Skip to main content

List Account's Scans

GET 

/scans/

Request

Query Parameters

    completed__gt date-time

    Date and time from which scans completed (exclusively) to filter results, in ISO 8601 UTC format.
    For example, “2023-08-09T13:27:43.8208302".

    completed__gte date-time

    Date and time from which scans completed (inclusively) to filter results, in ISO 8601 UTC format.
    For example, “2023-08-09T13:27:43.8208302".

    completed__lt date-time

    Date and time until which the scans completed (exclusively) to filter results, in ISO 8601 UTC format.
    For example, “2023-08-09T13:27:43.8208302".

    completed__lte date-time

    Date and time until which the scans completed (inclusively) to filter results, in ISO 8601 UTC format.
    For example, “2023-08-09T13:27:43.8208302".

    label string[]

    A unique Base58 value identifying this object.

    length integer

    Number of results to return per page.

    ordering string

    Which field to use when ordering the results.

    page integer

    A page number within the paginated result set.

    partial boolean
    scan_profile string[]
    search string

    A search term.

    started__gt date-time

    Date and time from which the scans started (exclusively) to filter results, in ISO 8601 UTC format.
    For example, “2023-08-09T13:27:43.8208302".

    started__gte date-time

    Date and time from which the scans started (inclusively) to filter results, in ISO 8601 UTC format.
    For example, “2023-08-09T13:27:43.8208302".

    started__lt date-time

    Date and time from which the scans started (exclusively) to filter results, in ISO 8601 UTC format.
    For example, “2023-08-09T13:27:43.8208302".

    started__lte date-time

    Date and time until which the scans started (inclusively) to filter results, in ISO 8601 UTC format.
    For example, “2023-08-09T13:27:43.8208302".

    started_after date-time

    Date and time of when the scan started to filter results, in ISO 8601 UTC format.
    For example, "2023-08-09T13:27:43.8208302"

    started_before date-time

    Date and time of when the scan started to filter results, in ISO 8601 UTC format.
    For example, "2023-08-09T13:27:43.8208302"

    status string[]

    Possible values: [canceled, canceling, completed, completed_with_errors, failed, finishing_up, paused, pausing, queued, resuming, started, under_review]

    Status of the scan:

    • canceled - Canceled
    • canceling - Canceling
    • completed - Completed
    • completed_with_errors - Completed with errors - DEPRECATED
    • failed - Failed
    • paused - Paused
    • pausing - Pausing
    • queued - Queued
    • resuming - Resuming
    • started - Started
    • under_review - Under Review
    • finishing_up - Finishing up
    team string[]

    A unique Base58 value identifying this object.

Responses

Schema

    count integer

    Total number of results.

    page_total integer

    Total number of pages.

    page integer

    Number of the current page.
    The first page is 1.
    Defaults to 1 if no specific page is requested.

    length integer

    Number of results returned per page.

    results

    object[]

  • Array [

  • id stringrequired

    A unique Base58 value identifying this object.

    target

    object

    required

    id stringrequired
    name stringdeprecated

    Possible values: <= 255 characters

    Name of the target.
    The maximum length is 255 characters.

    site

    object

    Core settings of the target.
    Includes basic target information (like the name, description, and URL) and scanning information (like the authentication and navigation sequences).

    id stringrequired

    A unique Base58 value identifying this object.

    name string

    Possible values: <= 255 characters

    Name of the target or extra host.
    The maximum length is 255 characters.

    desc stringnullable

    Description of the target.

    url urirequired

    URL of the target.

    host stringrequired

    Hostname of the target.

    has_form_login boolean

    If true, the target authentication is done through a login form.
    Read more about how to set up target authentication (login form).
    Defaults to false.

    form_login_url uri

    URL of the login form of the target.

    form_login_check_pattern string

    Possible values: <= 255 characters

    Pattern to check a successful login.
    The maximum length is 255 characters.

    form_login

    object[]

    Field and value pairs to fill the login form.

