Clear 2FA Configuration
DELETE/targets/:id/otp/
Request
Path Parameters
Responses
- 200
- 400
- 401
- 500
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Array [
]
any
- Is logged out if any condition is verified.all
- Is logged out only if all condition are verified.SHA1
- Sha1SHA256
- Sha256SHA512
- Sha5126
- Six7
- Seven8
- EightArray [
]
-
file
- Verifies the domain against a text file in the root directory of the website. Learn more in this article. -
back_office
- Automatically set if manually verified in the back-office. Read-only. -
existing_domain
- Automatically set if the upper-level domain is verified. For example, "my.example.com" is automatically verified if "example.com" is verified. Read-only. -
dns_txt
- Verifies the domain against a TXT record in the Domain Name System (DNS). Learn more in this article. -
dns
- Same asdns_txt
. -
dns_cname
- Verifies the domain against a CNAME record in the Domain Name System (DNS). Learn more in this article. -
meta_tag
- Verifies the domain against a meta tag in the index page of the website. Learn more in this article. -
whitelist
- Automatically verifies if the domain is in the whitelist -
email
- Automatically verifies a domain if the user's email is in the same domain as the target -
aws_route53
- Automatically verifies a domain if the hostname exists as an AWS Route53 Zone. -
cloudflare
- Automatically verifies a domain if the host name exists and is verified as a CloudflareZone. -
waved
- Automatically verifies a domain if there is a waver agreement. openapi
- OpenAPI schema.postman
- Postman collection.Array [
]
application/json
- The payload is in JSON format in the request body.application/x-www-form-urlencoded
- The payload is encoded in the request URL.cookie
- Cookieheader
- Headercanceled
- Canceledcanceling
- Cancelingcompleted
- Completedcompleted_with_errors
- Completed with errors - DEPRECATEDfailed
- Failedpaused
- Pausedpausing
- Pausingqueued
- Queuedresuming
- Resumingstarted
- Startedunder_review
- Under Reviewfinishing_up
- Finishing upcanceled
- Canceledcanceling
- Cancelingcompleted
- Completedcompleted_with_errors
- Completed with errors - DEPRECATEDfailed
- Failedpaused
- Pausedpausing
- Pausingqueued
- Queuedresuming
- Resumingstarted
- Startedunder_review
- Under Reviewfinishing_up
- Finishing upArray [
]
Array [
]
Array [
]
Array [
]
Array [
]
Array [
]
Array [
]
Array [
]
Array [
]
any
- Is logged out if any condition is verified.all
- Is logged out only if all condition are verified.SHA1
- Sha1SHA256
- Sha256SHA512
- Sha5126
- Six7
- Seven8
- EightArray [
]
-
file
- Verifies the domain against a text file in the root directory of the website. Learn more in this article. -
back_office
- Automatically set if manually verified in the back-office. Read-only. -
existing_domain
- Automatically set if the upper-level domain is verified. For example, "my.example.com" is automatically verified if "example.com" is verified. Read-only. -
dns_txt
- Verifies the domain against a TXT record in the Domain Name System (DNS). Learn more in this article. -
dns
- Same asdns_txt
. -
dns_cname
- Verifies the domain against a CNAME record in the Domain Name System (DNS). Learn more in this article. -
meta_tag
- Verifies the domain against a meta tag in the index page of the website. Learn more in this article. -
whitelist
- Automatically verifies if the domain is in the whitelist -
email
- Automatically verifies a domain if the user's email is in the same domain as the target -
aws_route53
- Automatically verifies a domain if the hostname exists as an AWS Route53 Zone. -
cloudflare
- Automatically verifies a domain if the host name exists and is verified as a CloudflareZone. -
waved
- Automatically verifies a domain if there is a waver agreement. openapi
- OpenAPI schema.postman
- Postman collection.Array [
]
application/json
- The payload is in JSON format in the request body.application/x-www-form-urlencoded
- The payload is encoded in the request URL.cookie
- Cookieheader
- HeaderArray [
]
pdf
- PDF file format.docx
- DOCX file format.Array [
]
h
- Hourlyd
- Dailyw
- Weeklym
- Monthlyq
- Quarterly1
- Monday2
- Tuesday3
- Wednesday4
- Thursday5
- Friday6
- Saturday7
- Sundayfirst
- Firstsecond
- Secondthird
- Thirdfourth
- Fourthlast
- LastArray [
Array [
]
-
file
- Verifies the domain against a text file in the root directory of the website. Learn more in this article. -
back_office
- Automatically set if manually verified in the back-office. Read-only. -
existing_domain
- Automatically set if the upper-level domain is verified. For example, "my.example.com" is automatically verified if "example.com" is verified. Read-only. -
dns_txt
- Verifies the domain against a TXT record in the Domain Name System (DNS). Learn more in this article. -
dns
- Same asdns_txt
. -
dns_cname
- Verifies the domain against a CNAME record in the Domain Name System (DNS). Learn more in this article. -
meta_tag
- Verifies the domain against a meta tag in the index page of the website. Learn more in this article. -
whitelist
- Automatically verifies if the domain is in the whitelist -
email
- Automatically verifies a domain if the user's email is in the same domain as the target -
aws_route53
- Automatically verifies a domain if the hostname exists as an AWS Route53 Zone. -
cloudflare
- Automatically verifies a domain if the host name exists and is verified as a CloudflareZone. -
waved
- Automatically verifies a domain if there is a waver agreement. Array [
]
Array [
]
]
default
- Standardexecutive_summary
- Executive Summaryowasp
- OWASP Top 10pci
- PCI v3.2.1pci4
- PCI v4.0.1iso27001
- ISO 27001hipaa
- HIPAApdf
- PDF file format.docx
- DOCX file format.Array [
]
Array [
]
Array [
]
A unique Base58 value identifying this object.
