Update Custom Scan Profile
PUT/scan-profiles/:id/
Request
Path Parameters
- application/json
- application/x-www-form-urlencoded
- multipart/form-data
Body
required
web
- Scan a Web application, including Single Page Applications (SPA) that rely on one or more APIs.api
- Scan a standalone API defined by an OpenAPI schema, or by a Postman Collection.10
- Slow - Does roughly half the number of parallel requests of the Normal speed.20
- Normal - Offers a good balance between scan duration and the number of requests performed at the same time to the target.30
- Fast - Does roughly twice the number of parallel requests of the Normal speed.10
- Light - Uses slightly less payloads than Normal, reducing scan time while still detecting the most common situations.20
- Normal - Uses a set of payloads that maximizes detection without increasing the scan time excessively, delivering a good compromise.30
- Thorough - Includes a more extensive set of payloads to detect very uncommon situations. Scan time increases significantly.Array [
]
all
- All methods - Allow any HTTP method to be used during the scan.safe
- Only safe methods - Ideal set for production targets, allowing only the following HTTP methods: GET, HEAD, OPTIONS, TRACE, and CONNECT.- MOD1
- MOD2
Possible values: <= 255 characters
Name of the scan profile.
The maximum length is 255 characters.
Description of the scan profile.
If true, the scan profile is no longer in use.
If false, the scan profile can be used.
Possible values: [web
, api
]
Target type:
Possible values: >= -2147483648
and <= 2147483647
, [10
, 20
, 30
]
Scan speed:
(Defaults to 20
)
Possible values: >= -2147483648
and <= 2147483647
, [10
, 20
, 30
]
Scan payloads:
(Defaults to 20
)
vulnerabilities
object[]
required
Vulnerabilities for the scanner to verify.
Possible values: <= 255 characters
Name of the vulnerability.
The maximum length is 255 characters.
Description of the vulnerability.
Possible values: [all
, safe
, ``]
Scan methods:
(Defaults to all
)
Possible values: <= 5000
Time delay in milliseconds between requests for each scanning thread.
It is an approximate value and is more accurate for slower scan speed settings.
If not defined, there is no delay between requests.
The maximum delay is 5000ms.
max_run_time
object
nullable
The maximum time the scan is allowed to run.
For example, "750s", "25m", "2h", or "1d".
Suffix the value with "s" for seconds, "m" for minutes, "h" for hours, and "d" for days.
If the units are not specified the value is considered to be in seconds.
oneOf
integer
string
If true, the scan deduplicates pages with the same SimHash to scan only a few of them.
If false, the scan does not deduplicate pages, which can increase the scan duration significantly.
Defaults to true.
If true, the scan detects URL patterns to identify similar pages to scan only a few of them.
If false, the scan does not detect patterns, which can increase the scan duration significantly.
Defaults to true.
Possible values: >= 1
and <= 50000
Maximum number of URLs the crawler can visit.
The value must be between 1 and 50000.
Defaults to 5000, which is a good compromise between coverage and scan time.
Body
required
web
- Scan a Web application, including Single Page Applications (SPA) that rely on one or more APIs.api
- Scan a standalone API defined by an OpenAPI schema, or by a Postman Collection.10
- Slow - Does roughly half the number of parallel requests of the Normal speed.20
- Normal - Offers a good balance between scan duration and the number of requests performed at the same time to the target.30
- Fast - Does roughly twice the number of parallel requests of the Normal speed.10
- Light - Uses slightly less payloads than Normal, reducing scan time while still detecting the most common situations.20
- Normal - Uses a set of payloads that maximizes detection without increasing the scan time excessively, delivering a good compromise.30
- Thorough - Includes a more extensive set of payloads to detect very uncommon situations. Scan time increases significantly.Array [
]
all
- All methods - Allow any HTTP method to be used during the scan.safe
- Only safe methods - Ideal set for production targets, allowing only the following HTTP methods: GET, HEAD, OPTIONS, TRACE, and CONNECT.- MOD1
- MOD2
Possible values: <= 255 characters
Name of the scan profile.
The maximum length is 255 characters.
Description of the scan profile.
If true, the scan profile is no longer in use.
If false, the scan profile can be used.
