Get finding information by ID

GET

findings

{id}

curl --request GET \
  --url https://app.pentest-tools.com/api/v2/findings/{id} \
  --header 'Authorization: Bearer <token>'

{
  "id": 420233,
  "name": "Vulnerabilities found for Apache Httpd 2.4.10",
  "test_description": "Checking for SQL Injection...",
  "test_finished": true,
  "confirmed": true,
  "epss_score": 123,
  "epss_percentile": 123,
  "in_cisa_catalog": true,
  "cve": [
    "CVE-2017-3167",
    "CVE-2019-0217"
  ],
  "cvss": 123,
  "cvssv3": 123,
  "vuln_description": "Vulnerabilities found for Apache Httpd 2.4.25 (port 80/tcp)",
  "vuln_evidence": {
    "type": "text",
    "data": {
      "headers": [
        "<string>"
      ],
      "rows": [
        [
          "<string>"
        ]
      ]
    }
  },
  "risk_description": "<string>",
  "risk_level": 0,
  "status": "open",
  "recommendation": "<string>",
  "references": [
    "<string>"
  ],
  "verified": true,
  "vuln_id": "NETSCAN-SNIPER-CVE-2021-42013-RCE",
  "owasp": {
    "owasp_2017": "<string>",
    "owasp_2021": "<string>"
  },
  "cwe": "<string>",
  "port": 32767,
  "protocol": "TCP",
  "service": "AMQP",
  "target_id": 12345,
  "task_id": 54321,
  "screenshots": 1
}

Authorizations

Authorization

string

header

required

Use the "API key" from the profile page as the token

Path Parameters

integer

required

id of finding to get

Response

integer | null

the ID of the finding. This is null if the scan is still running

Example:

420233

name

string

A short description of the finding

Example:

"Vulnerabilities found for Apache Httpd 2.4.10"

test_description

string

A short description of what the test does

Example:

"Checking for SQL Injection..."

test_finished

boolean

this is set to true when the test ends. If false, it indicates the failed test

Example:

true

confirmed

boolean

this is set to true if the finding has a high certainty of not being a false positive

epss_score

number<float> | null

epss_percentile

number<float> | null

in_cisa_catalog

boolean | null

Indicated whether the CVEs are part of the CISA Known Exploited Vulnerabilities Catalog

Example:

true

cve

string[]

Example:

["CVE-2017-3167", "CVE-2019-0217"]

cvss

number<float> | null

cvssv3

number<float> | null

vuln_description

string

A short description of the vulnerability

Example:

"Vulnerabilities found for Apache Httpd 2.4.25 (port 80/tcp)"

vuln_evidence

object

the evidence for the data. Depending on the type, the data type changes. This is only human friendly and its format and data might change in the future

Show child attributes

risk_description

string

The risk posed by the vulnerability. This is only human friendly and its format and data might change in the future

risk_level

enum<integer>

Risk level:

0 - Informational
1 - Low
2 - Medium
3 - High
4 - Critical

Available options:

0,

1,

2,

3,

4

status

enum<string> | null

The status of the finding. By default this is open. It is null if the scan is still running

Available options:

open,

false_positive,

ignored,

fixed,

accepted

recommendation

string

a recommendation for mitigating the vulnerability. This is only human friendly and its format and data might change in the future

references

string<uri>[]

verified

boolean | null

This is set to true if a finding was manually verified. It is null for running scans, since this is an attribute of the findings generated after a scan finished

vuln_id

string | null

A unique vulnerability identifier

Example:

"NETSCAN-SNIPER-CVE-2021-42013-RCE"

owasp

object

Vulnerability OWASP Top 10

Show child attributes

cwe

string | null

port

integer | null

The port where this was found on the target

Required range: 0 <= x <= 65535

protocol

enum<string> | null

The transport layer protocol associated with the finding

Available options:

TCP,

UDP,

DCCP,

SCTP

service

enum<string> | null

The application layer service associated with the finding

Available options:

AMQP,

Docker,

FTP,

HTTP,

HTTPS,

MQTT,

MSSQL,

MySQL,

PostgreSQL,

RDP,

Redis,

SMB,

SSH,

STOMP,

Telnet,

VNC,

WinRM

target_id

integer

The ID of the target where the finding was found

Example:

12345

task_id

integer | null

The ID of the task where the finding was found. This is null for manual findings

Example:

54321

screenshots

integer

The number of screenshots taken for the finding

Example:

1

Get all reports

⌘I

Get finding information by ID

curl --request GET \
  --url https://app.pentest-tools.com/api/v2/findings/{id} \
  --header 'Authorization: Bearer <token>'

{
  "id": 420233,
  "name": "Vulnerabilities found for Apache Httpd 2.4.10",
  "test_description": "Checking for SQL Injection...",
  "test_finished": true,
  "confirmed": true,
  "epss_score": 123,
  "epss_percentile": 123,
  "in_cisa_catalog": true,
  "cve": [
    "CVE-2017-3167",
    "CVE-2019-0217"
  ],
  "cvss": 123,
  "cvssv3": 123,
  "vuln_description": "Vulnerabilities found for Apache Httpd 2.4.25 (port 80/tcp)",
  "vuln_evidence": {
    "type": "text",
    "data": {
      "headers": [
        "<string>"
      ],
      "rows": [
        [
          "<string>"
        ]
      ]
    }
  },
  "risk_description": "<string>",
  "risk_level": 0,
  "status": "open",
  "recommendation": "<string>",
  "references": [
    "<string>"
  ],
  "verified": true,
  "vuln_id": "NETSCAN-SNIPER-CVE-2021-42013-RCE",
  "owasp": {
    "owasp_2017": "<string>",
    "owasp_2021": "<string>"
  },
  "cwe": "<string>",
  "port": 32767,
  "protocol": "TCP",
  "service": "AMQP",
  "target_id": 12345,
  "task_id": 54321,
  "screenshots": 1
}

Using the API

API reference

Authorizations

Path Parameters

Response