site
object
required
Core settings of the target.
Includes basic target information (like the name, description, and URL) and scanning information (like the authentication and navigation sequences).
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the target or extra host.
The maximum length is 255 characters.
Description of the target.
URL of the target.
Hostname of the target.
If true, the target authentication is done through a login form.
Read more about how to set up target authentication (login form).
Defaults to false.
URL of the login form of the target.
Possible values: <= 255 characters
Pattern to check a successful login.
The maximum length is 255 characters.
form_login
object[]
Field and value pairs to fill the login form.
If true, detects any undesired logouts that may occur during scans to log back in.
Requires check_session_url
and logout_detectors
to be defined.
Defaults to false.
If true, the target authentication is done through a recorded login sequence.
Read more about how to set up target authentication (login sequence).
Defaults to false.
If true, the target authentication is done through username and password credentials.
Defaults to false.
basic_auth
object
Username and password credentials for the basic auth.
Possible values: <= 255 characters
Possible values: <= 255 characters
headers
object[]
Custom headers to send.
cookies
object[]
Custom cookies to send.
whitelist
object
Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.
Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.
blacklist
object
URLs to avoid scanning.
For example, "https://example.com/pic-delete.php*" or "*.archive.example.com".
URLs need to be absolute and wildcards (*
) are allowed.
The blacklist takes precedence over the whitelist.
URLs to avoid scanning.
For example, "https://example.com/pic-delete.php*" or "*.archive.example.com".
URLs need to be absolute and wildcards (*
) are allowed.
The blacklist takes precedence over the whitelist.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
If true, the target has authentication.
Defaults to false.
Possible values: [any
, all
]
Type of combination of the logout conditions:
URL to check session.
If true, the target has two-factor authentication (2FA).
Read more about how to set up target two-factor authentication (2FA).
Defaults to false.
The seed/secret obtained when the QR code is displayed to be scanned by the third-party authenticator (TPA) app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
Read more about how to set up target two-factor authentication (2FA).
Possible values: [SHA1
, SHA256
, SHA512
]
Default value: SHA1
Secure hash algorithm (SHA) to generate the one-time password (OTP):
(Defaults to SHA1
)
Possible values: >= -2147483648
and <= 2147483647
, [6
, 7
, 8
]
Default value: 6
Number of digits of the one-time password (OTP):
(Defaults to 6
)
CSS selector of the HTML element in the page to enter the one-time password (OTP).
For example, a text input field.
Read more about how to obtain a CSS selector.
Defaults to "".
CSS selector of the HTML element in the page to submit the one-time password (OTP).
For example, a button.
Read more about how to obtain a CSS selector.
Defaults to "".
Possible values: >= 6 characters
and <= 8 characters
One-time password (OTP) obtained at the time when the login sequence was recorded, i.e., the time-based one-time password (TOTP).
Defaults to "".
stack
object[]
Technologies identified in the target during scans.
The scanning engine uses them to fine-tune vulnerability tests and improve the explanation of how to fix vulnerabilities.
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the technology.
For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
The maximum lenght is 255 characters.
Description of the technology.
Defaults to "".
If true, the domain is verified. Read-only.
Token used to verify the domain. Read-only.
Date and time of the verification of the domain, in ISO 8601 UTC format. For example, "2023-08-09T13:27:43.8208302". Read-only.