Possible values: [web
, api
]
Target type:
Possible values: >= -2147483648
and <= 2147483647
, [10
, 20
, 30
]
Scan speed:
(Defaults to 20
)
Possible values: >= -2147483648
and <= 2147483647
, [10
, 20
, 30
]
Scan payloads:
(Defaults to 20
)
vulnerabilities
object[]
required
Vulnerabilities for the scanner to verify.
Possible values: <= 255 characters
Name of the vulnerability.
The maximum length is 255 characters.
Description of the vulnerability.
Possible values: [all
, safe
, ``]
Scan methods:
(Defaults to all
)
Possible values: <= 5000
Time delay in milliseconds between requests for each scanning thread.
It is an approximate value and is more accurate for slower scan speed settings.
If not defined, there is no delay between requests.
The maximum delay is 5000ms.
max_run_time
object
nullable
The maximum time the scan is allowed to run.
For example, "750s", "25m", "2h", or "1d".
Suffix the value with "s" for seconds, "m" for minutes, "h" for hours, and "d" for days.
If the units are not specified the value is considered to be in seconds.
oneOf
integer
string
If true, the scan deduplicates pages with the same SimHash to scan only a few of them.
If false, the scan does not deduplicate pages, which can increase the scan duration significantly.
Defaults to true.
If true, the scan detects URL patterns to identify similar pages to scan only a few of them.
If false, the scan does not detect patterns, which can increase the scan duration significantly.
Defaults to true.
Possible values: >= 1
and <= 50000
Maximum number of URLs the crawler can visit.
The value must be between 1 and 50000.
Defaults to 5000, which is a good compromise between coverage and scan time.
Body
required
web
- Scan a Web application, including Single Page Applications (SPA) that rely on one or more APIs.api
- Scan a standalone API defined by an OpenAPI schema, or by a Postman Collection.10
- Slow - Does roughly half the number of parallel requests of the Normal speed.20
- Normal - Offers a good balance between scan duration and the number of requests performed at the same time to the target.30
- Fast - Does roughly twice the number of parallel requests of the Normal speed.10
- Light - Uses slightly less payloads than Normal, reducing scan time while still detecting the most common situations.20
- Normal - Uses a set of payloads that maximizes detection without increasing the scan time excessively, delivering a good compromise.30
- Thorough - Includes a more extensive set of payloads to detect very uncommon situations. Scan time increases significantly.Array [
]
all
- All methods - Allow any HTTP method to be used during the scan.safe
- Only safe methods - Ideal set for production targets, allowing only the following HTTP methods: GET, HEAD, OPTIONS, TRACE, and CONNECT.- MOD1
- MOD2
Possible values: <= 255 characters
Name of the scan profile.
The maximum length is 255 characters.
Description of the scan profile.
If true, the scan profile is no longer in use.
If false, the scan profile can be used.
Possible values: [web
, api
]
Target type:
Possible values: >= -2147483648
and <= 2147483647
, [10
, 20
, 30
]
Scan speed:
(Defaults to 20
)
Possible values: >= -2147483648
and <= 2147483647
, [10
, 20
, 30
]
Scan payloads:
(Defaults to 20
)
vulnerabilities
object[]
required
Vulnerabilities for the scanner to verify.
Possible values: <= 255 characters
Name of the vulnerability.
The maximum length is 255 characters.
Description of the vulnerability.
Possible values: [all
, safe
, ``]
Scan methods:
(Defaults to all
)
Possible values: <= 5000
Time delay in milliseconds between requests for each scanning thread.
It is an approximate value and is more accurate for slower scan speed settings.
If not defined, there is no delay between requests.
The maximum delay is 5000ms.
max_run_time
object
nullable
The maximum time the scan is allowed to run.
For example, "750s", "25m", "2h", or "1d".
Suffix the value with "s" for seconds, "m" for minutes, "h" for hours, and "d" for days.
If the units are not specified the value is considered to be in seconds.
oneOf
integer
string
If true, the scan deduplicates pages with the same SimHash to scan only a few of them.
If false, the scan does not deduplicate pages, which can increase the scan duration significantly.
Defaults to true.
If true, the scan detects URL patterns to identify similar pages to scan only a few of them.
If false, the scan does not detect patterns, which can increase the scan duration significantly.
Defaults to true.
