How to export the scan coverage report
During a scan, the crawler navigates through the target's URLs to find every endpoint possible while testing every input it might find. Then, those URLs are sent to the scanner to identify vulnerabilities.
This coverage of the crawler stands as a fundamental aspect of a scan, as it may be the difference between a useful scan and a poor scan, and that is why the coverage report is so important for you to analyze the success of your scans.
Prerequisites
Ensure the scan is complete before exporting the coverage report. Learn more about how to check when the scan is complete.
Step 1: Export the scan coverage report
You will need the scan and target identifiers to export a coverage report. You obtain them, for example, after checking when the scan is complete or by listing scans and picking a scan that is complete.
In this request, the scan identifier is 2TeAXi3hCYYV and was started for the target with the identifier 3mX3wqKYBRQc.
curl 'https://api.probely.com/targets/3mX3wqKYBRQc/scans/2TeAXi3hCYYV/endpoints/' \
-X POST \
-H 'Authorization: JWT <YOUR_PROBELY_TOKEN>' \
-H 'Content-Type: application/json'
The response will have the coverage report in CSV format.
"request_method","url","status_code","result","reason","info"
"GET","http://example.com/","-","accepted","",""
"POST","http://example.com/guestbook.php","200","accepted","",""
"GET","http://example.com/login.php","200","accepted","",""
"GET","http://example.com/admin/","200","accepted","",""
"POST","http://example.com/userinfo.php","302","accepted","",""
"POST","http://example.com/comment.php","200","accepted","",""
"POST","http://example.com/search.php?test=query","200","accepted","",""
"POST","http://example.com/secured/newuser.php","200","accepted","",""
"GET","http://example.com/listproducts.php?cat=2","200","accepted","",""
"GET","http://example.com/artists.php?artist=2","200","accepted","",""
...
For more details on the coverage report, read this article on What is the meaning of the .CSV coverage report.