Skip to main content

How to create and verify a target domain

To scan a target for vulnerabilities, Probely performs extensive tests, which could be interpreted as malicious attacks. To avoid this, you must validate that the target is yours by creating and verifying the target's domain. Only after that you should create the target and run scans on it.

Step 1: Create the domain

Start by creating the domain of the target you want to scan.
For example, if the target is https://example.com, the domain will be example.com.

Request
curl https://api.probely.com/domains/ \
   -X POST \
   -H 'Authorization: JWT <YOUR_API_TOKEN>' \
   -H 'Content-Type: application/json' \
   -d '{
     "hostname": "example.com"
   }'

The response will return the newly created domain with the identifier (id).

Response
{
  "hostname": "example.com",
  "id": "2fQ2HMJeqs6x",
  "verification_token": "5041700e-e954-4905-95d3-20324666134c",
  "verification_date": null,
  "verification_method": "",
  "verification_last_error": "",
  "verified": false,
  "basic_auth_username": "",
  "basic_auth_password": "",
  "port": null
}
info

After creating a domain, you must verify your ownership to ensure that Probely tests are not interpreted as malicious attacks.

In some cases, Probely verifies the domain ownership automatically. For example, imagine you already have the site.com domain created and verified. When you create a domain like my.site.com, it is a sub-domain of site.com, and Probely automatically verifies the ownership.

To understand if Probely has automatically verified the domain ownership, simply check if verified is true in the response to the created domain. If that’s the case, you can skip the next steps in this tutorial.

Step 2: Configure the verification method

To verify the ownership of a domain, you must choose and configure one of the several verification methods available and described in Why do we require you to verify the ownership of your target?

For this tutorial, the choice is to verify the ownership of your target with a TXT file.

Step 3: Verify the domain​

Use the domain's identifier (2fQ2HMJeqs6x in this tutorial) to verify the ownership.
Remember to pass the type of the configured verification method. In this tutorial, it is file.

Request
curl https://api.probely.com/domains/2fQ2HMJeqs6x/verify/ \
  -X POST \
  -H 'Content-Type: application/json' \
  -H 'Authorization: JWT <YOUR_API_TOKEN>' \
  -d '{
    "type": "file"
  }'

If all is well configured, the response will return a successful verification.

Response
{
  "hostname": "example.com",
  "id": "2fQ2HMJeqs6x",
  "verification_token": "5041700e-e954-4905-95d3-20324666134c",
  "verification_date": "2024-03-13T10:10:38Z",
  "verification_method": "file",
  "verification_last_error": "",
  "verified": true,
  "basic_auth_username": "",
  "basic_auth_password": "",
  "port": null
}

With a domain created and verified, you can now create a target for this domain and start scanning it!