Possible values: >= 1
and <= 50000
Maximum number of URLs the crawler can visit.
The value must be between 1 and 50000.
Defaults to 5000, which is a good compromise between coverage and scan time.
Responses
- 200
- 400
- 401
- 500
- application/json
- Schema
- Example (from schema)
Schema
web
- Scan a Web application, including Single Page Applications (SPA) that rely on one or more APIs.api
- Scan a standalone API defined by an OpenAPI schema, or by a Postman Collection.10
- Slow - Does roughly half the number of parallel requests of the Normal speed.20
- Normal - Offers a good balance between scan duration and the number of requests performed at the same time to the target.30
- Fast - Does roughly twice the number of parallel requests of the Normal speed.10
- Light - Uses slightly less payloads than Normal, reducing scan time while still detecting the most common situations.20
- Normal - Uses a set of payloads that maximizes detection without increasing the scan time excessively, delivering a good compromise.30
- Thorough - Includes a more extensive set of payloads to detect very uncommon situations. Scan time increases significantly.Array [
]
all
- All methods - Allow any HTTP method to be used during the scan.safe
- Only safe methods - Ideal set for production targets, allowing only the following HTTP methods: GET, HEAD, OPTIONS, TRACE, and CONNECT.- MOD1
- MOD2
Identifier of the scan profile.
Custom scan profiles are always prefixed by "sp-".
Possible values: <= 255 characters
Name of the scan profile.
The maximum length is 255 characters.
Description of the scan profile.
If true, the scan profile is no longer in use.
If false, the scan profile can be used.
Possible values: [web
, api
]
Target type:
Possible values: >= -2147483648
and <= 2147483647
, [10
, 20
, 30
]
Scan speed:
(Defaults to 20
)
Possible values: >= -2147483648
and <= 2147483647
, [10
, 20
, 30
]
Scan payloads:
(Defaults to 20
)
vulnerabilities
object[]
required
Vulnerabilities for the scanner to verify.
Possible values: <= 255 characters
Name of the vulnerability.
The maximum length is 255 characters.
Description of the vulnerability.
Possible values: [all
, safe
, ``]
Scan methods:
(Defaults to all
)
If true, the scan profile allows targets with unverified domains.
Possible values: <= 5000
Time delay in milliseconds between requests for each scanning thread.
It is an approximate value and is more accurate for slower scan speed settings.
If not defined, there is no delay between requests.
The maximum delay is 5000ms.
max_run_time
object
nullable
The maximum time the scan is allowed to run.
For example, "750s", "25m", "2h", or "1d".
Suffix the value with "s" for seconds, "m" for minutes, "h" for hours, and "d" for days.
If the units are not specified the value is considered to be in seconds.
oneOf
integer
string
If true, the scan deduplicates pages with the same SimHash to scan only a few of them.
If false, the scan does not deduplicate pages, which can increase the scan duration significantly.
Defaults to true.
If true, the scan detects URL patterns to identify similar pages to scan only a few of them.
If false, the scan does not detect patterns, which can increase the scan duration significantly.
Defaults to true.
Possible values: >= 1
and <= 50000
Maximum number of URLs the crawler can visit.
The value must be between 1 and 50000.
Defaults to 5000, which is a good compromise between coverage and scan time.
If true, it is a built-in scan profile, which cannot be changed.
If false, it is a custom scan profile and the id must start with "sp-".
{
"id": "string",
"name": "string",
"description": "string",
"archived": true,
"type": "web",
"speed": 10,
"payloads": 10,
"vulnerabilities": [
{
"id": "string",
"name": "string",
"desc": "string"
}
],
"methods": "all",
"can_scan_unverified": true,
"delay": 0,
"max_run_time": 0,
"dedup_enabled": true,
"auto_patterns_enabled": true,
"max_urls": 0,
"builtin": true
}
- application/json
- Schema
- Example (from schema)
Schema
{
"<field name>": [
"Errors related to field <field name>."
],
"non_field_errors": [
"Errors not related to any field specific field."
]
}
- application/json
- Schema
- Example (from schema)
Schema
{
"detail": "Incorrect authentication credentials."
}
- application/json
- Schema
- Example (from schema)
Schema
{
"detail": "Unexpected error while handling your request."
}