Bulk Start Scans
POST/scans/bulk/start/
Request
- application/json
- application/x-www-form-urlencoded
- multipart/form-data
Body
required
Array [
]
Array [
]
targets
object[]
required
overrides
object
If true, the scan ignores the blackout period defined in the target settings.
Scan profile to use.
Use the endpoint List Scan Profiles to get all the available scan profiles.
If no scan profile is specified, the scan profile will be the one specified in the target settings.
reduced_scopes
object[]
Configuration to reduce the scope of the scan.
Possible values: <= 2048 characters
URL to scan. The maximum length is 2048 characters.
Body
required
Array [
]
Array [
]
targets
object[]
required
overrides
object
If true, the scan ignores the blackout period defined in the target settings.
Scan profile to use.
Use the endpoint List Scan Profiles to get all the available scan profiles.
If no scan profile is specified, the scan profile will be the one specified in the target settings.
reduced_scopes
object[]
Configuration to reduce the scope of the scan.
Possible values: <= 2048 characters
URL to scan. The maximum length is 2048 characters.
Body
required
Array [
]
Array [
]
targets
object[]
required
overrides
object
If true, the scan ignores the blackout period defined in the target settings.
Scan profile to use.
Use the endpoint List Scan Profiles to get all the available scan profiles.
If no scan profile is specified, the scan profile will be the one specified in the target settings.
reduced_scopes
object[]
Configuration to reduce the scope of the scan.
Possible values: <= 2048 characters
URL to scan. The maximum length is 2048 characters.
Responses
- 200
- 400
- 401
- 404
- 500
- application/json
- Schema
- Example (from schema)
Schema
Array [
Array [
]
Array [
]
Array [
]
any
- Is logged out if any condition is verified.all
- Is logged out only if all condition are verified.SHA1
- Sha1SHA256
- Sha256SHA512
- Sha5126
- Six7
- Seven8
- EightArray [
]
-
file
- Verifies the domain against a text file in the root directory of the website. Learn more in this article. -
back_office
- Automatically set if manually verified in the back-office. Read-only. -
existing_domain
- Automatically set if the upper-level domain is verified. For example, "my.example.com" is automatically verified if "example.com" is verified. Read-only. -
dns_txt
- Verifies the domain against a TXT record in the Domain Name System (DNS). Learn more in this article. -
dns
- Same asdns_txt
. -
dns_cname
- Verifies the domain against a CNAME record in the Domain Name System (DNS). Learn more in this article. -
meta_tag
- Verifies the domain against a meta tag in the index page of the website. Learn more in this article. -
whitelist
- Automatically verifies if the domain is in the whitelist -
email
- Automatically verifies a domain if the user's email is in the same domain as the target -
aws_route53
- Automatically verifies a domain if the hostname exists as an AWS Route53 Zone. -
cloudflare
- Automatically verifies a domain if the host name exists and is verified as a CloudflareZone. -
waved
- Automatically verifies a domain if there is a waver agreement. openapi
- OpenAPI schema.postman
- Postman collection.Array [
]
application/json
- The payload is in JSON format in the request body.application/x-www-form-urlencoded
- The payload is encoded in the request URL.cookie
- Cookieheader
- HeaderArray [
]
pdf
- PDF file format.docx
- DOCX file format.Array [
]
canceled
- Canceledcanceling
- Cancelingcompleted
- Completedcompleted_with_errors
- Completed with errors - DEPRECATEDfailed
- Failedpaused
- Pausedpausing
- Pausingqueued
- Queuedresuming
- Resumingstarted
- Startedunder_review
- Under Reviewfinishing_up
- Finishing upArray [
]
Array [
]
Array [
]
Array [
]
Array [
]
Array [
]
Array [
]
Array [
]
Array [
]
any
- Is logged out if any condition is verified.all
- Is logged out only if all condition are verified.SHA1
- Sha1SHA256
- Sha256SHA512
- Sha5126
- Six7
- Seven8
- EightArray [
]
]
A unique Base58 value identifying this object.
target
object
required
Possible values: <= 255 characters
Name of the target.
The maximum length is 255 characters.
site
object
Core settings of the target.