Possible values: [file
, back_office
, existing_domain
, dns_txt
, dns
, dns_cname
, meta_tag
, whitelist
, email
, aws_route53
, cloudflare
, waved
]
Method used in the domain verification:
Error of the last verification of the domain. Read-only.
api_scan_settings
object
Scanning settings if the target is an API.
Possible values: [openapi
, postman
]
Type of schema that defines the API:
custom_api_parameters
object[]
Possible values: [application/json
, application/x-www-form-urlencoded
]
Format of the payload:
Possible values: <= 2048 characters
URL to make the authentication request to the API.
The maximum length is 2048 characters.
Possible values: <= 4096 characters
Payload to send in the authentication request.
The maximum length is 4096 characters.
Possible values: <= 256 characters
Field containing the authentication token in the response to the authentication request.
The maximum length is 256 characters.
Possible values: <= 16 characters
Prefix to add to the authentication token.
For example, "Bearer" or "JWT".
The maximum length is 16 characters.
Possible values: <= 256 characters
Parameter name to send the authentication token.
For example, "Authorization".
The maximum length is 256 characters.
Possible values: [cookie
, header
]
Where to send the parameter name with the authentication token and the prefix:
Number of unresolved vulnerability findings with low severity.
Number of unresolved vulnerability findings with medium severity.
Number of unresoved vulnerability findings with high severity.
last_scan
object
required
Last scan done for the target.
A unique Base58 value identifying this object.
Possible values: [canceled
, canceling
, completed
, completed_with_errors
, failed
, paused
, pausing
, queued
, resuming
, started
, under_review
, finishing_up
]
Status of the scan:
Date and time of when the scan started.
Date and time of when the scan was completed.
Identifier of the scan profile.
Number of vulnerability findings with low severity.
Number of vulnerability findings with medium severity.
Number of vulnerability findings with high severity.
running_scan
object
required
Current scan running for the target.
A unique Base58 value identifying this object.
Possible values: [canceled
, canceling
, completed
, completed_with_errors
, failed
, paused
, pausing
, queued
, resuming
, started
, under_review
, finishing_up
]
Status of the scan:
Date and time of when the scan started.
Date and time of when the scan was completed.
Identifier of the scan profile.
Number of vulnerability findings with low severity.
Number of vulnerability findings with medium severity.
Number of vulnerability findings with high severity.
crawler
object
Status of the crawler.
State of the crawler execution.
For example, "started" or "ended".
List with two numbers where the first is the crawled URLs and the second is the total of URLs to crawl.
warning
object[]
required
List of warnings occurred during the crawler execution.
Warning code.
Warning message.
error
object[]
required
List of errors occurred during the crawler execution.
full_status
object
required
Detailed information on the crawler execution.
Type of information.
The value is "feedback".
Internal information.
Internal information.
Timestamp of the crawler execution.
Sub-type of the type of information.
The value is "status".
Stage of the scan.
The value is "crawler".
Module of the crawler that is executing.
data
object
required
Further details on the crawler execution.
Type of information.
The value is "feedback".
Number of requests with timeouts during the crawler execution.
Number of failed login attempts during the crawler execution.
Version number.
Number of network errors during the crawler execution.
If true, the crawler is currently trying to log in to the target.
Number of URLs crawled.
Number of URLs deduplicated during the crawler execution.
Total number of URLs to crawl.
List of extra hosts.
List of URLs currently being crawled.
lastLogin
object[]
required
List of the last logins.
Status of the login attempt.
Timestamp of the login attempt.
status
object
required
List of HTTP response codes obtained during the crawler execution and how many of each.
List of HTTP response codes obtained during the crawler execution and how many of each.
outOfScopeHostsCount
object
required
List of URLs out of the target's scope and the number of times the crawler hit them.
List of URLs out of the target's scope and the number of times the crawler hit them.
allHostnames
object
required
List of all hostnames to crawl.
List of all hostnames to crawl.
lastCrawledEndpoints
object[]
required
List of the last crawled URLs.
Identifier of the crawler job.
HTTP response status code for the crawler request.
HTTP method of the crawler request.
URL of the crawler request.
statusByHost
object
required
List of HTTP response codes obtained during the crawler execution and how many of each, grouped by hostname.
List of HTTP response codes obtained during the crawler execution and how many of each, grouped by hostname.
fingerprinter
object
Status of the fingerprinter.
State of the fingerprinter execution.
For example, "started" or "ended".
Number of technologies (frameworks) detected by the fingerprinter.
List of warnings occurred during the fingerprinter execution.
List of errors occurred during the fingerprinter execution.
scanner
object
Status of the scanner.
