_summary - Executive Summary
• owasp - OWASP Top 10
• pci - PCI v3.2.1
• pci4 - PCI v4.0.1
• iso27001 - ISO 27001
• hipaa - HIPAA

report_fileformat string

Possible values: [pdf, docx]

Report format for the target:
(Defaults to pdf)

• pdf - PDF file format.
• docx - DOCX file format.

allowed_scan_profiles

object[]

required

deprecated

Scan profiles allowed for the target.

Array [

id stringrequired

name string

Possible values: <= 255 characters

Name of the scan profile.
The maximum length is 255 characters.

description stringnullable

Description of the scan profile.

builtin stringrequired

If true, it is a built-in scan profile, which cannot be changed.
If false, it is a custom scan profile and the name must start with "sp-".

]

labels

object[]

Labels of the target.

Array [

id stringrequired

A unique Base58 value identifying this object.

name stringrequired

Possible values: <= 255 characters

Name of the label.
The maximum length is 255 characters.

color string

Possible values: Value must match regular expression ^[a-zA-Z0-9#_-]*$

Color of the label, in RGB hexadecimal format prefixed with "#".
For example, "#00FF00" for green.

changed_by

object

required

User who last made changes.

id stringrequired

A unique Base58 value identifying this object.

email email

Possible values: <= 254 characters

Email of the user.

name stringrequired

Possible values: <= 60 characters

Name of the user.

changed date-timerequired

Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".

]

scanning_agent

object

nullable

Scanning agent of the target. Learn more on how to scan internal applications with a scanning agent.

id string

name stringrequired

Possible values: <= 255 characters

installer_generated booleanrequired

online booleanrequired

fallback booleanrequired

rx_bytes integerrequired

tx_bytes integerrequired

latest_handshake integerrequired

include_deduplicated_endpoints booleannullable

If true, scans include deduplicated endpoints.
If false or null, scans exclude deduplicated endpoints.
A deduplicated endpoint has the same simhash as another scanned endpoint.

teams

object[]

Array [

id string

A unique Base58 value identifying this object.

name stringrequired

]

blackout_period

object

Time window during which scans are temporarily interrupted.

begin timerequired

Time of when the blackout period starts, in ISO 8601 UTC format.
For example, "13:27".

cease timerequired

Time of when the blackout period ceases, in ISO 8601 UTC format.
For example, "13:27".

weekdays integer[]required

enabled boolean

If true, the blackout period is enabled.

timezone string

Possible values: <= 64 characters

changed date-timerequired

Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".

changed_by

object

required

User who last made changes.

id stringrequired

A unique Base58 value identifying this object.

email email

Possible values: <= 254 characters

Email of the user.

name stringrequired

Possible values: <= 60 characters

Name of the user.

fail_fast boolean

If true, scans fail on recoverable errors.
If false, scans continue on recoverable errors.
Defaults to true.

login_video urinullablerequired

URL for the last recorded login video from this target's scans.

changed date-timerequired

Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".

changed_by

object

required

User who last made changes.

id stringrequired

A unique Base58 value identifying this object.

email email

Possible values: <= 254 characters

Email of the user.

name stringrequired

Possible values: <= 60 characters

Name of the user.

incremental boolean

If true, on-demand scans can be incremental to narrow the coverage to new and updated URLs.
Learn more about partial scans.
Defaults to false.

reduced_scope boolean

If true, on-demand scans can have reduced scope to narrow the coverage to defined URLs.
Learn more about partial scans.
Defaults to false.

schedule_incremental boolean

If true, scheduled scans can be incremental to narrow the coverage to new and updated URLs.
Learn more about partial scans.
Defaults to false.

schedule_reduced_scope boolean

If true, scheduled scans can have reduced scope to narrow the coverage to defined URLs.
Learn more about partial scans.
Defaults to false.

crawl_sequences_only boolean

If true, on-demand scans can only crawl navigation sequences to narrow the coverage.
Learn more about partial scans.
Defaults to false.

schedule_crawl_sequences_only boolean

If true, scheduled scans can only crawl navigation sequences to narrow the coverage.
Learn more about partial scans.
Defaults to false.

scan

object

id stringrequired

A unique Base58 value identifying this object.

target

object

required

id stringrequired

name stringdeprecated

Possible values: <= 255 characters

Name of the target.
The maximum length is 255 characters.

site

object

Core settings of the target.
Includes basic target information (like the name, description, and URL) and scanning information (like the authentication and navigation sequences).

id stringrequired

A unique Base58 value identifying this object.

name string

Possible values: <= 255 characters

Name of the target or extra host.
The maximum length is 255 characters.

desc stringnullable

Description of the target.

url urirequired

URL of the target.

host stringrequired

Hostname of the target.

has_form_login boolean

If true, the target authentication is done through a login form.
Read more about how to set up target authentication (login form).
Defaults to false.

form_login_url uri

URL of the login form of the target.

form_login_check_pattern string

Possible values: <= 255 characters

Pattern to check a successful login.
The maximum length is 255 characters.

form_login

object[]

Field and value pairs to fill the login form.

Array [

name stringrequired

value stringrequired

]

logout_detection_enabled boolean

If true, detects any undesired logouts that may occur during scans to log back in.
Requires check_session_url and logout_detectors to be defined.
Defaults to false.

has_sequence_login boolean

If true, the target authentication is done through a recorded login sequence.
Read more about how to set up target authentication (login sequence).
Defaults to false.

has_sequence_navigation booleanrequired

has_basic_auth boolean

If true, the target authentication is done through username and password credentials.
Defaults to false.

basic_auth

object

Username and password credentials for the basic auth.

username stringrequired

Possible values: <= 255 characters

password stringrequired

Possible values: <= 255 characters

headers

object[]

Custom headers to send.