Includes basic target information (like the name, description, and URL) and scanning information (like the authentication and navigation sequences).
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the target or extra host.
The maximum length is 255 characters.
Description of the target.
URL of the target.
Hostname of the target.
If true, the target authentication is done through a login form.
Read more about how to set up target authentication (login form).
Defaults to false.
URL of the login form of the target.
Possible values: <= 255 characters
Pattern to check a successful login.
The maximum length is 255 characters.
form_login
object[]
Field and value pairs to fill the login form.
If true, detects any undesired logouts that may occur during scans to log back in.
Requires check_session_url
and logout_detectors
to be defined.
Defaults to false.
If true, the target authentication is done through a recorded login sequence.
Read more about how to set up target authentication (login sequence).
Defaults to false.
If true, the target authentication is done through username and password credentials.
Defaults to false.
basic_auth
object
Username and password credentials for the basic auth.
Possible values: <= 255 characters
Possible values: <= 255 characters
headers
object[]
Custom headers to send.
cookies
object[]
Custom cookies to send.
whitelist
object
Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.
Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.
blacklist
object
URLs to avoid scanning.
For example, "https://example.com/pic-delete.php*" or "*.archive.example.com".
URLs need to be absolute and wildcards (*
) are allowed.
The blacklist takes precedence over the whitelist.
URLs to avoid scanning.
For example, "https://example.com/pic-delete.php*" or "*.archive.example.com".
URLs need to be absolute and wildcards (*
) are allowed.
The blacklist takes precedence over the whitelist.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
If true, the target has authentication.
Defaults to false.
Possible values: [any
, all
]
Type of combination of the logout conditions:
URL to check session.
If true, the target has two-factor authentication (2FA).
Read more about how to set up target two-factor authentication (2FA).
Defaults to false.
The seed/secret obtained when the QR code is displayed to be scanned by the third-party authenticator (TPA) app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
Read more about how to set up target two-factor authentication (2FA).
Possible values: [SHA1
, SHA256
, SHA512
]
Default value: SHA1
Secure hash algorithm (SHA) to generate the one-time password (OTP):
(Defaults to SHA1
)
Possible values: >= -2147483648
and <= 2147483647
, [6
, 7
, 8
]
Default value: 6
Number of digits of the one-time password (OTP):
(Defaults to 6
)
CSS selector of the HTML element in the page to enter the one-time password (OTP).
For example, a text input field.
Read more about how to obtain a CSS selector.
Defaults to "".
CSS selector of the HTML element in the page to submit the one-time password (OTP).
For example, a button.
Read more about how to obtain a CSS selector.
Defaults to "".
Possible values: >= 6 characters
and <= 8 characters
One-time password (OTP) obtained at the time when the login sequence was recorded, i.e., the time-based one-time password (TOTP).
Defaults to "".
stack
object[]
Technologies identified in the target during scans.
The scanning engine uses them to fine-tune vulnerability tests and improve the explanation of how to fix vulnerabilities.
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the technology.
For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
The maximum lenght is 255 characters.
Description of the technology.
Defaults to "".
If true, the domain is verified. Read-only.
Token used to verify the domain. Read-only.
Date and time of the verification of the domain, in ISO 8601 UTC format. For example, "2023-08-09T13:27:43.8208302". Read-only.
Possible values: [file
, back_office
, existing_domain
, dns_txt
, dns
, dns_cname
, meta_tag
, whitelist
, email
, aws_route53
, cloudflare
, waved
]
Method used in the domain verification:
Error of the last verification of the domain. Read-only.
api_scan_settings
object
required
Scanning settings if the target is an API.
Possible values: [openapi
, postman
]
Type of schema that defines the API:
custom_api_parameters
object[]
Possible values: [application/json
, application/x-www-form-urlencoded
]
Format of the payload:
Possible values: <= 2048 characters
URL to make the authentication request to the API.
The maximum length is 2048 characters.
Possible values: <= 4096 characters
Payload to send in the authentication request.
The maximum length is 4096 characters.
Possible values: <= 256 characters
Field containing the authentication token in the response to the authentication request.
