Skip to main content

List Discovered Assets

GET 

/discovery/assets/

Call auditlog tasks if applicable to query.

Request

Query Parameters

    has_target boolean

    If true, filter results by discovered assets with a target created.
    If false, filter results by discovered assets with no target created.
    If not specified, this filter is ignored.

    label string[]

    Target labels of discovered assets to filter results, as a query string.
    For example, "label=Production" or "label=Production&label=QA".

    label_logical_operator string

    Possible values: [and, or]

    Logical operator to apply between target labels:
    (Defaults to or)

    • and - and
    • or - or
    length integer

    Number of results to return per page.

    ordering string

    Which field to use when ordering the results.

    owner string[]

    Owner labels to filter results, as a query string.
    For example, "owner=Probely" or "owner=Probely&owner=QA".

    owner_logical_operator string

    Possible values: [and, or]

    Logical operator to apply between owner labels:
    (Defaults to or)

    • and - and
    • or - or
    page integer

    A page number within the paginated result set.

    risk undefined[]

    Possible values: [0, 10, 20, 30, null]

    Scan assessment risk of discovered assets to filter results:

    • None - Not applicable.
    • 0 - No risk.
    • 10 - Low risk.
    • 20 - Medium risk.
    • 30 - High risk.
    score string[]

    Possible values: [``, A, A+, B, C, D, E, F, NA, R]

    Security Headers assessment score of discovered assets to filter results:

    • `` -
    • A+ - A+
    • A - A
    • B - B
    • C - C
    • D - D
    • E - E
    • F - F
    • R - R
    • NA - NA
    search string

    A search term.

    source string

    Source of discovered assets to filter results.

    state string[]

    Possible values: [ACTIVE, ARCHIVED, HIDDEN, NEW]

    State of discovered assets to filter results:

    • NEW - New
    • ACTIVE - Active
    • HIDDEN - Hidden
    • ARCHIVED - Archived
    technology string

    Technology found in the discovered assets to filter results.

    type string[]

    Possible values: [api, web]

    Type of discovered assets to filter results:

    • web - Web
    • api - API

Responses

Schema

    count integer

    Total number of results.

    page_total integer

    Total number of pages.

    page integer

    Number of the current page.
    The first page is 1.
    Defaults to 1 if no specific page is requested.

    length integer

    Number of results returned per page.

    results

    object[]

  • Array [

  • id stringrequired

    A unique Base58 value identifying this object.

    account stringrequired

    A unique Base58 value identifying this object.

    name stringrequired

    Possible values: <= 256 characters

    Name of the discovered asset.
    The maximum length is 256 characters.

    url stringrequired

    URL of the discovered asset.

    type stringrequired

    Possible values: [web, api]

    Type of discovered asset:
    (Defaults to api)

    • web - Web
    • api - API
    last_seen date-timerequired

    Date and time of when the discovered asset was last seen, in ISO 8601 UTC format.
    For example, “2023-08-09T13:27:43.8208302”.

    first_seen date-timerequired

    Date and time of when the asset was firstly discovered, in ISO 8601 UTC format.
    For example, “2023-08-09T13:27:43.8208302”.

    sources

    object[]

    required

    Sources from which the asset was discovered.

  • Array [

  • id stringrequired

    Possible values: <= 255 characters

    Identifier of the source.

    name stringrequired

    Possible values: <= 256 characters

    Name of the source.
    The maximum length is 256 characters.

  • ]

  • technologies

    object[]

    required

    Technologies found in the discovered asset.

  • Array [

  • id string
    name string
    desc string
  • ]

  • authorities stringrequired

    Authorities of the discovered asset.

    risk nullablerequired

    Possible values: [null, 0, 10, 20, 30, null]

    Scan assessment risk of the discovered asset:
    (Defaults to null)

    • None - Not applicable.
    • 0 - No risk.
    • 10 - Low risk.
    • 20 - Medium risk.
    • 30 - High risk.
    score stringrequired

    Possible values: [``, A+, A, B, C, D, E, F, R]

    Security Headers assessment score of the discovered asset.

    • `` -
    • A+ - A+
    • A - A
    • B - B
    • C - C
    • D - D
    • E - E
    • F - F
    • R - R
    security_headers_url stringrequired
    state string

    Possible values: [NEW, ACTIVE, HIDDEN, ARCHIVED]

    State of the discovered asset:
    (Defaults to NEW)

    • NEW - New
    • ACTIVE - Active
    • HIDDEN - Hidden
    • ARCHIVED - Archived
    screenshot urinullablerequired

    Screenshot of the discovered asset.

    target

    object

    required

    Target of the discovered asset.

    id stringrequired

    A unique Base58 value identifying this object.

    name string

    Possible values: <= 255 characters

    Name of the target.
    The maximum length is 255 characters.

    desc stringnullable

    Description of the target.
    Defaults to "".

    running_scan

    object

    required

    Current scan running for the target.

    id stringrequired

    A unique Base58 value identifying this object.