Array [

name stringrequired

value stringrequired

]

cookies

object[]

Custom cookies to send.

Array [

name stringrequired

value stringrequired

]

whitelist

object

Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

property name* any

Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

blacklist

object

URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

property name* any

URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

changed date-timerequired

Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".

changed_by

object

required

User who last made changes.

id stringrequired

A unique Base58 value identifying this object.

email email

Possible values: <= 254 characters

Email of the user.

name stringrequired

Possible values: <= 60 characters

Name of the user.

auth_enabled boolean

If true, the target has authentication.
Defaults to false.

logout_condition string

Possible values: [any, all]

Type of combination of the logout conditions:

• any - Is logged out if any condition is verified.
• all - Is logged out only if all condition are verified.

check_session_url string

URL to check session.

has_otp boolean

If true, the target has two-factor authentication (2FA).
Read more about how to set up target two-factor authentication (2FA).
Defaults to false.

otp_secret string

The seed/secret obtained when the QR code is displayed to be scanned by the third-party authenticator (TPA) app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
Read more about how to set up target two-factor authentication (2FA).

otp_algorithm string

Possible values: [SHA1, SHA256, SHA512]

Default value: SHA1

Secure hash algorithm (SHA) to generate the one-time password (OTP):
(Defaults to SHA1)

• SHA1 - Sha1
• SHA256 - Sha256
• SHA512 - Sha512

otp_digits integer

Possible values: >= -2147483648 and <= 2147483647, [6, 7, 8]

Default value: 6

Number of digits of the one-time password (OTP):
(Defaults to 6)

• 6 - Six
• 7 - Seven
• 8 - Eight

otp_field string

CSS selector of the HTML element in the page to enter the one-time password (OTP).
For example, a text input field. Read more about how to obtain a CSS selector.
Defaults to "".

otp_submit string

CSS selector of the HTML element in the page to submit the one-time password (OTP). For example, a button.
Read more about how to obtain a CSS selector.
Defaults to "".

otp_login_sequence_totp_value string

Possible values: >= 6 characters and <= 8 characters

One-time password (OTP) obtained at the time when the login sequence was recorded, i.e., the time-based one-time password (TOTP).
Defaults to "".

otp_type string

otp_url stringrequired

stack

object[]

Technologies identified in the target during scans.
The scanning engine uses them to fine-tune vulnerability tests and improve the explanation of how to fix vulnerabilities.

Array [

id stringrequired

A unique Base58 value identifying this object.

name Framework Name (string)required

Possible values: <= 255 characters

Name of the technology.
For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
The maximum lenght is 255 characters.

desc Framework Description (string)nullablerequired

Description of the technology.
Defaults to "".

]

verified booleanrequired

If true, the domain is verified. Read-only.

verification_token stringrequired

Token used to verify the domain. Read-only.

verification_date date-timerequired

Date and time of the verification of the domain, in ISO 8601 UTC format. For example, "2023-08-09T13:27:43.8208302". Read-only.

verification_method stringrequired

Possible values: [file, back_office, existing_domain, dns_txt, dns, dns_cname, meta_tag, whitelist, email, aws_route53, cloudflare, waved]

Method used in the domain verification:

• file - Verifies the domain against a text file in the root directory of the website. Learn more in this article.

• back_office - Automatically set if manually verified in the back-office. Read-only.

• existing_domain - Automatically set if the upper-level domain is verified. For example, "my.example.com" is automatically verified if "example.com" is verified. Read-only.

• dns_txt - Verifies the domain against a TXT record in the Domain Name System (DNS). Learn more in this article.

• dns - Same as dns_txt.

• dns_cname - Verifies the domain against a CNAME record in the Domain Name System (DNS). Learn more in this article.

• meta_tag - Verifies the domain against a meta tag in the index page of the website. Learn more in this article.

• whitelist - Automatically verifies if the domain is in the whitelist

• email - Automatically verifies a domain if the user's email is in the same domain as the target

• aws_route53 - Automatically verifies a domain if the hostname exists as an AWS Route53 Zone.

• cloudflare - Automatically verifies a domain if the host name exists and is verified as a CloudflareZone.

• waved - Automatically verifies a domain if there is a waver agreement.

verification_last_error stringrequired

Error of the last verification of the domain. Read-only.

api_scan_settings

object

required

Scanning settings if the target is an API.

api_schema_type string

Possible values: [openapi, postman]

Type of schema that defines the API:

• openapi - OpenAPI schema.
• postman - Postman collection.

api_schema_url stringnullable

api_schema_file stringnullable

custom_api_parameters

object[]

Array [

name stringrequired

value stringrequired

]

media_type string

Possible values: [application/json, application/x-www-form-urlencoded]

Format of the payload:

• application/json - The payload is in JSON format in the request body.
• application/x-www-form-urlencoded - The payload is encoded in the request URL.

api_login_url string

Possible values: <= 2048 characters

URL to make the authentication request to the API.
The maximum length is 2048 characters.

api_login_payload string

Possible values: <= 4096 characters

Payload to send in the authentication request.
The maximum length is 4096 characters.

api_login_enabled boolean

api_login_token_field string

Possible values: <= 256 characters

Field containing the authentication token in the response to the authentication request.
The maximum length is 256 characters.

token_prefix string

Possible values: <= 16 characters

Prefix to add to the authentication token.
For example, "Bearer" or "JWT".
The maximum length is 16 characters.

token_parameter_name string

Possible values: <= 256 characters

Parameter name to send the authentication token.
For example, "Authorization".
The maximum length is 256 characters.

token_parameter_location string

Possible values: [cookie, header]