The maximum length is 256 characters.
Possible values: <= 16 characters
Prefix to add to the authentication token.
For example, "Bearer" or "JWT".
The maximum length is 16 characters.
Possible values: <= 256 characters
Parameter name to send the authentication token.
For example, "Authorization".
The maximum length is 256 characters.
Possible values: [cookie
, header
]
Where to send the parameter name with the authentication token and the prefix:
Type of target.
Possible values are "single" for a web application and "api" for an API.
Defaults to "single".
Description of the target.
Defaults to "".
labels
object[]
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the label.
The maximum length is 255 characters.
Possible values: Value must match regular expression ^[a-zA-Z0-9#_-]*$
Color of the label, in RGB hexadecimal format prefixed with "#".
For example, "#00FF00" for green.
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
Possible values: [pdf
, docx
]
Report format for the target:
(Defaults to pdf
)
scanning_agent
object
nullable
Return serializer_class with all fields as read_only except key. The key is the field use to retrieve the object in to_internal_value
.
This is for the drf-spectacular documentation generation.
Possible values: <= 255 characters
teams
object[]
required
A unique Base58 value identifying this object.
blackout_period
object
required
Time window during which scans are temporarily interrupted.
Time of when the blackout period starts, in ISO 8601 UTC format.
For example, "13:27".
Time of when the blackout period ceases, in ISO 8601 UTC format.
For example, "13:27".
If true, the blackout period is enabled.
Possible values: <= 64 characters
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
Possible values: [canceled
, canceling
, completed
, completed_with_errors
, failed
, paused
, pausing
, queued
, resuming
, started
, under_review
, finishing_up
]
Status of the scan:
Date and time of when the scan started.
Date and time of when the scan was completed.
Identifier of the scan profile.
Number of vulnerability findings with low severity.
Number of vulnerability findings with medium severity.
Number of vulnerability findings with high severity.
If true, the scan had unlimited credits. If false, the scan consumed credits. Learn more about unlimited scans vs scans with credits.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
stack
object[]
required
Technologies found in the scan. The scanning engine uses them to fine-tune vulnerability tests and texts about how to fix the vulnerabilities.
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the technology.
For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
The maximum lenght is 255 characters.
Description of the technology.
Defaults to "".
crawler
object
required
Information on the crawler execution.
State of the crawler execution.
For example, "started" or "ended".
List with two numbers where the first is the crawled URLs and the second is the total of URLs to crawl.
warning
object[]
required
List of warnings occurred during the crawler execution.
Warning code.
Warning message.
error
object[]
required
List of errors occurred during the crawler execution.
full_status
object
required
Detailed information on the crawler execution.
Type of information.
The value is "feedback".
Internal information.
Internal information.
Timestamp of the crawler execution.
Sub-type of the type of information.
The value is "status".
Stage of the scan.
The value is "crawler".
Module of the crawler that is executing.
data
object
required
Further details on the crawler execution.
Type of information.
The value is "feedback".
Number of requests with timeouts during the crawler execution.
Number of failed login attempts during the crawler execution.
Version number.
Number of network errors during the crawler execution.
If true, the crawler is currently trying to log in to the target.
Number of URLs crawled.
Number of URLs deduplicated during the crawler execution.
Total number of URLs to crawl.
List of extra hosts.
List of URLs currently being crawled.
lastLogin
object[]
required
List of the last logins.
Status of the login attempt.
Timestamp of the login attempt.
status
object
required
List of HTTP response codes obtained during the crawler execution and how many of each.
List of HTTP response codes obtained during the crawler execution and how many of each.
outOfScopeHostsCount
object
required
List of URLs out of the target's scope and the number of times the crawler hit them.
List of URLs out of the target's scope and the number of times the crawler hit them.
allHostnames
object
required
List of all hostnames to crawl.
List of all hostnames to crawl.
lastCrawledEndpoints
object[]
required
List of the last crawled URLs.
Identifier of the crawler job.
HTTP response status code for the crawler request.
HTTP method of the crawler request.
URL of the crawler request.
statusByHost
object
required
List of HTTP response codes obtained during the crawler execution and how many of each, grouped by hostname.