State of the scanner execution.
For example, "started" or "ended".
List with two numbers where the first is the scanned URLs and the second is the total of URLs to scan.
warning
object[]
required
List of warnings occurred during the scanner execution.
Warning code.
Warning message.
List of errors occurred during the scanner execution.
full_status
object
required
Detailed information on the scanner execution.
Type of information.
The value is "feedback".
Internal information.
Internal information.
Timestamp of the scanner execution.
Sub-type of the type of information.
The value is "status".
Stage of the scan.
The value is "scanner".
Module of the scanner that is executing.
data
object
required
Further details on the scanner execution.
Number of URLs scanned.
Total number of URLs to scan.
scannerState
object
required
Details on the scanner state.
Number of scanner requests executing.
Current average response time to scanner requests.
Overall average response time to scanner requests.
Number of HTTP 3XX response status codes during the scanner execution.
Number of HTTP 4XX response status codes during the scanner execution.
Number of HTTP 5XX response status codes during the scanner execution.
Number of connection errors during the scanner execution.
Number of request timeouts during the scanner execution.
Number of requests executed by the scanner.
sampleOfRequestBeingScanned
object
required
List of the current scanner requests.
HTTP method of the scanner request.
URL of the scanner request.
stack
object[]
Technologies found in the scan.
The scanning engine uses them to fine-tune vulnerability tests and texts about how to fix the vulnerabilities.
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the technology.
For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
The maximum lenght is 255 characters.
Description of the technology.
Defaults to "".
next_scan
object
required
Next scheduled scan for the target.
A unique Base58 value identifying this object.
target
object
required
Possible values: <= 255 characters
Name of the target.
The maximum length is 255 characters.
site
object
Core settings of the target.
Includes basic target information (like the name, description, and URL) and scanning information (like the authentication and navigation sequences).
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the target or extra host.
The maximum length is 255 characters.
Description of the target.
URL of the target.
Hostname of the target.
If true, the target authentication is done through a login form.
Read more about how to set up target authentication (login form).
Defaults to false.
URL of the login form of the target.
Possible values: <= 255 characters
Pattern to check a successful login.
The maximum length is 255 characters.
form_login
object[]
Field and value pairs to fill the login form.
If true, detects any undesired logouts that may occur during scans to log back in.
Requires check_session_url
and logout_detectors
to be defined.
Defaults to false.
If true, the target authentication is done through a recorded login sequence.
Read more about how to set up target authentication (login sequence).
Defaults to false.
If true, the target authentication is done through username and password credentials.
Defaults to false.
basic_auth
object
Username and password credentials for the basic auth.
Possible values: <= 255 characters
Possible values: <= 255 characters
headers
object[]
Custom headers to send.
cookies
object[]
Custom cookies to send.
whitelist
object
Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.
Additional paths to crawl and scan. For example, "archive/search?query=probely". Only relative paths are allowed. The blacklist takes precedence over the whitelist.
blacklist
object
URLs to avoid scanning.
For example, "https://example.com/pic-delete.php*" or "*.archive.example.com".
URLs need to be absolute and wildcards (*
) are allowed.
The blacklist takes precedence over the whitelist.
URLs to avoid scanning.
For example, "https://example.com/pic-delete.php*" or "*.archive.example.com".
URLs need to be absolute and wildcards (*
) are allowed.
The blacklist takes precedence over the whitelist.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
If true, the target has authentication.
Defaults to false.
Possible values: [any
, all
]
Type of combination of the logout conditions:
URL to check session.
If true, the target has two-factor authentication (2FA).
Read more about how to set up target two-factor authentication (2FA).
Defaults to false.
The seed/secret obtained when the QR code is displayed to be scanned by the third-party authenticator (TPA) app installed on the phone (e.g., Google Authenticator, 1Password, Authy, Microsoft Authenticator, etc.).
Read more about how to set up target two-factor authentication (2FA).
Possible values: [SHA1
, SHA256
, SHA512
]
Default value: SHA1
Secure hash algorithm (SHA) to generate the one-time password (OTP):
(Defaults to SHA1
)
Possible values: >= -2147483648
and <= 2147483647
, [6
, 7
, 8
]
Default value: 6
Number of digits of the one-time password (OTP):
(Defaults to 6
)
CSS selector of the HTML element in the page to enter the one-time password (OTP).
For example, a text input field.
Read more about how to obtain a CSS selector.
Defaults to "".
CSS selector of the HTML element in the page to submit the one-time password (OTP).
For example, a button.
Read more about how to obtain a CSS selector.
Defaults to "".