Where to send the parameter name with the authentication token and the prefix:

• cookie - Cookie
• header - Header

type string

Type of target.
Possible values are "single" for a web application and "api" for an API.
Defaults to "single".

desc stringnullabledeprecated

Description of the target.
Defaults to "".

labels

object[]

Array [

id stringrequired

A unique Base58 value identifying this object.

name stringrequired

Possible values: <= 255 characters

Name of the label.
The maximum length is 255 characters.

color string

Possible values: Value must match regular expression ^[a-zA-Z0-9#_-]*$

Color of the label, in RGB hexadecimal format prefixed with "#".
For example, "#00FF00" for green.

changed_by

object

required

User who last made changes.

id stringrequired

A unique Base58 value identifying this object.

email email

Possible values: <= 254 characters

Email of the user.

name stringrequired

Possible values: <= 60 characters

Name of the user.

changed date-timerequired

Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".

]

has_assets booleanrequired

report_fileformat string

Possible values: [pdf, docx]

Report format for the target:
(Defaults to pdf)

• pdf - PDF file format.
• docx - DOCX file format.

scanning_agent

object

nullable

Return serializer_class with all fields as read_only except key. The key is the field use to retrieve the object in to_internal_value.

This is for the drf-spectacular documentation generation.

id string

name stringrequired

Possible values: <= 255 characters

installer_generated booleanrequired

online booleanrequired

fallback booleanrequired

rx_bytes integerrequired

tx_bytes integerrequired

latest_handshake integerrequired

teams

object[]

required

Array [

id string

A unique Base58 value identifying this object.

name stringrequired

]

blackout_period

object

required

Time window during which scans are temporarily interrupted.

begin timerequired

Time of when the blackout period starts, in ISO 8601 UTC format.
For example, "13:27".

cease timerequired

Time of when the blackout period ceases, in ISO 8601 UTC format.
For example, "13:27".

weekdays integer[]required

enabled boolean

If true, the blackout period is enabled.

timezone string

Possible values: <= 64 characters

changed date-timerequired

Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".

changed_by

object

required

User who last made changes.

id stringrequired

A unique Base58 value identifying this object.

email email

Possible values: <= 254 characters

Email of the user.

name stringrequired

Possible values: <= 60 characters

Name of the user.

status stringrequired

Possible values: [canceled, canceling, completed, completed_with_errors, failed, paused, pausing, queued, resuming, started, under_review, finishing_up]

Status of the scan:

• canceled - Canceled
• canceling - Canceling
• completed - Completed
• completed_with_errors - Completed with errors - DEPRECATED
• failed - Failed
• paused - Paused
• pausing - Pausing
• queued - Queued
• resuming - Resuming
• started - Started
• under_review - Under Review
• finishing_up - Finishing up

started date-timenullablerequired

Date and time of when the scan started.

completed date-timenullablerequired

Date and time of when the scan was completed.

scan_profile stringrequired

Identifier of the scan profile.

lows integernullablerequired

Number of vulnerability findings with low severity.

mediums integernullablerequired

Number of vulnerability findings with medium severity.

highs integernullablerequired

Number of vulnerability findings with high severity.

created date-timerequired

unlimited booleanrequired

If true, the scan had unlimited credits. If false, the scan consumed credits. Learn more about unlimited scans vs scans with credits.

changed date-timerequired

Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".

changed_by

object

required

User who last made changes.

id stringrequired

A unique Base58 value identifying this object.

email email

Possible values: <= 254 characters

Email of the user.

name stringrequired

Possible values: <= 60 characters

Name of the user.

stack

object[]

required

Technologies found in the scan. The scanning engine uses them to fine-tune vulnerability tests and texts about how to fix the vulnerabilities.

Array [

id stringrequired

A unique Base58 value identifying this object.

name Framework Name (string)required

Possible values: <= 255 characters

Name of the technology.
For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
The maximum lenght is 255 characters.

desc Framework Description (string)nullablerequired

Description of the technology.
Defaults to "".

]

crawler

object

required

Information on the crawler execution.

state stringrequired

State of the crawler execution.
For example, "started" or "ended".

status string[]required

List with two numbers where the first is the crawled URLs and the second is the total of URLs to crawl.

warning

object[]

required

List of warnings occurred during the crawler execution.

Array [

code stringrequired

Warning code.

message stringrequired

Warning message.

]

error

object[]

required

List of errors occurred during the crawler execution.

Array [

code stringrequired

message stringrequired

]

full_status

object

required

Detailed information on the crawler execution.

type stringrequired

Type of information.
The value is "feedback".

iid uuidrequired

Internal information.

aid uuidrequired

Internal information.

ts stringrequired

Timestamp of the crawler execution.

subtype stringrequired

Sub-type of the type of information.
The value is "status".

stage stringrequired

Stage of the scan.
The value is "crawler".

module stringrequired

Module of the crawler that is executing.

data

object

required

Further details on the crawler execution.

type stringrequired

Type of information.
The value is "feedback".

countTimeoutEndpoints integerrequired

Number of requests with timeouts during the crawler execution.

countLoginFailed integerrequired

Number of failed login attempts during the crawler execution.

version integerrequired

Version number.

countNetworkErrorEndpoints integerrequired

Number of network errors during the crawler execution.

doingLogin booleanrequired

If true, the crawler is currently trying to log in to the target.

done integerrequired

Number of URLs crawled.

rejected integerrequired

Number of URLs deduplicated during the crawler execution.

total integerrequired

Total number of URLs to crawl.

allExtraHosts string[]required

List of extra hosts.

crawlingEndpoints string[]required

List of URLs currently being crawled.

lastLogin

object[]

required

List of the last logins.

