How to export the scan coverage report
During a scan, the crawler navigates through the target's URLs to find every endpoint possible while testing every input it might find. Then, those URLs are sent to the scanner to identify vulnerabilities.
This coverage of the crawler stands as a fundamental aspect of a scan, as it may be the difference between a useful scan and a poor scan, and that is why the coverage report is so important for you to analyze the success of your scans.
Step 1: Export the scan coverage report
After starting a scan on a target, you can check when the scan is complete, and then export the coverage report.
In this request, the scan identifier is 2TeAXi3hCYYV and was started for the target with the identifier 3mX3wqKYBRQc.
curl 'https://api.probely.com/targets/3mX3wqKYBRQc/scans/2TeAXi3hCYYV/endpoints/' \
-X POST \
-H 'Authorization: JWT <YOUR_PROBELY_TOKEN>' \
-H 'Content-Type: application/json'
The response will have the coverage report in CSV format.
"request_method","url","status_code","result","reason","info"
"GET","http://example.com/","-","accepted","",""
"POST","http://example.com/guestbook.php","200","accepted","",""
"GET","http://example.com/login.php","200","accepted","",""
"GET","http://example.com/admin/","200","accepted","",""
"POST","http://example.com/userinfo.php","302","accepted","",""
"POST","http://example.com/comment.php","200","accepted","",""
"POST","http://example.com/search.php?test=query","200","accepted","",""
"POST","http://example.com/secured/newuser.php","200","accepted","",""
"GET","http://example.com/listproducts.php?cat=2","200","accepted","",""
"GET","http://example.com/artists.php?artist=2","200","accepted","",""
...
For more details on the coverage report, read this article on What is the meaning of the .CSV coverage report.