Possible values: >= 6 characters
and <= 8 characters
One-time password (OTP) obtained at the time when the login sequence was recorded, i.e., the time-based one-time password (TOTP).
Defaults to "".
stack
object[]
Technologies identified in the target during scans.
The scanning engine uses them to fine-tune vulnerability tests and improve the explanation of how to fix vulnerabilities.
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the technology.
For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
The maximum lenght is 255 characters.
Description of the technology.
Defaults to "".
If true, the domain is verified. Read-only.
Token used to verify the domain. Read-only.
Date and time of the verification of the domain, in ISO 8601 UTC format. For example, "2023-08-09T13:27:43.8208302". Read-only.
Possible values: [file
, back_office
, existing_domain
, dns_txt
, dns
, dns_cname
, meta_tag
, whitelist
, email
, aws_route53
, cloudflare
, waved
]
Method used in the domain verification:
Error of the last verification of the domain. Read-only.
api_scan_settings
object
required
Scanning settings if the target is an API.
Possible values: [openapi
, postman
]
Type of schema that defines the API:
custom_api_parameters
object[]
Possible values: [application/json
, application/x-www-form-urlencoded
]
Format of the payload:
Possible values: <= 2048 characters
URL to make the authentication request to the API.
The maximum length is 2048 characters.
Possible values: <= 4096 characters
Payload to send in the authentication request.
The maximum length is 4096 characters.
Possible values: <= 256 characters
Field containing the authentication token in the response to the authentication request.
The maximum length is 256 characters.
Possible values: <= 16 characters
Prefix to add to the authentication token.
For example, "Bearer" or "JWT".
The maximum length is 16 characters.
Possible values: <= 256 characters
Parameter name to send the authentication token.
For example, "Authorization".
The maximum length is 256 characters.
Possible values: [cookie
, header
]
Where to send the parameter name with the authentication token and the prefix:
Type of target.
Possible values are "single" for a web application and "api" for an API.
Defaults to "single".
Description of the target.
Defaults to "".
labels
object[]
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the label.
The maximum length is 255 characters.
Possible values: Value must match regular expression ^[a-zA-Z0-9#_-]*$
Color of the label, in RGB hexadecimal format prefixed with "#".
For example, "#00FF00" for green.
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
Possible values: [pdf
, docx
]
Report format for the target:
(Defaults to pdf
)
scanning_agent
object
nullable
Return serializer_class with all fields as read_only except key. The key is the field use to retrieve the object in to_internal_value
.
This is for the drf-spectacular documentation generation.
Possible values: <= 255 characters
teams
object[]
required
A unique Base58 value identifying this object.
blackout_period
object
required
Time window during which scans are temporarily interrupted.
Time of when the blackout period starts, in ISO 8601 UTC format.
For example, "13:27".
Time of when the blackout period ceases, in ISO 8601 UTC format.
For example, "13:27".
If true, the blackout period is enabled.
Possible values: <= 64 characters
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
Date and time of next scan scheduled.
Possible values: [h
, d
, w
, m
, q
, ``]
Scheduled scan recurrence.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
blackout_period
object
required
Time window during which scans are temporarily interrupted.
Time of when the blackout period starts, in ISO 8601 UTC format.
For example, "13:27".
Time of when the blackout period ceases, in ISO 8601 UTC format.
For example, "13:27".
If true, the blackout period is enabled.
Possible values: <= 64 characters
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
Possible values: <= 64 characters
Timezone to use for scheduled scan timestamp.
Schedule scan to run on specific monthly day of week (for monthly/quarterly recurrence).
Possible values: >= -2147483648
and <= 2147483647
, [1
, 2
, 3
, 4
, 5
, 6
, 7
, null
]
Day of week to run scan on - monday to sunday (for run on day of week option).
Possible values: [first
, second
, third
, fourth
, last
, ``, null
]
Which week of the month to run scan on (with run_on_day_of_week
enabled).
Future scans set as partial scans, use in conjunction with incremental
and reduced_scope
.
Override scan target's scan settings, use in conjunction with override_target_settings
.
Future scans set to incremental, use in conjunction with partial_scan
and override_target_settings
.
Future scans set as reduced scope, use in conjunction with partial_scan
and override_target_settings
.
Scan profile to use.
Use the endpoint List Scan Profiles to get all the available scan profiles.
If no scan profile is specified, the scan profile will be the one specified in the target settings.
assets
object[]
required
A unique Base58 value identifying this object.
A unique Base58 value identifying this object.
Name of the target or extra host.
The maximum length is 255 characters.
Extra host of the target.
Description of the target.
stack
object[]
Technologies identified in the target during scans.
