Scans

Operations done on Scans

Base URL

https://app.pentest-tools.com/api/v2

Authorization

Use the "API key" from the profile page as the token


Method
get
Path
/scans

Query parameters

Property
workspace_id
Type
integer

ID of the workspace to show scans from. If not set, the scans from the active workspace (set in the web interface) will be returned.

Property
target_id
Type
integer

ID of the target to show scans from

Property
limit
Type
integer

the maximum number of scans to return

Property
page
Type
integer

the page number to return

Responses

400Invalid parameters
500Internal server error

Request

GET
/scans
curl --request GET \
  --url https://app.pentest-tools.com/api/v2/scans \
  --header 'accept: application/json' \
  --header 'authorization: Bearer {token}'

Response

[
  {
    "id": 1,
    "tool_id": 1,
    "target_id": 1,
    "workspace_id": 1,
    "status_name": "running",
    "vpn_scan": true,
    "progress": 1,
    "result_summary": {
      "text": "",
      "high": 1,
      "medium": 1,
      "low": 1,
      "info": 1
    },
    "start_time": "",
    "end_time": "",
    "duration": 1,
    "num_tests": 1,
    "num_finished_tests": 1,
    "status_message": "",
    "scan_original_url": true
  }
]

OK


Method
post
Path
/scans

Request parameters

Content type
application/json
object
Property
tool_id
Type
integer
required
Yes
Property
target_id
Type
integer | null

only one of target_id and target_name should be used

Property
target_name
Type
string | null

only one of target_id and target_name should be used

Property
workspace_id
Type
integer | null

Workspace where the scan is started. It has to match the workspace ID of the target

Property
max_scan_time
Type
integer
min
5
max
1440

Maximum number of minutes that the scan should run. Not supported by: Sniper, tools with short scan duration (like Website Recon or ICMP Ping).

Property
report_callback
Type
object

Send the report in a specific format to this URL when the scan finishes

Property
scan_original_url
Type
boolean
default
 
false

If true, the original URL is passed to the scanner, even if it redirects. If false, the redirected URL will be scanned instead.

Property
redirect_level
Type
string
default
 
"same_domain"

Possible values:

  • none - the target is passed directly to the scanner
  • check_accessibility - the target is checked for accessibility and an error is thrown on any redirect
  • same_host - only redirects within the same host are allowed
  • same_domain - redirects to subdomains are allowed
  • allow_all - any redirects are allowed

When starting a scan on a workspace with a VPN profile attached, the default value is set to none and no other values are allowed

Property
tool_params
Type
object

Responses

400Invalid parameters
500Internal server error

Request

POST
/scans
curl --request POST \
  --url https://app.pentest-tools.com/api/v2/scans \
  --header 'accept: application/json' \
  --header 'authorization: Bearer {token}'

Response

{
  "created_id": 420323,
  "target_id": 5426912
}

Created


Method
get
Path
/scans/{id}

Get scan information by ID

Get scan information by ID. For the output, see /scans/{id}/output

Path parameters

Property
id
Type
integer
required
Yes

id of scan

Responses

500Internal server error

Request

GET
/scans/{id}
curl --request GET \
  --url https://app.pentest-tools.com/api/v2/scans/{id} \
  --header 'accept: application/json' \
  --header 'authorization: Bearer {token}'

Response

{
  "id": 1,
  "tool_id": 1,
  "target_id": 1,
  "workspace_id": 1,
  "status_name": "running",
  "vpn_scan": true,
  "progress": 1,
  "result_summary": {
    "text": "",
    "high": 1,
    "medium": 1,
    "low": 1,
    "info": 1
  },
  "start_time": "",
  "end_time": "",
  "duration": 1,
  "num_tests": 1,
  "num_finished_tests": 1,
  "status_message": "",
  "scan_original_url": true
}

OK


Method
delete
Path
/scans/{id}

Delete a scan

Delete a scan.

Path parameters

Property
id
Type
integer
required
Yes

id of scan

Responses

204Deleted successfully
409Task not finished
500Internal server error

Request

DELETE
/scans/{id}
curl --request DELETE \
  --url https://app.pentest-tools.com/api/v2/scans/{id} \
  --header 'accept: application/json' \
  --header 'authorization: Bearer {token}'

Response

No Body

Deleted successfully


Method
get
Path
/scans/{id}/output

Path parameters

Property
id
Type
integer
required
Yes

id of scan

Headers

Accept

Possible values:

  • application/json
  • application/pdf

Responses

406Media type not supported
500Internal server error

Request

GET
/scans/{id}/output
curl --request GET \
  --url https://app.pentest-tools.com/api/v2/scans/{id}/output \
  --header 'accept: application/json' \
  --header 'authorization: Bearer {token}'

Response

{
  "output_type": "",
  "output_data": {}
}

OK


Method
get
Path
/scans/{id}/raw

Path parameters

Property
id
Type
integer
required
Yes

id of scan

Responses

204No Content
500Internal server error

Request

GET
/scans/{id}/raw
curl --request GET \
  --url https://app.pentest-tools.com/api/v2/scans/{id}/raw \
  --header 'accept: application/json' \
  --header 'authorization: Bearer {token}'

Response

{
  "data": [
    ""
  ]
}

OK


Method
post
Path
/scans/{id}/stop

Path parameters

Property
id
Type
integer
required
Yes

id of the scan

Responses

204No Content
500Internal server error

Request

POST
/scans/{id}/stop
curl --request POST \
  --url https://app.pentest-tools.com/api/v2/scans/{id}/stop \
  --header 'accept: application/json' \
  --header 'authorization: Bearer {token}'

Response

No Body

No Content