List of HTTP response codes obtained during the crawler execution and how many of each, grouped by hostname.
fingerprinter
object
required
Information on the fingerprinter execution.
State of the fingerprinter execution.
For example, "started" or "ended".
Number of technologies (frameworks) detected by the fingerprinter.
List of warnings occurred during the fingerprinter execution.
List of errors occurred during the fingerprinter execution.
scanner
object
required
Information on the scanner execution.
State of the scanner execution.
For example, "started" or "ended".
List with two numbers where the first is the scanned URLs and the second is the total of URLs to scan.
warning
object[]
required
List of warnings occurred during the scanner execution.
Warning code.
Warning message.
List of errors occurred during the scanner execution.
full_status
object
required
Detailed information on the scanner execution.
Type of information.
The value is "feedback".
Internal information.
Internal information.
Timestamp of the scanner execution.
Sub-type of the type of information.
The value is "status".
Stage of the scan.
The value is "scanner".
Module of the scanner that is executing.
data
object
required
Further details on the scanner execution.
Number of URLs scanned.
Total number of URLs to scan.
scannerState
object
required
Details on the scanner state.
Number of scanner requests executing.
Current average response time to scanner requests.
Overall average response time to scanner requests.
Number of HTTP 3XX response status codes during the scanner execution.
Number of HTTP 4XX response status codes during the scanner execution.
Number of HTTP 5XX response status codes during the scanner execution.
Number of connection errors during the scanner execution.
Number of request timeouts during the scanner execution.
Number of requests executed by the scanner.
sampleOfRequestBeingScanned
object
required
List of the current scanner requests.
HTTP method of the scanner request.
URL of the scanner request.
target_options
object
required
Options of the target for the scan.
site
object
The core settings of the target for the scan.
Includes basic target information (like the name, description, and URL) and scanning information (like the authentication and navigation sequences).
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the target or extra host.
The maximum length is 255 characters.
Description of the target.
URL of the target.
Hostname of the target.
If true, the target authentication is done through a login form.
Read more about how to set up target authentication (login form).
Defaults to false.
URL of the login form of the target.
Possible values: <= 255 characters
Pattern to check a successful login.
The maximum length is 255 characters.
form_login
object[]
Field and value pairs to fill the login form.
If true, detects any undesired logouts that may occur during scans to log back in.
Requires check_session_url
and logout_detectors
to be defined.
Defaults to false.
If true, the target authentication is done through a recorded login sequence.
Read more about how to set up target authentication (login sequence).
Defaults to false.
If true, the target authentication is done through username and password credentials.
Defaults to false.
basic_auth
object
Username and password credentials for the basic auth.
Possible values: <= 255 characters
Possible values: <= 255 characters
headers
object[]
Custom headers to send.
cookies
object[]
Custom cookies to send.
whitelist
object
Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.
Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.
blacklist
object
URLs to avoid scanning.
For example, "https://example.com/pic-delete.php*" or "*.archive.example.com".
URLs need to be absolute and wildcards (*
) are allowed.
The blacklist takes precedence over the whitelist.
URLs to avoid scanning.
For example, "https://example.com/pic-delete.php*" or "*.archive.example.com".
URLs need to be absolute and wildcards (*
) are allowed.
The blacklist takes precedence over the whitelist.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
If true, the target has authentication.
Defaults to false.
Possible values: [any
, all
]
Type of combination of the logout conditions:
URL to check session.
If true, the target has two-factor authentication (2FA).
Read more about how to set up target two-factor authentication (2FA).
Defaults to false.
The seed/secret obtained when the QR code is displayed to be scanned by the third-party authenticator (TPA) app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
Read more about how to set up target two-factor authentication (2FA).
Possible values: [SHA1
, SHA256
, SHA512
]
Default value: SHA1
Secure hash algorithm (SHA) to generate the one-time password (OTP):
(Defaults to SHA1
)
Possible values: >= -2147483648
and <= 2147483647
, [6
, 7
, 8
]
Default value: 6
Number of digits of the one-time password (OTP):
(Defaults to 6
)
CSS selector of the HTML element in the page to enter the one-time password (OTP).