    status stringrequired

    Possible values: [canceled, canceling, completed, completed_with_errors, failed, paused, pausing, queued, resuming, started, under_review, finishing_up]

    Status of the scan:

    • canceled - Canceled
    • canceling - Canceling
    • completed - Completed
    • completed_with_errors - Completed with errors - DEPRECATED
    • failed - Failed
    • paused - Paused
    • pausing - Pausing
    • queued - Queued
    • resuming - Resuming
    • started - Started
    • under_review - Under Review
    • finishing_up - Finishing up
    started date-timenullablerequired

    Date and time of when the scan started.

    completed date-timenullablerequired

    Date and time of when the scan was completed.

    scan_profile stringrequired

    Identifier of the scan profile.

    lows integernullablerequired

    Number of vulnerability findings with low severity.

    mediums integernullablerequired

    Number of vulnerability findings with medium severity.

    highs integernullablerequired

    Number of vulnerability findings with high severity.

    created date-timerequired

    crawler

    object

    Status of the crawler.

    state stringrequired

    State of the crawler execution.
    For example, "started" or "ended".

    status string[]required

    List with two numbers where the first is the crawled URLs and the second is the total of URLs to crawl.

    warning

    object[]

    required

    List of warnings occurred during the crawler execution.

  • Array [

  • code stringrequired

    Warning code.

    message stringrequired

    Warning message.

  • ]

  • error

    object[]

    required

    List of errors occurred during the crawler execution.

  • Array [

  • code stringrequired
    message stringrequired
  • ]

  • full_status

    object

    required

    Detailed information on the crawler execution.

    type stringrequired

    Type of information.
    The value is "feedback".

    iid uuidrequired

    Internal information.

    aid uuidrequired

    Internal information.

    ts stringrequired

    Timestamp of the crawler execution.

    subtype stringrequired

    Sub-type of the type of information.
    The value is "status".

    stage stringrequired

    Stage of the scan.
    The value is "crawler".

    module stringrequired

    Module of the crawler that is executing.

    data

    object

    required

    Further details on the crawler execution.

    type stringrequired

    Type of information.
    The value is "feedback".

    countTimeoutEndpoints integerrequired

    Number of requests with timeouts during the crawler execution.

    countLoginFailed integerrequired

    Number of failed login attempts during the crawler execution.

    version integerrequired

    Version number.

    countNetworkErrorEndpoints integerrequired

    Number of network errors during the crawler execution.

    doingLogin booleanrequired

    If true, the crawler is currently trying to log in to the target.

    done integerrequired

    Number of URLs crawled.

    rejected integerrequired

    Number of URLs deduplicated during the crawler execution.

    total integerrequired

    Total number of URLs to crawl.

    allExtraHosts string[]required

    List of extra hosts.

    crawlingEndpoints string[]required

    List of URLs currently being crawled.

    lastLogin

    object[]

    required

    List of the last logins.

  • Array [

  • status stringrequired

    Status of the login attempt.

    timestamp integerrequired

    Timestamp of the login attempt.

  • ]

  • status

    object

    required

    List of HTTP response codes obtained during the crawler execution and how many of each.

    property name* any

    List of HTTP response codes obtained during the crawler execution and how many of each.

    outOfScopeHostsCount

    object

    required

    List of URLs out of the target's scope and the number of times the crawler hit them.

    property name* any

    List of URLs out of the target's scope and the number of times the crawler hit them.

    allHostnames

    object

    required

    List of all hostnames to crawl.

    property name* any

    List of all hostnames to crawl.

    lastCrawledEndpoints

    object[]

    required

    List of the last crawled URLs.

  • Array [

  • jobId integerrequired

    Identifier of the crawler job.

    status integerrequired

    HTTP response status code for the crawler request.

    method stringrequired

    HTTP method of the crawler request.

    url urirequired

    URL of the crawler request.

  • ]

  • statusByHost

    object

    required

    List of HTTP response codes obtained during the crawler execution and how many of each, grouped by hostname.

    property name* any

    List of HTTP response codes obtained during the crawler execution and how many of each, grouped by hostname.

    fingerprinter

    object

    Status of the fingerprinter.

    state stringrequired

    State of the fingerprinter execution.
    For example, "started" or "ended".

    count integerrequired

    Number of technologies (frameworks) detected by the fingerprinter.

    warning string[]required

    List of warnings occurred during the fingerprinter execution.

    error string[]required

    List of errors occurred during the fingerprinter execution.

    scanner

    object

    Status of the scanner.

    state stringrequired

    State of the scanner execution.
    For example, "started" or "ended".

    status string[]required

    List with two numbers where the first is the scanned URLs and the second is the total of URLs to scan.

    warning

    object[]

    required

    List of warnings occurred during the scanner execution.

  • Array [

  • code stringrequired

    Warning code.

    message stringrequired

    Warning message.