  • Array [

  • name stringrequired
    value stringrequired
  • ]

  • logout_detection_enabled boolean

    If true, detects any undesired logouts that may occur during scans to log back in.
    Requires check_session_url and logout_detectors to be defined.
    Defaults to false.

    has_sequence_login boolean

    If true, the target authentication is done through a recorded login sequence.
    Read more about how to set up target authentication (login sequence).
    Defaults to false.

    has_sequence_navigation booleanrequired
    has_basic_auth boolean

    If true, the target authentication is done through username and password credentials.
    Defaults to false.

    basic_auth

    object

    Username and password credentials for the basic auth.

    username stringrequired

    Possible values: <= 255 characters

    password stringrequired

    Possible values: <= 255 characters

    headers

    object[]

    Custom headers to send.

  • Array [

  • name stringrequired
    value stringrequired
  • ]

  • cookies

    object[]

    Custom cookies to send.

  • Array [

  • name stringrequired
    value stringrequired
  • ]

  • whitelist

    object

    Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

    property name* any

    Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

    blacklist

    object

    URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

    property name* any

    URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

    changed date-timerequired

    Date and time of the last change, in ISO 8601 UTC format.
    For example, "2023-08-09T13:27:43.8208302".

    changed_by

    object

    required

    User who last made changes.

    id stringrequired

    A unique Base58 value identifying this object.

    email email

    Possible values: <= 254 characters

    Email of the user.

    name stringrequired

    Possible values: <= 60 characters

    Name of the user.

    auth_enabled boolean

    If true, the target has authentication.
    Defaults to false.

    logout_condition string

    Possible values: [any, all]

    Type of combination of the logout conditions:

    • any - Is logged out if any condition is verified.
    • all - Is logged out only if all condition are verified.
    check_session_url string

    URL to check session.

    has_otp boolean

    If true, the target has two-factor authentication (2FA).
    Read more about how to set up target two-factor authentication (2FA).
    Defaults to false.

    otp_secret string

    The seed/secret obtained when the QR code is displayed to be scanned by the third-party authenticator (TPA) app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
    Read more about how to set up target two-factor authentication (2FA).

    otp_algorithm string

    Possible values: [SHA1, SHA256, SHA512]

    Default value: SHA1

    Secure hash algorithm (SHA) to generate the one-time password (OTP):
    (Defaults to SHA1)

    • SHA1 - Sha1
    • SHA256 - Sha256
    • SHA512 - Sha512
    otp_digits integer

    Possible values: >= -2147483648 and <= 2147483647, [6, 7, 8]

    Default value: 6

    Number of digits of the one-time password (OTP):
    (Defaults to 6)

    • 6 - Six
    • 7 - Seven
    • 8 - Eight
    otp_field string

    CSS selector of the HTML element in the page to enter the one-time password (OTP).
    For example, a text input field. Read more about how to obtain a CSS selector.
    Defaults to "".

    otp_submit string

    CSS selector of the HTML element in the page to submit the one-time password (OTP). For example, a button.
    Read more about how to obtain a CSS selector.
    Defaults to "".

    otp_login_sequence_totp_value string

    Possible values: >= 6 characters and <= 8 characters

    One-time password (OTP) obtained at the time when the login sequence was recorded, i.e., the time-based one-time password (TOTP).
    Defaults to "".

    otp_type string
    otp_url stringrequired

    stack

    object[]

    Technologies identified in the target during scans.
    The scanning engine uses them to fine-tune vulnerability tests and improve the explanation of how to fix vulnerabilities.

  • Array [

  • id stringrequired

    A unique Base58 value identifying this object.

    name Framework Name (string)required

    Possible values: <= 255 characters

    Name of the technology.
    For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
    The maximum lenght is 255 characters.

    desc Framework Description (string)nullablerequired

    Description of the technology.
    Defaults to "".