For example, a text input field.
Read more about how to obtain a CSS selector.
Defaults to "".
CSS selector of the HTML element in the page to submit the one-time password (OTP).
For example, a button.
Read more about how to obtain a CSS selector.
Defaults to "".
Possible values: >= 6 characters
and <= 8 characters
One-time password (OTP) obtained at the time when the login sequence was recorded, i.e., the time-based one-time password (TOTP).
Defaults to "".
If true, the scan includes extra hosts from the target.
Learn more about What are the extra hosts in scope for?.
scanning_agent
object
required
Possible values: <= 255 characters
teams
object[]
nullable
A unique Base58 value identifying this object.
If true, the scan includes sequence navigations.
Learn more about How to set up Navigation Sequences?.
If true, the scan was incremental to narrow the coverage to new and updated URLs.
Learn more about partial scans.
If true, the scan used a reduced scope to narrow the coverage to defined URLs.
Learn more about partial scans.
If true, the scan only crawled navigation sequences to narrow the coverage.
Learn more about partial scans.
If true, the scan ignored the blackout period defined in the target settings.
Rotal time from the start of the scan to its completion.
For example, "02 00:00:10.123456".
Total time the scan was actively running.
For example, "02 00:00:10.123456".
Store scan metadata.
[
{
"id": "string",
"target": {
"id": "string",
"site": {
"id": "string",
"name": "string",
"desc": "string",
"url": "string",
"host": "string",
"has_form_login": false,
"form_login_url": "string",
"form_login_check_pattern": "string",
"form_login": [
{
"name": "string",
"value": "string"
}
],
"logout_detection_enabled": false,
"has_sequence_login": false,
"has_sequence_navigation": true,
"has_basic_auth": false,
"basic_auth": {
"username": "string",
"password": "string"
},
"headers": [
{
"name": "string",
"value": "string"
}
],
"cookies": [
{
"name": "string",
"value": "string"
}
],
"whitelist": {},
"blacklist": {},
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"auth_enabled": false,
"logout_condition": "any",
"check_session_url": "string",
"has_otp": true,
"otp_secret": "string",
"otp_algorithm": "SHA1",
"otp_digits": 6,
"otp_field": "string",
"otp_submit": "string",
"otp_login_sequence_totp_value": "string",
"otp_type": "string",
"otp_url": "string",
"stack": [
{
"id": "string",
"name": "string",
"desc": "string"
}
],
"verified": true,
"verification_token": "string",
"verification_date": "2024-07-29T15:51:28.071Z",
"verification_method": "file",
"verification_last_error": "string",
"api_scan_settings": {
"api_schema_type": "openapi",
"api_schema_url": "string",
"api_schema_file": "string",
"custom_api_parameters": [
{
"name": "string",
"value": "string"
}
],
"media_type": "application/json",
"api_login_url": "string",
"api_login_payload": "string",
"api_login_enabled": true,
"api_login_token_field": "string",
"token_prefix": "string",
"token_parameter_name": "string",
"token_parameter_location": "cookie"
}
},
"type": "string",
"labels": [
{
"id": "string",
"name": "string",
"color": "string",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"changed": "2024-07-29T15:51:28.071Z"
}
],
"has_assets": true,
"report_fileformat": "pdf",
"scanning_agent": {
"id": "string",
"name": "string",
"installer_generated": true,
"online": true,
"fallback": true,
"rx_bytes": 0,
"tx_bytes": 0,
"latest_handshake": 0
},
"teams": [
{
"id": "string",
"name": "string"
}
],
"blackout_period": {
"begin": "string",
"cease": "string",
"weekdays": [
0
],
"enabled": true,
"timezone": "string",
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
}
}
},
"status": "canceled",
"started": "2024-07-29T15:51:28.071Z",
"completed": "2024-07-29T15:51:28.071Z",
"scan_profile": "string",
"lows": 0,
"mediums": 0,
"highs": 0,
"created": "2024-07-29T15:51:28.071Z",