Array [

status stringrequired

Status of the login attempt.

timestamp integerrequired

Timestamp of the login attempt.

]

status

object

required

List of HTTP response codes obtained during the crawler execution and how many of each.

property name* any

List of HTTP response codes obtained during the crawler execution and how many of each.

outOfScopeHostsCount

object

required

List of URLs out of the target's scope and the number of times the crawler hit them.

property name* any

List of URLs out of the target's scope and the number of times the crawler hit them.

allHostnames

object

required

List of all hostnames to crawl.

property name* any

List of all hostnames to crawl.

lastCrawledEndpoints

object[]

required

List of the last crawled URLs.

Array [

jobId integerrequired

Identifier of the crawler job.

status integerrequired

HTTP response status code for the crawler request.

method stringrequired

HTTP method of the crawler request.

url urirequired

URL of the crawler request.

]

statusByHost

object

required

List of HTTP response codes obtained during the crawler execution and how many of each, grouped by hostname.

property name* any

List of HTTP response codes obtained during the crawler execution and how many of each, grouped by hostname.

fingerprinter

object

required

Information on the fingerprinter execution.

state stringrequired

State of the fingerprinter execution.
For example, "started" or "ended".

count integerrequired

Number of technologies (frameworks) detected by the fingerprinter.

warning string[]required

List of warnings occurred during the fingerprinter execution.

error string[]required

List of errors occurred during the fingerprinter execution.

scanner

object

required

Information on the scanner execution.

state stringrequired

State of the scanner execution.
For example, "started" or "ended".

status string[]required

List with two numbers where the first is the scanned URLs and the second is the total of URLs to scan.

warning

object[]

required

List of warnings occurred during the scanner execution.

Array [

code stringrequired

Warning code.

message stringrequired

Warning message.

]

error string[]required

List of errors occurred during the scanner execution.

full_status

object

required

Detailed information on the scanner execution.

type stringrequired

Type of information.
The value is "feedback".

iid uuidrequired

Internal information.

aid uuidrequired

Internal information.

ts stringrequired

Timestamp of the scanner execution.

subtype stringrequired

Sub-type of the type of information.
The value is "status".

stage stringrequired

Stage of the scan.
The value is "scanner".

module stringrequired

Module of the scanner that is executing.

data

object

required

Further details on the scanner execution.

done integerrequired

Number of URLs scanned.

total integerrequired

Total number of URLs to scan.

scannerState

object

required

Details on the scanner state.

numberOfRequestBeingScanned integerrequired

Number of scanner requests executing.

currentAverageRtt doublerequired

Current average response time to scanner requests.

averageRtt doublerequired

Overall average response time to scanner requests.

nStatus3xx stringrequired

Number of HTTP 3XX response status codes during the scanner execution.

nStatus4xx stringrequired

Number of HTTP 4XX response status codes during the scanner execution.

nStatus5xx stringrequired

Number of HTTP 5XX response status codes during the scanner execution.

nConnectionErrors stringrequired

Number of connection errors during the scanner execution.

nTimeouts stringrequired

Number of request timeouts during the scanner execution.

nRequests stringrequired

Number of requests executed by the scanner.

sampleOfRequestBeingScanned

object

required

List of the current scanner requests.

httpMethod stringrequired

HTTP method of the scanner request.

url urirequired

URL of the scanner request.

target_options

object

required

Options of the target for the scan.

site

object

The core settings of the target for the scan.
Includes basic target information (like the name, description, and URL) and scanning information (like the authentication and navigation sequences).

id stringrequired

A unique Base58 value identifying this object.

name string

Possible values: <= 255 characters

Name of the target or extra host.
The maximum length is 255 characters.

desc stringnullable

Description of the target.

url urirequired

URL of the target.

host stringrequired

Hostname of the target.

has_form_login boolean

If true, the target authentication is done through a login form.
Read more about how to set up target authentication (login form).
Defaults to false.

form_login_url uri

URL of the login form of the target.

form_login_check_pattern string

Possible values: <= 255 characters

Pattern to check a successful login.
The maximum length is 255 characters.

form_login

object[]

Field and value pairs to fill the login form.

Array [

name stringrequired

value stringrequired

]

logout_detection_enabled boolean

If true, detects any undesired logouts that may occur during scans to log back in.
Requires check_session_url and logout_detectors to be defined.
Defaults to false.

has_sequence_login boolean

If true, the target authentication is done through a recorded login sequence.
Read more about how to set up target authentication (login sequence).
Defaults to false.

has_sequence_navigation booleanrequired

has_basic_auth boolean

If true, the target authentication is done through username and password credentials.
Defaults to false.

basic_auth

object

Username and password credentials for the basic auth.

username stringrequired

Possible values: <= 255 characters

password stringrequired

Possible values: <= 255 characters

headers

object[]

Custom headers to send.

Array [

name stringrequired

value stringrequired

]

cookies

object[]

Custom cookies to send.