The scanning engine uses them to fine-tune vulnerability tests and improve the explanation of how to fix vulnerabilities.
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the technology.
For example, "PHP, "SQLite", "Python", "Apache", or "Wordpress".
The maximum lenght is 255 characters.
Description of the technology.
Defaults to "".
If true, the domain is verified. Read-only.
Token used to verify the domain Read-only.
Date and time of the verification of the domain, in ISO 8601 UTC format. For example, "2023-08-09T13:27:43.8208302". Read-only.
Possible values: [file
, back_office
, existing_domain
, dns_txt
, dns
, dns_cname
, meta_tag
, whitelist
, email
, aws_route53
, cloudflare
, waved
]
Method used in the verification of the domain: (Read-only)
Error of the last verification of the domain. Read-only.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
headers
object[]
required
Custom headers to send. Read-only.
cookies
object[]
Custom cookies to send.
If true, the extra host is in the scope of the scan.
If false, the extra host is not in the scope of the scan.
Defaults to true.
Identifier of the scan profile.
Type of target.
Possible values are "single" for a web application and "api" for an API.
Defaults to "single".
If true, the target has unlimited scans.
If false, the target scans consume credits.
Learn more about unlimited scans vs scans with credits.
Possible values: [default
, executive_summary
, owasp
, pci
, pci4
, iso27001
, hipaa
]
Type of scan report produced for the target:
(Defaults to default
)
Possible values: [pdf
, docx
]
Report format for the target:
(Defaults to pdf
)
allowed_scan_profiles
object[]
required
deprecated
Scan profiles allowed for the target.
Possible values: <= 255 characters
Name of the scan profile.
The maximum length is 255 characters.
Description of the scan profile.
If true, it is a built-in scan profile, which cannot be changed.
If false, it is a custom scan profile and the name must start with "sp-".
labels
object[]
Labels of the target.
A unique Base58 value identifying this object.
Possible values: <= 255 characters
Name of the label.
The maximum length is 255 characters.
Possible values: Value must match regular expression ^[a-zA-Z0-9#_-]*$
Color of the label, in RGB hexadecimal format prefixed with "#".
For example, "#00FF00" for green.
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
scanning_agent
object
nullable
Scanning agent of the target. Learn more on how to scan internal applications with a scanning agent.
Possible values: <= 255 characters
If true, scans include deduplicated endpoints.
If false or null, scans exclude deduplicated endpoints.
A deduplicated endpoint has the same simhash as another scanned endpoint.
teams
object[]
A unique Base58 value identifying this object.
blackout_period
object
Time window during which scans are temporarily interrupted.
Time of when the blackout period starts, in ISO 8601 UTC format.
For example, "13:27".
Time of when the blackout period ceases, in ISO 8601 UTC format.
For example, "13:27".
If true, the blackout period is enabled.
Possible values: <= 64 characters
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
If true, scans fail on recoverable errors.
If false, scans continue on recoverable errors.
Defaults to true.
URL for the last recorded login video from this target's scans.
Date and time of the last change, in ISO 8601 UTC format.
For example, "2023-08-09T13:27:43.8208302".
changed_by
object
required
User who last made changes.
A unique Base58 value identifying this object.
Possible values: <= 254 characters
Email of the user.
Possible values: <= 60 characters
Name of the user.
If true, on-demand scans can be incremental to narrow the coverage to new and updated URLs.
Learn more about partial scans.
Defaults to false.
If true, on-demand scans can have reduced scope to narrow the coverage to defined URLs.
Learn more about partial scans.
Defaults to false.
If true, scheduled scans can be incremental to narrow the coverage to new and updated URLs.
Learn more about partial scans.
Defaults to false.
If true, scheduled scans can have reduced scope to narrow the coverage to defined URLs.
Learn more about partial scans.
Defaults to false.
If true, on-demand scans can only crawl navigation sequences to narrow the coverage.
Learn more about partial scans.
Defaults to false.
If true, scheduled scans can only crawl navigation sequences to narrow the coverage.
Learn more about partial scans.
Defaults to false.