  • ]

  • verified booleanrequired

    If true, the domain is verified. Read-only.

    verification_token stringrequired

    Token used to verify the domain. Read-only.

    verification_date date-timerequired

    Date and time of the verification of the domain, in ISO 8601 UTC format. For example, "2023-08-09T13:27:43.8208302". Read-only.

    verification_method stringrequired

    Possible values: [file, back_office, existing_domain, dns_txt, dns, dns_cname, meta_tag, whitelist, email, aws_route53, cloudflare, waved]

    Method used in the domain verification:

    • file - Verifies the domain against a text file in the root directory of the website. Learn more in this article.

    • back_office - Automatically set if manually verified in the back-office. Read-only.

    • existing_domain - Automatically set if the upper-level domain is verified. For example, "my.example.com" is automatically verified if "example.com" is verified. Read-only.

    • dns_txt - Verifies the domain against a TXT record in the Domain Name System (DNS). Learn more in this article.

    • dns - Same as dns_txt.

    • dns_cname - Verifies the domain against a CNAME record in the Domain Name System (DNS). Learn more in this article.

    • meta_tag - Verifies the domain against a meta tag in the index page of the website. Learn more in this article.

    • whitelist - Automatically verifies if the domain is in the whitelist

    • email - Automatically verifies a domain if the user's email is in the same domain as the target

    • aws_route53 - Automatically verifies a domain if the hostname exists as an AWS Route53 Zone.

    • cloudflare - Automatically verifies a domain if the host name exists and is verified as a CloudflareZone.

    • waved - Automatically verifies a domain if there is a waver agreement.

    verification_last_error stringrequired

    Error of the last verification of the domain. Read-only.

    api_scan_settings

    object

    required

    Scanning settings if the target is an API.

    api_schema_type string

    Possible values: [openapi, postman]

    Type of schema that defines the API:

    • openapi - OpenAPI schema.
    • postman - Postman collection.
    api_schema_url stringnullable
    api_schema_file stringnullable

    custom_api_parameters

    object[]

  • Array [

  • name stringrequired
    value stringrequired
  • ]

  • media_type string

    Possible values: [application/json, application/x-www-form-urlencoded]

    Format of the payload:

    • application/json - The payload is in JSON format in the request body.
    • application/x-www-form-urlencoded - The payload is encoded in the request URL.
    api_login_url string

    Possible values: <= 2048 characters

    URL to make the authentication request to the API.
    The maximum length is 2048 characters.

    api_login_payload string

    Possible values: <= 4096 characters

    Payload to send in the authentication request.
    The maximum length is 4096 characters.

    api_login_enabled boolean
    api_login_token_field string

    Possible values: <= 256 characters

    Field containing the authentication token in the response to the authentication request.
    The maximum length is 256 characters.

    token_prefix string

    Possible values: <= 16 characters

    Prefix to add to the authentication token.
    For example, "Bearer" or "JWT".
    The maximum length is 16 characters.

    token_parameter_name string

    Possible values: <= 256 characters

    Parameter name to send the authentication token.
    For example, "Authorization".
    The maximum length is 256 characters.

    token_parameter_location string

    Possible values: [cookie, header]

    Where to send the parameter name with the authentication token and the prefix:

    • cookie - Cookie
    • header - Header
    type string

    Type of target.
    Possible values are "single" for a web application and "api" for an API.
    Defaults to "single".

    desc stringnullabledeprecated

    Description of the target.
    Defaults to "".

    labels

    object[]

  • Array [

  • id stringrequired

    A unique Base58 value identifying this object.

    name stringrequired

    Possible values: <= 255 characters

    Name of the label.
    The maximum length is 255 characters.

    color string

    Possible values: Value must match regular expression ^[a-zA-Z0-9#_-]*$

    Color of the label, in RGB hexadecimal format prefixed with "#".
    For example, "#00FF00" for green.

    changed_by

    object

    required

    User who last made changes.

    id stringrequired

    A unique Base58 value identifying this object.

    email email

    Possible values: <= 254 characters

    Email of the user.

    name stringrequired

    Possible values: <= 60 characters

    Name of the user.

    changed date-timerequired

    Date and time of the last change, in ISO 8601 UTC format.
    For example, "2023-08-09T13:27:43.8208302".