Array [

name stringrequired

value stringrequired

]

whitelist

object

Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

property name* any

Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

blacklist

object

URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

property name* any

URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

changed date-timerequired

Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".

changed_by

object

required

User who last made changes.

id stringrequired

A unique Base58 value identifying this object.

email email

Possible values: <= 254 characters

Email of the user.

name stringrequired

Possible values: <= 60 characters

Name of the user.

auth_enabled boolean

If true, the target has authentication.
Defaults to false.

logout_condition string

Possible values: [any, all]

Type of combination of the logout conditions:

• any - Is logged out if any condition is verified.
• all - Is logged out only if all condition are verified.

check_session_url string

URL to check session.

has_otp boolean

If true, the target has two-factor authentication (2FA).
Read more about how to set up target two-factor authentication (2FA).
Defaults to false.

otp_secret string

The seed/secret obtained when the QR code is displayed to be scanned by the third-party authenticator (TPA) app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
Read more about how to set up target two-factor authentication (2FA).

otp_algorithm string

Possible values: [SHA1, SHA256, SHA512]

Default value: SHA1

Secure hash algorithm (SHA) to generate the one-time password (OTP):
(Defaults to SHA1)

• SHA1 - Sha1
• SHA256 - Sha256
• SHA512 - Sha512

otp_digits integer

Possible values: >= -2147483648 and <= 2147483647, [6, 7, 8]

Default value: 6

Number of digits of the one-time password (OTP):
(Defaults to 6)

• 6 - Six
• 7 - Seven
• 8 - Eight

otp_field string

CSS selector of the HTML element in the page to enter the one-time password (OTP).
For example, a text input field. Read more about how to obtain a CSS selector.
Defaults to "".

otp_submit string

CSS selector of the HTML element in the page to submit the one-time password (OTP). For example, a button.
Read more about how to obtain a CSS selector.
Defaults to "".

otp_login_sequence_totp_value string

Possible values: >= 6 characters and <= 8 characters

One-time password (OTP) obtained at the time when the login sequence was recorded, i.e., the time-based one-time password (TOTP).
Defaults to "".

otp_type string

otp_url stringrequired

has_assets booleanrequired

If true, the scan includes extra hosts from the target.
Learn more about What are the extra hosts in scope for?.

scanning_agent

object

required

id stringrequired

name stringrequired

Possible values: <= 255 characters

installer_generated booleanrequired

teams

object[]

nullable

Array [

id string

A unique Base58 value identifying this object.

name stringrequired

]

online booleanrequired

fallback booleanrequired

rx_bytes integerrequired

tx_bytes integerrequired

latest_handshake integerrequired

has_sequence_navigation boolean

If true, the scan includes sequence navigations.
Learn more about How to set up Navigation Sequences?.

incremental booleanrequired

If true, the scan was incremental to narrow the coverage to new and updated URLs.
Learn more about partial scans.

reduced_scope booleanrequired

If true, the scan used a reduced scope to narrow the coverage to defined URLs.
Learn more about partial scans.

crawl_sequences_only booleanrequired

If true, the scan only crawled navigation sequences to narrow the coverage.
Learn more about partial scans.

ignore_blackout_period booleanrequired

If true, the scan ignored the blackout period defined in the target settings.

runtime string

Rotal time from the start of the scan to its completion.
For example, "02 00:00:10.123456".

duration string

Total time the scan was actively running.
For example, "02 00:00:10.123456".

user_data string

Store scan metadata.

Example (from schema)