{
"id": "string",
"site": {
"id": "string",
"name": "string",
"desc": "string",
"url": "string",
"host": "string",
"has_form_login": false,
"form_login_url": "string",
"form_login_check_pattern": "string",
"form_login": [
{
"name": "string",
"value": "string"
}
],
"logout_detection_enabled": false,
"has_sequence_login": false,
"has_sequence_navigation": true,
"has_basic_auth": false,
"basic_auth": {
"username": "string",
"password": "string"
},
"headers": [
{
"name": "string",
"value": "string",
"allow_testing": false,
"authentication": false
}
],
"cookies": [
{
"name": "string",
"value": "string",
"allow_testing": false,
"authentication": false
}
],
"whitelist": {},
"blacklist": {},
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"auth_enabled": false,
"logout_condition": "any",
"check_session_url": "string",
"has_otp": true,
"otp_secret": "string",
"otp_algorithm": "SHA1",
"otp_digits": 6,
"otp_field": "string",
"otp_submit": "string",
"otp_login_sequence_totp_value": "string",
"otp_type": "string",
"otp_url": "string",
"stack": [
{
"id": "string",
"name": "string",
"desc": "string"
}
],
"verified": true,
"verification_token": "string",
"verification_date": "2024-07-29T15:51:28.071Z",
"verification_method": "file",
"verification_last_error": "string",
"api_scan_settings": {
"api_schema_type": "openapi",
"api_schema_url": "string",
"api_schema_file": "string",
"custom_api_parameters": [
{
"name": "string",
"value": "string"
}
],
"media_type": "application/json",
"api_login_url": "string",
"api_login_payload": "string",
"api_login_enabled": true,
"api_login_token_field": "string",
"token_prefix": "string",
"token_parameter_name": "string",
"token_parameter_location": "cookie"
}
},
"lows": 0,
"mediums": 0,
"highs": 0,
"risk": 0,
"last_scan": {
"id": "string",
"status": "canceled",
"started": "2024-07-29T15:51:28.071Z",
"completed": "2024-07-29T15:51:28.071Z",
"scan_profile": "string",
"lows": 0,
"mediums": 0,
"highs": 0,
"created": "2024-07-29T15:51:28.071Z"
},
"running_scan": {
"id": "string",
"status": "canceled",
"started": "2024-07-29T15:51:28.071Z",
"completed": "2024-07-29T15:51:28.071Z",
"scan_profile": "string",
"lows": 0,
"mediums": 0,
"highs": 0,
"created": "2024-07-29T15:51:28.071Z",
"crawler": {
"state": "string",
"status": [
"string"
],
"warning": [
{
"code": "string",
"message": "string"
}
],
"error": [
{
"code": "string",
"message": "string"
}
],
"full_status": {
"type": "string",
"iid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"aid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"ts": "string",
"subtype": "string",
"stage": "string",
"module": "string",
"data": {
"type": "string",
"countTimeoutEndpoints": 0,
"countLoginFailed": 0,
"version": 0,
"countNetworkErrorEndpoints": 0,
"doingLogin": true,
"done": 0,
"rejected": 0,
"total": 0,
"allExtraHosts": [
"string"
],
"crawlingEndpoints": [
"string"
],
"lastLogin": [
{
"status": "string",
"timestamp": 0
}
],
"status": {},
"outOfScopeHostsCount": {},
"allHostnames": {},
"lastCrawledEndpoints": [
{
"jobId": 0,
"status": 0,
"method": "string",
"url": "string"
}
],
"statusByHost": {}
}
}
},
"fingerprinter": {
"state": "string",
"count": 0,
"warning": [
"string"
],
"error": [
"string"
]
},
"scanner": {
"state": "string",
"status": [
"string"
],
"warning": [
{
"code": "string",
"message": "string"
}
],
"error": [
"string"
],
"full_status": {
"type": "string",
"iid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"aid": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"ts": "string",
"subtype": "string",
"stage": "string",
"module": "string",
"data": {
"done": 0,
"total": 0,
"scannerState": {
"numberOfRequestBeingScanned": 0,
"currentAverageRtt": 0,
"averageRtt": 0,
"nStatus3xx": "string",
"nStatus4xx": "string",
"nStatus5xx": "string",
"nConnectionErrors": "string",
"nTimeouts": "string",
"nRequests": "string",
"sampleOfRequestBeingScanned": {
"httpMethod": "string",
"url": "string"
}
}
}
}
},
"stack": [
{
"id": "string",
"name": "string",
"desc": "string"
}
]
},
"next_scan": {
"id": "string",
"target": {
"id": "string",
"site": {
"id": "string",
"name": "string",
"desc": "string",
"url": "string",
"host": "string",
"has_form_login": false,
"form_login_url": "string",
"form_login_check_pattern": "string",
"form_login": [
{
"name": "string",
"value": "string"
}
],
"logout_detection_enabled": false,
"has_sequence_login": false,
"has_sequence_navigation": true,
"has_basic_auth": false,
"basic_auth": {
"username": "string",
"password": "string"
},
"headers": [
{
"name": "string",
"value": "string",