  • ]

  • has_assets booleanrequired
    report_fileformat string

    Possible values: [pdf, docx]

    Report format for the target:
    (Defaults to pdf)

    • pdf - PDF file format.
    • docx - DOCX file format.

    scanning_agent

    object

    nullable

    Return serializer_class with all fields as read_only except key. The key is the field use to retrieve the object in to_internal_value.

    This is for the drf-spectacular documentation generation.

    id string
    name stringrequired

    Possible values: <= 255 characters

    installer_generated booleanrequired
    online booleanrequired
    fallback booleanrequired
    rx_bytes integerrequired
    tx_bytes integerrequired
    latest_handshake integerrequired

    teams

    object[]

    required

  • Array [

  • id string

    A unique Base58 value identifying this object.

    name stringrequired
  • ]

  • blackout_period

    object

    required

    Time window during which scans are temporarily interrupted.

    begin timerequired

    Time of when the blackout period starts, in ISO 8601 UTC format.
    For example, "13:27".

    cease timerequired

    Time of when the blackout period ceases, in ISO 8601 UTC format.
    For example, "13:27".

    weekdays integer[]required
    enabled boolean

    If true, the blackout period is enabled.

    timezone string

    Possible values: <= 64 characters

    changed date-timerequired

    Date and time of the last change, in ISO 8601 UTC format.
    For example, "2023-08-09T13:27:43.8208302".

    changed_by

    object

    required

    User who last made changes.

    id stringrequired

    A unique Base58 value identifying this object.

    email email

    Possible values: <= 254 characters

    Email of the user.

    name stringrequired

    Possible values: <= 60 characters

    Name of the user.

    status stringrequired

    Possible values: [canceled, canceling, completed, completed_with_errors, failed, paused, pausing, queued, resuming, started, under_review, finishing_up]

    Status of the scan:

    • canceled - Canceled
    • canceling - Canceling
    • completed - Completed
    • completed_with_errors - Completed with errors - DEPRECATED
    • failed - Failed
    • paused - Paused
    • pausing - Pausing
    • queued - Queued
    • resuming - Resuming
    • started - Started
    • under_review - Under Review
    • finishing_up - Finishing up
    started date-timenullablerequired

    Date and time of when the scan started.

    completed date-timenullablerequired

    Date and time of when the scan was completed.

    scan_profile stringrequired

    Identifier of the scan profile.

    lows integernullablerequired

    Number of vulnerability findings with low severity.

    mediums integernullablerequired

    Number of vulnerability findings with medium severity.

    highs integernullablerequired

    Number of vulnerability findings with high severity.

    created date-timerequired
    unlimited booleanrequired

    If true, the scan had unlimited credits. If false, the scan consumed credits. Learn more about unlimited scans vs scans with credits.

    changed date-timerequired

    Date and time of the last change, in ISO 8601 UTC format.
    For example, "2023-08-09T13:27:43.8208302".

    changed_by

    object

    required

    User who last made changes.

    id stringrequired

    A unique Base58 value identifying this object.

    email email

    Possible values: <= 254 characters

    Email of the user.

    name stringrequired

    Possible values: <= 60 characters

    Name of the user.

    stack

    object[]

    required

    Technologies found in the scan. The scanning engine uses them to fine-tune vulnerability tests and texts about how to fix the vulnerabilities.

  • Array [

  • id stringrequired

    A unique Base58 value identifying this object.

    name Framework Name (string)required

    Possible values: <= 255 characters

    Name of the technology.
    For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
    The maximum lenght is 255 characters.

    desc Framework Description (string)nullablerequired

    Description of the technology.
    Defaults to "".