{
  "target": {
    "id": "string",
    "site": {
      "id": "string",
      "name": "string",
      "desc": "string",
      "url": "string",
      "host": "string",
      "has_form_login": false,
      "form_login_url": "string",
      "form_login_check_pattern": "string",
      "form_login": [
        {
          "name": "string",
          "value": "string"
        }
      ],
      "logout_detection_enabled": false,
      "has_sequence_login": false,
      "has_sequence_navigation": true,
      "has_basic_auth": false,
      "basic_auth": {
        "username": "string",
        "password": "string"
      },
      "headers": [
        {
          "name": "string",
          "value": "string"
        }
      ],
      "cookies": [
        {
          "name": "string",
          "value": "string"
        }
      ],
      "whitelist": {},
      "blacklist": {},
      "changed": "2024-07-29T15:51:28.071Z",
      "changed_by": {
        "id": "string",
        "email": "[email protected]",
        "name": "string"
      },
      "auth_enabled": false,
      "logout_condition": "any",
      "check_session_url": "string",
      "has_otp": true,
      "otp_secret": "string",
      "otp_algorithm": "SHA1",
      "otp_digits": 6,
      "otp_field": "string",
      "otp_submit": "string",
      "otp_login_sequence_totp_value": "string",
      "otp_type": "string",
      "otp_url": "string",
      "stack": [
        {
          "id": "string",
          "name": "string",
          "desc": "string"
        }
      ],
      "verified": true,
      "verification_token": "string",
      "verification_date": "2024-07-29T15:51:28.071Z",
      "verification_method": "file",
      "verification_last_error": "string",
      "api_scan_settings": {
        "api_schema_type": "openapi",
        "api_schema_url": "string",
        "api_schema_file": "string",
        "custom_api_parameters": [
          {
            "name": "string",
            "value": "string"
          }
        ],
        "media_type": "application/json",
        "api_login_url": "string",
        "api_login_payload": "string",
        "api_login_enabled": true,
        "api_login_token_field": "string",
        "token_prefix": "string",
        "token_parameter_name": "string",
        "token_parameter_location": "cookie"
      }
    },
    "lows": 0,
    "mediums": 0,
    "highs": 0,
    "risk": 0,
    "last_scan": {
      "id": "string",
      "status": "canceled",
      "started": "2024-07-29T15:51:28.071Z",
      "completed": "2024-07-29T15:51:28.071Z",
      "scan_profile": "string",
      "lows": 0,
      "mediums": 0,
      "highs": 0,
      "created": "2024-07-29T15:51:28.071Z"
    },
    "running_scan": {
      "id": "string",
      "status": "canceled",
      "started": "2024-07-29T15:51:28.071Z",
      "completed": "2024-07-29T15:51:28.071Z",
      "scan_profile": "string",
      "lows": 0,
      "mediums": 0,
      "highs": 0,
      "created": "2024-07-29T15:51:28.071Z",
      "crawler": {
        "state": "string",
        "status": [
          "string"
        ],
        "warning": [
          {
            "code": "string",
            "message": "string"
          }
        ],
        "error": [
          {
            "code": "string",
            "message": "string"
          }
        ],
        "full_status": {
          "type": "string",
          "iid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
          "aid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
          "ts": "string",
          "subtype": "string",
          "stage": "string",
          "module": "string",
          "data": {
            "type": "string",
            "countTimeoutEndpoints": 0,
            "countLoginFailed": 0,
            "version": 0,
            "countNetworkErrorEndpoints": 0,
            "doingLogin": true,
            "done": 0,
            "rejected": 0,
            "total": 0,
            "allExtraHosts": [
              "string"
            ],
            "crawlingEndpoints": [
              "string"
            ],
            "lastLogin": [
              {
                "status": "string",
                "timestamp": 0
              }
            ],
            "status": {},
            "outOfScopeHostsCount": {},
            "allHostnames": {},
            "lastCrawledEndpoints": [
              {
                "jobId": 0,
                "status": 0,
                "method": "string",
                "url": "string"
              }
            ],
            "statusByHost": {}
          }
        }
      },
      "fingerprinter": {
        "state": "string",
        "count": 0,
        "warning": [
          "string"
        ],
        "error": [
          "string"
        ]
      },
      "scanner": {
        "state": "string",
        "status": [
          "string"
        ],
        "warning": [
          {
            "code": "string",
            "message": "string"
          }
        ],
        "error": [
          "string"
        ],
        "full_status": {
          "type": "string",
          "iid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
          "aid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
          "ts": "string",
          "subtype": "string",
          "stage": "string",
          "module": "string",
          "data": {
            "done": 0,
            "total": 0,
            "scannerState": {
              "numberOfRequestBeingScanned": 0,
              "currentAverageRtt": 0,
              "averageRtt": 0,
              "nStatus3xx": "string",
              "nStatus4xx": "string",
              "nStatus5xx": "string",
              "nConnectionErrors": "string",
              "nTimeouts": "string",
              "nRequests": "string",
              "sampleOfRequestBeingScanned": {
                "httpMethod": "string",
                "url": "string"
              }
            }
          }
        }
      },
      "stack": [
        {
          "id": "string",
          "name": "string",
          "desc": "string"
        }
      ]
    },
    "next_scan": {
      "id": "string",
      "target": {
        "id": "string",
        "site": {
          "id": "string",
          "name": "string",
          "desc": "string",
          "url": "string",
          "host": "string",
          "has_form_login": false,
          "form_login_url": "string",
          "form_login_check_pattern": "string",
          "form_login": [
            {
              "name": "string",
              "value": "string"
            }
          ],
          "logout_detection_enabled": false,
          "has_sequence_login": false,
          "has_sequence_navigation": true,
          "has_basic_auth": false,
          "basic_auth": {
            "username": "string",
            "password": "string"
          },
          "headers": [
            {
              "name": "string",
              "value": "string"
            }
          ],
          "cookies": [
            {
              "name": "string",
              "value": "string"
            }
          ],
          "whitelist": {},
          "blacklist": {},
          "changed": "2024-07-29T15:51:28.071Z",
          "changed_by": {
            "id": "string",
            "email": "[email protected]",
            "name": "string"
          },
          "auth_enabled": false,
          "logout_condition": "any",
          "check_session_url": "string",
          "has_otp": true,
          "otp_secret": "string",
          "otp_algorithm": "SHA1",
          "otp_digits": 6,
          "otp_field": "string",
          "otp_submit": "string",
          "otp_login_sequence_totp_value": "string",
          "otp_type": "string",