"allow_testing": false,
"authentication": false
}
],
"cookies": [
{
"name": "string",
"value": "string",
"allow_testing": false,
"authentication": false
}
],
"whitelist": {},
"blacklist": {},
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"auth_enabled": false,
"logout_condition": "any",
"check_session_url": "string",
"has_otp": true,
"otp_secret": "string",
"otp_algorithm": "SHA1",
"otp_digits": 6,
"otp_field": "string",
"otp_submit": "string",
"otp_login_sequence_totp_value": "string",
"otp_type": "string",
"otp_url": "string",
"stack": [
{
"id": "string",
"name": "string",
"desc": "string"
}
],
"verified": true,
"verification_token": "string",
"verification_date": "2024-07-29T15:51:28.071Z",
"verification_method": "file",
"verification_last_error": "string",
"api_scan_settings": {
"api_schema_type": "openapi",
"api_schema_url": "string",
"api_schema_file": "string",
"custom_api_parameters": [
{
"name": "string",
"value": "string"
}
],
"media_type": "application/json",
"api_login_url": "string",
"api_login_payload": "string",
"api_login_enabled": true,
"api_login_token_field": "string",
"token_prefix": "string",
"token_parameter_name": "string",
"token_parameter_location": "cookie"
}
},
"type": "string",
"labels": [
{
"id": "string",
"name": "string",
"color": "string",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"changed": "2024-07-29T15:51:28.071Z"
}
],
"has_assets": true,
"report_fileformat": "pdf",
"scanning_agent": {
"id": "string",
"name": "string",
"installer_generated": true,
"online": true,
"fallback": true,
"rx_bytes": 0,
"tx_bytes": 0,
"latest_handshake": 0
},
"teams": [
{
"id": "string",
"name": "string"
}
],
"blackout_period": {
"begin": "string",
"cease": "string",
"weekdays": [
0
],
"enabled": true,
"timezone": "string",
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
}
}
},
"date_time": "2024-07-29T15:51:28.071Z",
"recurrence": "h",
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"blackout_period": {
"begin": "string",
"cease": "string",
"weekdays": [
0
],
"enabled": true,
"timezone": "string",
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
}
},
"timezone": "string",
"run_on_day_of_week": true,
"scheduled_day_of_week": 1,
"week_index": "first",
"partial_scan": true,
"override_target_settings": true,
"incremental": true,
"reduced_scope": true,
"scan_profile": "string",
"unlimited": "string"
},
"assets": [
{
"id": "string",
"account": "string",
"name": "string",
"host": "string",
"desc": "string",
"stack": [
{
"id": "string",
"name": "string",
"desc": "string"
}
],
"verified": true,
"verification_token": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"verification_date": "2024-07-29T15:51:28.071Z",
"verification_method": "file",
"verification_last_error": "string",
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"headers": [
{
"name": "string",
"value": "string",
"allow_testing": false,
"authentication": false
}
],
"cookies": [
{
"name": "string",
"value": "string",
"allow_testing": false,
"authentication": false
}
],
"include": true
}
],
"scan_profile": "string",
"type": "string",
"unlimited": true,
"report_type": "default",
"report_fileformat": "pdf",
"labels": [
{
"id": "string",
"name": "string",
"color": "string",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"changed": "2024-07-29T15:51:28.071Z"
}
],
"scanning_agent": {
"id": "string",
"name": "string",
"installer_generated": true,
"online": true,
"fallback": true,
"rx_bytes": 0,
"tx_bytes": 0,
"latest_handshake": 0
},
"include_deduplicated_endpoints": true,
"teams": [
{
"id": "string",
"name": "string"
}
],
"blackout_period": {
"begin": "string",
"cease": "string",
"weekdays": [
0
],
"enabled": true,
"timezone": "string",
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
}
},
"fail_fast": true,
"login_video": "string",
"changed": "2024-07-29T15:51:28.071Z",
"changed_by": {
"id": "string",
"email": "[email protected]",
"name": "string"
},
"incremental": true,
"reduced_scope": true,
"schedule_incremental": true,
"schedule_reduced_scope": true,
"crawl_sequences_only": true,
"schedule_crawl_sequences_only": true
}
- application/json
- Schema
- Example (from schema)
Schema
{
"<field name>": [
"Errors related to field <field name>."
],
"non_field_errors": [
"Errors not related to any field specific field."
]
}
- application/json
- Schema
- Example (from schema)
Schema
{
"detail": "Incorrect authentication credentials."
}
- application/json
- Schema
- Example (from schema)
Schema
{
"detail": "Unexpected error while handling your request."
}