  • ]

  • crawler

    object

    required

    Information on the crawler execution.

    state stringrequired

    State of the crawler execution.
    For example, "started" or "ended".

    status string[]required

    List with two numbers where the first is the crawled URLs and the second is the total of URLs to crawl.

    warning

    object[]

    required

    List of warnings occurred during the crawler execution.

  • Array [

  • code stringrequired

    Warning code.

    message stringrequired

    Warning message.

  • ]

  • error

    object[]

    required

    List of errors occurred during the crawler execution.

  • Array [

  • code stringrequired
    message stringrequired
  • ]

  • full_status

    object

    required

    Detailed information on the crawler execution.

    type stringrequired

    Type of information.
    The value is "feedback".

    iid uuidrequired

    Internal information.

    aid uuidrequired

    Internal information.

    ts stringrequired

    Timestamp of the crawler execution.

    subtype stringrequired

    Sub-type of the type of information.
    The value is "status".

    stage stringrequired

    Stage of the scan.
    The value is "crawler".

    module stringrequired

    Module of the crawler that is executing.

    data

    object

    required

    Further details on the crawler execution.

    type stringrequired

    Type of information.
    The value is "feedback".

    countTimeoutEndpoints integerrequired

    Number of requests with timeouts during the crawler execution.

    countLoginFailed integerrequired

    Number of failed login attempts during the crawler execution.

    version integerrequired

    Version number.

    countNetworkErrorEndpoints integerrequired

    Number of network errors during the crawler execution.

    doingLogin booleanrequired

    If true, the crawler is currently trying to log in to the target.

    done integerrequired

    Number of URLs crawled.

    rejected integerrequired

    Number of URLs deduplicated during the crawler execution.

    total integerrequired

    Total number of URLs to crawl.

    allExtraHosts string[]required

    List of extra hosts.

    crawlingEndpoints string[]required

    List of URLs currently being crawled.

    lastLogin

    object[]

    required

    List of the last logins.

  • Array [

  • status stringrequired

    Status of the login attempt.

    timestamp integerrequired

    Timestamp of the login attempt.

  • ]

  • status

    object

    required

    List of HTTP response codes obtained during the crawler execution and how many of each.

    property name* any

    List of HTTP response codes obtained during the crawler execution and how many of each.

    outOfScopeHostsCount

    object

    required

    List of URLs out of the target's scope and the number of times the crawler hit them.

    property name* any

    List of URLs out of the target's scope and the number of times the crawler hit them.

    allHostnames

    object

    required

    List of all hostnames to crawl.

    property name* any

    List of all hostnames to crawl.

    lastCrawledEndpoints

    object[]

    required

    List of the last crawled URLs.

  • Array [

  • jobId integerrequired

    Identifier of the crawler job.

    status integerrequired

    HTTP response status code for the crawler request.

    method stringrequired

    HTTP method of the crawler request.

    url urirequired

    URL of the crawler request.

  • ]

  • statusByHost

    object

    required

    List of HTTP response codes obtained during the crawler execution and how many of each, grouped by hostname.

    property name* any

    List of HTTP response codes obtained during the crawler execution and how many of each, grouped by hostname.

    fingerprinter

    object

    required

    Information on the fingerprinter execution.

    state stringrequired

    State of the fingerprinter execution.
    For example, "started" or "ended".

    count integerrequired

    Number of technologies (frameworks) detected by the fingerprinter.

    warning string[]required

    List of warnings occurred during the fingerprinter execution.

    error string[]required

    List of errors occurred during the fingerprinter execution.

    scanner

    object

    required

    Information on the scanner execution.

    state stringrequired

    State of the scanner execution.
    For example, "started" or "ended".

    status string[]required

    List with two numbers where the first is the scanned URLs and the second is the total of URLs to scan.

    warning

    object[]

    required

    List of warnings occurred during the scanner execution.

