Pentest-Tools.com LogoPentest-Tools.com API Reference

Scans

Operations done on Scans

Base URL

https://app.pentest-tools.com/api/v2

Authorization

Use the "API key" from the profile page as the token

Endpoints

Method
get
Path
/scans

Get all scans

Query parameters

Property
workspace_id
Type
integer

ID of the workspace to show scans from. If not set, the scans from the active workspace (set in the web interface) will be returned.

Property
target_id
Type
integer

ID of the target to show scans from

Property
status
Type
string

Status of the scans to be shown

Possible values:

  • "running"
  • "finished"
  • "failed to start"
  • "stopped"
  • "timed out"
  • "waiting"
  • "aborted"
  • "VPN connection error"
  • "auth failed"
  • "connection error"
Property
limit
Type
integer

the maximum number of scans to return

Property
page
Type
integer

the page number to return

Responses

400Invalid parameters
500Internal server error

Request

GET
/scans
curl --request GET \
  --url https://app.pentest-tools.com/api/v2/scans \
  --header 'accept: application/json' \
  --header 'authorization: Bearer {token}'

Response

[
  {
    "id": 1,
    "tool_id": 1,
    "target_id": 1,
    "status_name": "running",
    "vpn_scan": true,
    "progress": 1,
    "result_summary": {
      "text": "…",
      "critical": 1,
      "high": 1,
      "medium": 1,
      "low": 1,
      "info": 1
    },
    "start_time": "…",
    "end_time": "…",
    "duration": 1,
    "num_tests": 1,
    "num_finished_tests": 1,
    "status_message": "…"
  }
]

OK

Method
post
Path
/scans

Start a scan

Request parameters

Content type
application/json
object
Property
tool_id
Type
integer
required
Yes
Property
target_id
Type
integer

only one of target_id and target_name should be used

Property
target_name
Type
string | null

only one of target_id and target_name should be used

Property
workspace_id
Type
integer | null

Workspace where the scan is started. It has to match the workspace ID of the target

Property
vpn_profile_uuid
Type
string | null

VPN profile to use for the scan. If null, there will be no VPN profile used. If not specified, the profile attached to the workspace will be used.

Property
max_scan_time
Type
integer
default
 
1440
min
1
max
1440

Maximum number of minutes that the scan should run. Not supported by: Sniper, tools with short scan duration (like Website Recon or ICMP Ping).

Property
report_callback
Type
object

Send the report in a specific format to this URL when the scan finishes

Property
scan_original_url
Type
boolean
default
 
false

If true, the original URL is passed to the scanner, even if it redirects. If false, the redirected URL will be scanned instead.

Property
redirect_level
Type
string
default
 
"same_domain"

Possible values:

  • none - the target is passed directly to the scanner
  • check_accessibility - the target is checked for accessibility and an error is thrown on any redirect
  • same_host - only redirects within the same host are allowed
  • same_domain - redirects to subdomains are allowed
  • allow_all - any redirects are allowed
Property
tool_params
Type
object

Responses

400Invalid parameters
500Internal server error

Request

POST
/scans
curl --request POST \
  --url https://app.pentest-tools.com/api/v2/scans \
  --header 'accept: application/json' \
  --header 'authorization: Bearer {token}'

Response

{
  "created_id": 420323,
  "target_id": 5426912
}

Created

Method
get
Path
/scans/{id}

Get scan information by ID

Get scan information by ID. For the output, see /scans/{id}/output

Path parameters

Property
id
Type
integer
required
Yes

id of scan

Responses

500Internal server error

Request

GET
/scans/{id}
curl --request GET \
  --url https://app.pentest-tools.com/api/v2/scans/{id} \
  --header 'accept: application/json' \
  --header 'authorization: Bearer {token}'

Response

{
  "id": 1,
  "tool_id": 1,
  "target_id": 1,
  "status_name": "running",
  "vpn_scan": true,
  "progress": 1,
  "result_summary": {
    "text": "…",
    "critical": 1,
    "high": 1,
    "medium": 1,
    "low": 1,
    "info": 1
  },
  "start_time": "…",
  "end_time": "…",
  "duration": 1,
  "num_tests": 1,
  "num_finished_tests": 1,
  "status_message": "…"
}

OK

Method
delete
Path
/scans/{id}

Delete a scan

Delete a scan.

Path parameters

Property
id
Type
integer
required
Yes

id of scan

Responses

204Deleted successfully
409Task not finished
500Internal server error

Request

DELETE
/scans/{id}
curl --request DELETE \
  --url https://app.pentest-tools.com/api/v2/scans/{id} \
  --header 'accept: application/json' \
  --header 'authorization: Bearer {token}'

Response

No Body

Deleted successfully

Method
get
Path
/scans/{id}/output

Get scan output by ID

Path parameters

Property
id
Type
integer
required
Yes

id of scan

Headers

Accept

Possible values:

  • application/json
  • application/pdf

Responses

406Media type not supported
500Internal server error

Request

GET
/scans/{id}/output
curl --request GET \
  --url https://app.pentest-tools.com/api/v2/scans/{id}/output \
  --header 'accept: application/json' \
  --header 'authorization: Bearer {token}'

Response

{
  "output_type": "…",
  "output_data": {}
}

OK

Method
get
Path
/scans/{id}/raw

Get scan raw output by ID

Path parameters

Property
id
Type
integer
required
Yes

id of scan

Responses

204No Content
500Internal server error

Request

GET
/scans/{id}/raw
curl --request GET \
  --url https://app.pentest-tools.com/api/v2/scans/{id}/raw \
  --header 'accept: application/json' \
  --header 'authorization: Bearer {token}'

Response

{
  "data": [
    "…"
  ]
}

OK

Method
post
Path
/scans/{id}/stop

Stop an active scan

Path parameters

Property
id
Type
integer
required
Yes

id of the scan

Responses

204No Content
500Internal server error

Request

POST
/scans/{id}/stop
curl --request POST \
  --url https://app.pentest-tools.com/api/v2/scans/{id}/stop \
  --header 'accept: application/json' \
  --header 'authorization: Bearer {token}'

Response

No Body

No Content