"unlimited": true,
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"stack": [
{
"id": "string",
"name": "string",
"desc": "string"
}
],
"crawler": {
"state": "string",
"status": [
"string"
],
"warning": [
{
"code": "string",
"message": "string"
}
],
"error": [
{
"code": "string",
"message": "string"
}
],
"full_status": {
"type": "string",
"iid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"aid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"ts": "string",
"subtype": "string",
"stage": "string",
"module": "string",
"data": {
"type": "string",
"countTimeoutEndpoints": 0,
"countLoginFailed": 0,
"version": 0,
"countNetworkErrorEndpoints": 0,
"doingLogin": true,
"done": 0,
"rejected": 0,
"total": 0,
"allExtraHosts": [
"string"
],
"crawlingEndpoints": [
"string"
],
"lastLogin": [
{
"status": "string",
"timestamp": 0
}
],
"status": {},
"outOfScopeHostsCount": {},
"allHostnames": {},
"lastCrawledEndpoints": [
{
"jobId": 0,
"status": 0,
"method": "string",
"url": "string"
}
],
"statusByHost": {}
}
}
},
"fingerprinter": {
"state": "string",
"count": 0,
"warning": [
"string"
],
"error": [
"string"
]
},
"scanner": {
"state": "string",
"status": [
"string"
],
"warning": [
{
"code": "string",
"message": "string"
}
],
"error": [
"string"
],
"full_status": {
"type": "string",
"iid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"aid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"ts": "string",
"subtype": "string",
"stage": "string",
"module": "string",
"data": {
"done": 0,
"total": 0,
"scannerState": {
"numberOfRequestBeingScanned": 0,
"currentAverageRtt": 0,
"averageRtt": 0,
"nStatus3xx": "string",
"nStatus4xx": "string",
"nStatus5xx": "string",
"nConnectionErrors": "string",
"nTimeouts": "string",
"nRequests": "string",
"sampleOfRequestBeingScanned": {
"httpMethod": "string",
"url": "string"
}
}
}
}
},
"target_options": {
"site": {
"id": "string",
"name": "string",
"desc": "string",
"url": "string",
"host": "string",
"has_form_login": false,
"form_login_url": "string",
"form_login_check_pattern": "string",
"form_login": [
{
"name": "string",
"value": "string"
}
],
"logout_detection_enabled": false,
"has_sequence_login": false,
"has_sequence_navigation": true,
"has_basic_auth": false,
"basic_auth": {
"username": "string",
"password": "string"
},
"headers": [
{
"name": "string",
"value": "string"
}
],
"cookies": [
{
"name": "string",
"value": "string"
}
],
"whitelist": {},
"blacklist": {},
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"auth_enabled": false,
"logout_condition": "any",
"check_session_url": "string",
"has_otp": true,
"otp_secret": "string",
"otp_algorithm": "SHA1",
"otp_digits": 6,
"otp_field": "string",
"otp_submit": "string",
"otp_login_sequence_totp_value": "string",
"otp_type": "string",
"otp_url": "string"
},
"has_assets": true,
"scanning_agent": {
"id": "string",
"name": "string",
"installer_generated": true,
"teams": [
{
"id": "string",
"name": "string"
}
],
"online": true,
"fallback": true,
"rx_bytes": 0,
"tx_bytes": 0,
"latest_handshake": 0
}
},
"has_sequence_navigation": true,
"incremental": true,
"reduced_scope": true,
"crawl_sequences_only": true,
"ignore_blackout_period": true,
"runtime": "string",
"duration": "string",
"user_data": "string"
}
]
- application/json
- Schema
- Example (from schema)
Schema
{
"targets": [
"This list may not be empty.",
{
"23FmxSYYJQNW": [
"A scan is already in progress for this target."
]
},
{
"1QH4KEfvMid9": [
"Could not start."
]
}
],
"overrides": [
{
"scan_profile": "Invalid pk 'pk_value' - object does not exist."
}
]
}
- application/json
- Schema
- Example (from schema)
Schema
{
"detail": "Incorrect authentication credentials."
}
- application/json
- Schema
- Example (from schema)
Schema
{
"detail": "Not found."
}
- application/json
- Schema
- Example (from schema)
Schema
{
"detail": "Unexpected error while handling your request."
}