          "otp_url": "string",
          "stack": [
            {
              "id": "string",
              "name": "string",
              "desc": "string"
            }
          ],
          "verified": true,
          "verification_token": "string",
          "verification_date": "2024-07-29T15:51:28.071Z",
          "verification_method": "file",
          "verification_last_error": "string",
          "api_scan_settings": {
            "api_schema_type": "openapi",
            "api_schema_url": "string",
            "api_schema_file": "string",
            "custom_api_parameters": [
              {
                "name": "string",
                "value": "string"
              }
            ],
            "media_type": "application/json",
            "api_login_url": "string",
            "api_login_payload": "string",
            "api_login_enabled": true,
            "api_login_token_field": "string",
            "token_prefix": "string",
            "token_parameter_name": "string",
            "token_parameter_location": "cookie"
          }
        },
        "type": "string",
        "labels": [
          {
            "id": "string",
            "name": "string",
            "color": "string",
            "changed_by": {
              "id": "string",
              "email": "[email protected]",
              "name": "string"
            },
            "changed": "2024-07-29T15:51:28.071Z"
          }
        ],
        "has_assets": true,
        "report_fileformat": "pdf",
        "scanning_agent": {
          "id": "string",
          "name": "string",
          "installer_generated": true,
          "online": true,
          "fallback": true,
          "rx_bytes": 0,
          "tx_bytes": 0,
          "latest_handshake": 0
        },
        "teams": [
          {
            "id": "string",
            "name": "string"
          }
        ],
        "blackout_period": {
          "begin": "string",
          "cease": "string",
          "weekdays": [
            0
          ],
          "enabled": true,
          "timezone": "string",
          "changed": "2024-07-29T15:51:28.071Z",
          "changed_by": {
            "id": "string",
            "email": "[email protected]",
            "name": "string"
          }
        }
      },
      "date_time": "2024-07-29T15:51:28.071Z",
      "recurrence": "h",
      "changed": "2024-07-29T15:51:28.071Z",
      "changed_by": {
        "id": "string",
        "email": "[email protected]",
        "name": "string"
      },
      "blackout_period": {
        "begin": "string",
        "cease": "string",
        "weekdays": [
          0
        ],
        "enabled": true,
        "timezone": "string",
        "changed": "2024-07-29T15:51:28.071Z",
        "changed_by": {
          "id": "string",
          "email": "[email protected]",
          "name": "string"
        }
      },
      "timezone": "string",
      "run_on_day_of_week": true,
      "scheduled_day_of_week": 1,
      "week_index": "first",
      "partial_scan": true,
      "override_target_settings": true,
      "incremental": true,
      "reduced_scope": true,
      "scan_profile": "string",
      "unlimited": "string"
    },
    "assets": [
      {
        "id": "string",
        "account": "string",
        "name": "string",
        "host": "string",
        "desc": "string",
        "stack": [
          {
            "id": "string",
            "name": "string",
            "desc": "string"
          }
        ],
        "verified": true,
        "verification_token": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
        "verification_date": "2024-07-29T15:51:28.071Z",
        "verification_method": "file",
        "verification_last_error": "string",
        "changed": "2024-07-29T15:51:28.071Z",
        "changed_by": {
          "id": "string",
          "email": "[email protected]",
          "name": "string"
        },
        "headers": [
          {
            "name": "string",
            "value": "string"
          }
        ],
        "cookies": [
          {
            "name": "string",
            "value": "string"
          }
        ],
        "include": true
      }
    ],
    "scan_profile": "string",
    "type": "string",
    "unlimited": true,
    "report_type": "default",
    "report_fileformat": "pdf",
    "labels": [
      {
        "id": "string",
        "name": "string",
        "color": "string",
        "changed_by": {
          "id": "string",
          "email": "[email protected]",
          "name": "string"
        },
        "changed": "2024-07-29T15:51:28.071Z"
      }
    ],
    "scanning_agent": {
      "id": "string",
      "name": "string",
      "installer_generated": true,
      "online": true,
      "fallback": true,
      "rx_bytes": 0,
      "tx_bytes": 0,
      "latest_handshake": 0
    },
    "include_deduplicated_endpoints": true,
    "teams": [
      {
        "id": "string",
        "name": "string"
      }
    ],
    "blackout_period": {
      "begin": "string",
      "cease": "string",
      "weekdays": [
        0
      ],
      "enabled": true,
      "timezone": "string",
      "changed": "2024-07-29T15:51:28.071Z",
      "changed_by": {
        "id": "string",
        "email": "[email protected]",
        "name": "string"
      }
    },
    "fail_fast": true,
    "login_video": "string",
    "changed": "2024-07-29T15:51:28.071Z",
    "changed_by": {
      "id": "string",
      "email": "[email protected]",
      "name": "string"
    },
    "incremental": true,
    "reduced_scope": true,
    "schedule_incremental": true,
    "schedule_reduced_scope": true,
    "crawl_sequences_only": true,
    "schedule_crawl_sequences_only": true
  },
  "scan": {
    "id": "string",
    "target": {
      "id": "string",
      "site": {
        "id": "string",
        "name": "string",
        "desc": "string",
        "url": "string",
        "host": "string",
        "has_form_login": false,
        "form_login_url": "string",
        "form_login_check_pattern": "string",
        "form_login": [
          {
            "name": "string",
            "value": "string"
          }
        ],
        "logout_detection_enabled": false,
        "has_sequence_login": false,
        "has_sequence_navigation": true,
        "has_basic_auth": false,
        "basic_auth": {
          "username": "string",
          "password": "string"
        },
        "headers": [
          {
            "name": "string",
            "value": "string"
          }
        ],
        "cookies": [
          {
            "name": "string",
            "value": "string"
          }
        ],
        "whitelist": {},
        "blacklist": {},
        "changed": "2024-07-29T15:51:28.071Z",
        "changed_by": {
          "id": "string",
          "email": "[email protected]",
          "name": "string"
        },
        "auth_enabled": false,
        "logout_condition": "any",
        "check_session_url": "string",
        "has_otp": true,
        "otp_secret": "string",
        "otp_algorithm": "SHA1",
        "otp_digits": 6,
        "otp_field": "string",
        "otp_submit": "string",
        "otp_login_sequence_totp_value": "string",
        "otp_type": "string",
        "otp_url": "string",
        "stack": [
          {
            "id": "string",
            "name": "string",
            "desc": "string"
          }
        ],
        "verified": true,
        "verification_token": "string",
        "verification_date": "2024-07-29T15:51:28.071Z",
        "verification_method": "file",
        "verification_last_error": "string",
        "api_scan_settings": {
          "api_schema_type": "openapi",
          "api_schema_url": "string",