  • Array [

  • code stringrequired

    Warning code.

    message stringrequired

    Warning message.

  • ]

  • error string[]required

    List of errors occurred during the scanner execution.

    full_status

    object

    required

    Detailed information on the scanner execution.

    type stringrequired

    Type of information.
    The value is "feedback".

    iid uuidrequired

    Internal information.

    aid uuidrequired

    Internal information.

    ts stringrequired

    Timestamp of the scanner execution.

    subtype stringrequired

    Sub-type of the type of information.
    The value is "status".

    stage stringrequired

    Stage of the scan.
    The value is "scanner".

    module stringrequired

    Module of the scanner that is executing.

    data

    object

    required

    Further details on the scanner execution.

    done integerrequired

    Number of URLs scanned.

    total integerrequired

    Total number of URLs to scan.

    scannerState

    object

    required

    Details on the scanner state.

    numberOfRequestBeingScanned integerrequired

    Number of scanner requests executing.

    currentAverageRtt doublerequired

    Current average response time to scanner requests.

    averageRtt doublerequired

    Overall average response time to scanner requests.

    nStatus3xx stringrequired

    Number of HTTP 3XX response status codes during the scanner execution.

    nStatus4xx stringrequired

    Number of HTTP 4XX response status codes during the scanner execution.

    nStatus5xx stringrequired

    Number of HTTP 5XX response status codes during the scanner execution.

    nConnectionErrors stringrequired

    Number of connection errors during the scanner execution.

    nTimeouts stringrequired

    Number of request timeouts during the scanner execution.

    nRequests stringrequired

    Number of requests executed by the scanner.

    sampleOfRequestBeingScanned

    object

    required

    List of the current scanner requests.

    httpMethod stringrequired

    HTTP method of the scanner request.

    url urirequired

    URL of the scanner request.

    target_options

    object

    required

    Options of the target for the scan.

    site

    object

    The core settings of the target for the scan.
    Includes basic target information (like the name, description, and URL) and scanning information (like the authentication and navigation sequences).

    id stringrequired

    A unique Base58 value identifying this object.

    name string

    Possible values: <= 255 characters

    Name of the target or extra host.
    The maximum length is 255 characters.

    desc stringnullable

    Description of the target.

    url urirequired

    URL of the target.

    host stringrequired

    Hostname of the target.

    has_form_login boolean

    If true, the target authentication is done through a login form.
    Read more about how to set up target authentication (login form).
    Defaults to false.

    form_login_url uri

    URL of the login form of the target.

    form_login_check_pattern string

    Possible values: <= 255 characters

    Pattern to check a successful login.
    The maximum length is 255 characters.

    form_login

    object[]

    Field and value pairs to fill the login form.

  • Array [

  • name stringrequired
    value stringrequired
  • ]

  • logout_detection_enabled boolean

    If true, detects any undesired logouts that may occur during scans to log back in.
    Requires check_session_url and logout_detectors to be defined.
    Defaults to false.

    has_sequence_login boolean

    If true, the target authentication is done through a recorded login sequence.
    Read more about how to set up target authentication (login sequence).
    Defaults to false.

    has_sequence_navigation booleanrequired
    has_basic_auth boolean

    If true, the target authentication is done through username and password credentials.
    Defaults to false.

    basic_auth

    object

    Username and password credentials for the basic auth.

    username stringrequired

    Possible values: <= 255 characters

    password stringrequired

    Possible values: <= 255 characters

    headers

    object[]

    Custom headers to send.

  • Array [

  • name stringrequired
    value stringrequired
  • ]

  • cookies

    object[]

    Custom cookies to send.

