Skip to main content

Retrieve Scan Profile

GET 
/scan-profiles/:id/

Request

Path Parameters

    id stringrequired

Responses

Schema

    id stringrequired

    Identifier of the scan profile.
    Custom scan profiles are always prefixed by "sp-".

    name string

    Possible values: <= 255 characters

    Name of the scan profile.
    The maximum length is 255 characters.

    description stringnullable

    Description of the scan profile.

    archived boolean

    If true, the scan profile is no longer in use.
    If false, the scan profile can be used.

    type stringrequired

    Possible values: [web, api]

    Target type:

    • web - Scan a Web application, including Single Page Applications (SPA) that rely on one or more APIs.
    • api - Scan a standalone API defined by an OpenAPI schema, or by a Postman Collection.
    speed integer

    Possible values: >= -2147483648 and <= 2147483647, [10, 20, 30]

    Scan speed:
    (Defaults to 20)

    • 10 - Slow - Does roughly half the number of parallel requests of the Normal speed.
    • 20 - Normal - Offers a good balance between scan duration and the number of requests performed at the same time to the target.
    • 30 - Fast - Does roughly twice the number of parallel requests of the Normal speed.
    payloads integer

    Possible values: >= -2147483648 and <= 2147483647, [10, 20, 30]

    Scan payloads:
    (Defaults to 20)

    • 10 - Light - Uses slightly less payloads than Normal, reducing scan time while still detecting the most common situations.
    • 20 - Normal - Uses a set of payloads that maximizes detection without increasing the scan time excessively, delivering a good compromise.
    • 30 - Thorough - Includes a more extensive set of payloads to detect very uncommon situations. Scan time increases significantly.

    vulnerabilities

    object[]

    required

    Vulnerabilities for the scanner to verify.

  • Array [

    • id stringrequired
    name string

    Possible values: <= 255 characters

    Name of the vulnerability.
    The maximum length is 255 characters.

    desc stringnullable

    Description of the vulnerability.

  • ]

    • methods string

    Possible values: [all, safe, ``]

    Scan methods:
    (Defaults to all)

    • all - All methods - Allow any HTTP method to be used during the scan.
    • safe - Only safe methods - Ideal set for production targets, allowing only the following HTTP methods: GET, HEAD, OPTIONS, TRACE, and CONNECT.
    can_scan_unverified booleanrequired

    If true, the scan profile allows targets with unverified domains.

    delay integernullable

    Possible values: <= 5000

    Time delay in milliseconds between requests for each scanning thread.
    It is an approximate value and is more accurate for slower scan speed settings.
    If not defined, there is no delay between requests.
    The maximum delay is 5000ms.

    max_run_time

    object

    nullable

    The maximum time the scan is allowed to run.
    For example, "750s", "25m", "2h", or "1d".
    Suffix the value with "s" for seconds, "m" for minutes, "h" for hours, and "d" for days.
    If the units are not specified the value is considered to be in seconds.

    oneOf

    integer

    dedup_enabled boolean

    If true, the scan deduplicates pages with the same SimHash to scan only a few of them.
    If false, the scan does not deduplicate pages, which can increase the scan duration significantly.
    Defaults to true.

    auto_patterns_enabled boolean

    If true, the scan detects URL patterns to identify similar pages to scan only a few of them.
    If false, the scan does not detect patterns, which can increase the scan duration significantly. Defaults to true.

    max_urls integer

    Possible values: >= 1 and <= 50000

    Maximum number of URLs the crawler can visit.
    The value must be between 1 and 50000.
    Defaults to 5000, which is a good compromise between coverage and scan time.

    builtin booleanrequired

    If true, it is a built-in scan profile, which cannot be changed.
    If false, it is a custom scan profile and the id must start with "sp-".

Loading...