  • ]

  • error string[]required

    List of errors occurred during the scanner execution.

    full_status

    object

    required

    Detailed information on the scanner execution.

    type stringrequired

    Type of information.
    The value is "feedback".

    iid uuidrequired

    Internal information.

    aid uuidrequired

    Internal information.

    ts stringrequired

    Timestamp of the scanner execution.

    subtype stringrequired

    Sub-type of the type of information.
    The value is "status".

    stage stringrequired

    Stage of the scan.
    The value is "scanner".

    module stringrequired

    Module of the scanner that is executing.

    data

    object

    required

    Further details on the scanner execution.

    done integerrequired

    Number of URLs scanned.

    total integerrequired

    Total number of URLs to scan.

    scannerState

    object

    required

    Details on the scanner state.

    numberOfRequestBeingScanned integerrequired

    Number of scanner requests executing.

    currentAverageRtt doublerequired

    Current average response time to scanner requests.

    averageRtt doublerequired

    Overall average response time to scanner requests.

    nStatus3xx stringrequired

    Number of HTTP 3XX response status codes during the scanner execution.

    nStatus4xx stringrequired

    Number of HTTP 4XX response status codes during the scanner execution.

    nStatus5xx stringrequired

    Number of HTTP 5XX response status codes during the scanner execution.

    nConnectionErrors stringrequired

    Number of connection errors during the scanner execution.

    nTimeouts stringrequired

    Number of request timeouts during the scanner execution.

    nRequests stringrequired

    Number of requests executed by the scanner.

    sampleOfRequestBeingScanned

    object

    required

    List of the current scanner requests.

    httpMethod stringrequired

    HTTP method of the scanner request.

    url urirequired

    URL of the scanner request.

    stack

    object[]

    Technologies found in the scan.
    The scanning engine uses them to fine-tune vulnerability tests and texts about how to fix the vulnerabilities.

  • Array [

  • id stringrequired

    A unique Base58 value identifying this object.

    name Framework Name (string)required

    Possible values: <= 255 characters

    Name of the technology.
    For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
    The maximum lenght is 255 characters.

    desc Framework Description (string)nullablerequired

    Description of the technology.
    Defaults to "".

  • ]

  • blackout_period

    object

    required

    Time window during which scans are temporarily interrupted.

    begin timerequired

    Time of when the blackout period starts, in ISO 8601 UTC format.
    For example, "13:27".

    cease timerequired

    Time of when the blackout period ceases, in ISO 8601 UTC format.
    For example, "13:27".

    weekdays integer[]required
    enabled boolean

    If true, the blackout period is enabled.

    timezone string

    Possible values: <= 64 characters

    changed date-timerequired

    Date and time of the last change, in ISO 8601 UTC format.
    For example, "2023-08-09T13:27:43.8208302".

    changed_by

    object

    required

    User who last made changes.

    id stringrequired

    A unique Base58 value identifying this object.

    email email

    Possible values: <= 254 characters

    Email of the user.

    name stringrequired

    Possible values: <= 60 characters

    Name of the user.

    owners

    object[]

    Owner labels of the discovered asset.
    For example, "owner=Probely" or "owner=Probely&owner=QA".

  • Array [

  • id stringrequired

    A unique Base58 value identifying this object.

    name stringrequired

    Possible values: <= 255 characters

    Name of the label.
    The maximum length is 255 characters.

    color string

    Possible values: Value must match regular expression ^[a-zA-Z0-9#_-]*$

    Color of the label, in RGB hexadecimal format prefixed with "#".
    For example, "#00FF00" for green.

    changed_by

    object

    required

    User who last made changes.

    id stringrequired

    A unique Base58 value identifying this object.

    email email

    Possible values: <= 254 characters

    Email of the user.

    name stringrequired

    Possible values: <= 60 characters

    Name of the user.

    changed date-timerequired

    Date and time of the last change, in ISO 8601 UTC format.
    For example, "2023-08-09T13:27:43.8208302".

  • ]

  • comment stringnullable

    Comment on the object.

    labels

    object[]

    Target labels of the discovered asset.

  • Array [

  • id stringrequired

    A unique Base58 value identifying this object.

    name stringrequired

    Possible values: <= 255 characters

    Name of the label.
    The maximum length is 255 characters.

    color string

    Possible values: Value must match regular expression ^[a-zA-Z0-9#_-]*$

    Color of the label, in RGB hexadecimal format prefixed with "#".
    For example, "#00FF00" for green.

    changed_by

    object

    required

    User who last made changes.

    id stringrequired

    A unique Base58 value identifying this object.

    email email

    Possible values: <= 254 characters

    Email of the user.

    name stringrequired

    Possible values: <= 60 characters

    Name of the user.

    changed date-timerequired

    Date and time of the last change, in ISO 8601 UTC format.
    For example, "2023-08-09T13:27:43.8208302".

  • ]

  • redirect_from

    object

    nullable

    required

    URLs redirected to the discovered asset.

    property name* anynullable

    URLs redirected to the discovered asset.

    redirect_to stringrequired

    URL the discovered asset is redirected to.

    api_schema_file urinullablerequired
  • ]

Loading...