  • Array [

  • name stringrequired
    value stringrequired
  • ]

  • whitelist

    object

    Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

    property name* any

    Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.

    blacklist

    object

    URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

    property name* any

    URLs to avoid scanning. For example, "https://example.com/pic-delete.php*" or "*.archive.example.com". URLs need to be absolute and wildcards (*) are allowed. The blacklist takes precedence over the whitelist.

    changed date-timerequired

    Date and time of the last change, in ISO 8601 UTC format.
    For example, "2023-08-09T13:27:43.8208302".

    changed_by

    object

    required

    User who last made changes.

    id stringrequired

    A unique Base58 value identifying this object.

    email email

    Possible values: <= 254 characters

    Email of the user.

    name stringrequired

    Possible values: <= 60 characters

    Name of the user.

    auth_enabled boolean

    If true, the target has authentication.
    Defaults to false.

    logout_condition string

    Possible values: [any, all]

    Type of combination of the logout conditions:

    • any - Is logged out if any condition is verified.
    • all - Is logged out only if all condition are verified.
    check_session_url string

    URL to check session.

    has_otp boolean

    If true, the target has two-factor authentication (2FA).
    Read more about how to set up target two-factor authentication (2FA).
    Defaults to false.

    otp_secret string

    The seed/secret obtained when the QR code is displayed to be scanned by the third-party authenticator (TPA) app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
    Read more about how to set up target two-factor authentication (2FA).

    otp_algorithm string

    Possible values: [SHA1, SHA256, SHA512]

    Default value: SHA1

    Secure hash algorithm (SHA) to generate the one-time password (OTP):
    (Defaults to SHA1)

    • SHA1 - Sha1
    • SHA256 - Sha256
    • SHA512 - Sha512
    otp_digits integer

    Possible values: >= -2147483648 and <= 2147483647, [6, 7, 8]

    Default value: 6

    Number of digits of the one-time password (OTP):
    (Defaults to 6)

    • 6 - Six
    • 7 - Seven
    • 8 - Eight
    otp_field string

    CSS selector of the HTML element in the page to enter the one-time password (OTP).
    For example, a text input field. Read more about how to obtain a CSS selector.
    Defaults to "".

    otp_submit string

    CSS selector of the HTML element in the page to submit the one-time password (OTP). For example, a button.
    Read more about how to obtain a CSS selector.
    Defaults to "".

    otp_login_sequence_totp_value string

    Possible values: >= 6 characters and <= 8 characters

    One-time password (OTP) obtained at the time when the login sequence was recorded, i.e., the time-based one-time password (TOTP).
    Defaults to "".

    otp_type string
    otp_url stringrequired
    has_assets booleanrequired

    If true, the scan includes extra hosts from the target.
    Learn more about What are the extra hosts in scope for?.

    scanning_agent

    object

    required

    id stringrequired
    name stringrequired

    Possible values: <= 255 characters

    installer_generated booleanrequired

    teams

    object[]

    nullable

  • Array [

  • id string

    A unique Base58 value identifying this object.

    name stringrequired
  • ]

  • online booleanrequired
    fallback booleanrequired
    rx_bytes integerrequired
    tx_bytes integerrequired
    latest_handshake integerrequired
    has_sequence_navigation boolean

    If true, the scan includes sequence navigations.
    Learn more about How to set up Navigation Sequences?.

    incremental booleanrequired

    If true, the scan was incremental to narrow the coverage to new and updated URLs.
    Learn more about partial scans.

    reduced_scope booleanrequired

    If true, the scan used a reduced scope to narrow the coverage to defined URLs.
    Learn more about partial scans.

    crawl_sequences_only booleanrequired

    If true, the scan only crawled navigation sequences to narrow the coverage.
    Learn more about partial scans.

    ignore_blackout_period booleanrequired

    If true, the scan ignored the blackout period defined in the target settings.

    runtime string

    Rotal time from the start of the scan to its completion.
    For example, "02 00:00:10.123456".

    duration string

    Total time the scan was actively running.
    For example, "02 00:00:10.123456".

    user_data string

    Store scan metadata.

  • ]

Loading...