          "api_schema_file": "string",
          "custom_api_parameters": [
            {
              "name": "string",
              "value": "string"
            }
          ],
          "media_type": "application/json",
          "api_login_url": "string",
          "api_login_payload": "string",
          "api_login_enabled": true,
          "api_login_token_field": "string",
          "token_prefix": "string",
          "token_parameter_name": "string",
          "token_parameter_location": "cookie"
        }
      },
      "type": "string",
      "labels": [
        {
          "id": "string",
          "name": "string",
          "color": "string",
          "changed_by": {
            "id": "string",
            "email": "[email protected]",
            "name": "string"
          },
          "changed": "2024-07-29T15:51:28.071Z"
        }
      ],
      "has_assets": true,
      "report_fileformat": "pdf",
      "scanning_agent": {
        "id": "string",
        "name": "string",
        "installer_generated": true,
        "online": true,
        "fallback": true,
        "rx_bytes": 0,
        "tx_bytes": 0,
        "latest_handshake": 0
      },
      "teams": [
        {
          "id": "string",
          "name": "string"
        }
      ],
      "blackout_period": {
        "begin": "string",
        "cease": "string",
        "weekdays": [
          0
        ],
        "enabled": true,
        "timezone": "string",
        "changed": "2024-07-29T15:51:28.071Z",
        "changed_by": {
          "id": "string",
          "email": "[email protected]",
          "name": "string"
        }
      }
    },
    "status": "canceled",
    "started": "2024-07-29T15:51:28.071Z",
    "completed": "2024-07-29T15:51:28.071Z",
    "scan_profile": "string",
    "lows": 0,
    "mediums": 0,
    "highs": 0,
    "created": "2024-07-29T15:51:28.071Z",
    "unlimited": true,
    "changed": "2024-07-29T15:51:28.071Z",
    "changed_by": {
      "id": "string",
      "email": "[email protected]",
      "name": "string"
    },
    "stack": [
      {
        "id": "string",
        "name": "string",
        "desc": "string"
      }
    ],
    "crawler": {
      "state": "string",
      "status": [
        "string"
      ],
      "warning": [
        {
          "code": "string",
          "message": "string"
        }
      ],
      "error": [
        {
          "code": "string",
          "message": "string"
        }
      ],
      "full_status": {
        "type": "string",
        "iid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
        "aid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
        "ts": "string",
        "subtype": "string",
        "stage": "string",
        "module": "string",
        "data": {
          "type": "string",
          "countTimeoutEndpoints": 0,
          "countLoginFailed": 0,
          "version": 0,
          "countNetworkErrorEndpoints": 0,
          "doingLogin": true,
          "done": 0,
          "rejected": 0,
          "total": 0,
          "allExtraHosts": [
            "string"
          ],
          "crawlingEndpoints": [
            "string"
          ],
          "lastLogin": [
            {
              "status": "string",
              "timestamp": 0
            }
          ],
          "status": {},
          "outOfScopeHostsCount": {},
          "allHostnames": {},
          "lastCrawledEndpoints": [
            {
              "jobId": 0,
              "status": 0,
              "method": "string",
              "url": "string"
            }
          ],
          "statusByHost": {}
        }
      }
    },
    "fingerprinter": {
      "state": "string",
      "count": 0,
      "warning": [
        "string"
      ],
      "error": [
        "string"
      ]
    },
    "scanner": {
      "state": "string",
      "status": [
        "string"
      ],
      "warning": [
        {
          "code": "string",
          "message": "string"
        }
      ],
      "error": [
        "string"
      ],
      "full_status": {
        "type": "string",
        "iid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
        "aid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
        "ts": "string",
        "subtype": "string",
        "stage": "string",
        "module": "string",
        "data": {
          "done": 0,
          "total": 0,
          "scannerState": {
            "numberOfRequestBeingScanned": 0,
            "currentAverageRtt": 0,
            "averageRtt": 0,
            "nStatus3xx": "string",
            "nStatus4xx": "string",
            "nStatus5xx": "string",
            "nConnectionErrors": "string",
            "nTimeouts": "string",
            "nRequests": "string",
            "sampleOfRequestBeingScanned": {
              "httpMethod": "string",
              "url": "string"
            }
          }
        }
      }
    },
    "target_options": {
      "site": {
        "id": "string",
        "name": "string",
        "desc": "string",
        "url": "string",
        "host": "string",
        "has_form_login": false,
        "form_login_url": "string",
        "form_login_check_pattern": "string",
        "form_login": [
          {
            "name": "string",
            "value": "string"
          }
        ],
        "logout_detection_enabled": false,
        "has_sequence_login": false,
        "has_sequence_navigation": true,
        "has_basic_auth": false,
        "basic_auth": {
          "username": "string",
          "password": "string"
        },
        "headers": [
          {
            "name": "string",
            "value": "string"
          }
        ],
        "cookies": [
          {
            "name": "string",
            "value": "string"
          }
        ],
        "whitelist": {},
        "blacklist": {},
        "changed": "2024-07-29T15:51:28.071Z",
        "changed_by": {
          "id": "string",
          "email": "[email protected]",
          "name": "string"
        },
        "auth_enabled": false,
        "logout_condition": "any",
        "check_session_url": "string",
        "has_otp": true,
        "otp_secret": "string",
        "otp_algorithm": "SHA1",
        "otp_digits": 6,
        "otp_field": "string",
        "otp_submit": "string",
        "otp_login_sequence_totp_value": "string",
        "otp_type": "string",
        "otp_url": "string"
      },
      "has_assets": true,
      "scanning_agent": {
        "id": "string",
        "name": "string",
        "installer_generated": true,
        "teams": [
          {
            "id": "string",
            "name": "string"
          }
        ],
        "online": true,
        "fallback": true,
        "rx_bytes": 0,
        "tx_bytes": 0,
        "latest_handshake": 0
      }
    },
    "has_sequence_navigation": true,
    "incremental": true,
    "reduced_scope": true,
    "crawl_sequences_only": true,
    "ignore_blackout_period": true,
    "runtime": "string",
    "duration": "string",
    "user_data": "string"
  }
}

400

application/json

Schema

Schema

<field name> string[]
non_field_errors string[]

Example (from schema)

{
  "<field name>": [
    "Errors related to field <field name>."
  ],
  "non_field_errors": [
    "Errors not related to any field specific field."
  ]
}

401

application/json

Schema

Schema

detail string

Example (from schema)

{
  "detail": "Incorrect authentication credentials."
}

404

application/json

Schema

Schema

detail string

Example (from schema)

{
  "detail": "Not found."
}

500

application/json

Schema

Schema

detail string

Example (from schema)

{
  "detail": "Unexpected error while handling your request."
}

Loading...