Skip to content
Vulnerability Scanning API Integration

Vulnerability Scanning API - Ready-to-use scan engines

Integrate our pentesting and vulnerability scanning tools into your internal security testing flows. Enhance your Continuous Integration (CI) flows or add extra data to your custom applications with our API.

  • Get up and running in a few minutes

  • Add automated security scanning to your self-testing builds

  • Easily integrate it based on the detailed API reference

Here’s what else you get with our Enterprise plan

Get up and running in a few minutes

Use our API straight out of the box: set your parameters and save invaluable time with our pre-configured scanners. Launch and delete scans in bulk and focus on interesting findings while we deliver accurate results.

With the API, you can always start, stop, and query scans against up to 1000 targets with multiple pentesting tools - in a machine-friendly format (JSON). API operations
CI/CD Pipeline with API integration

Improve self-testing builds with security scanning

Make your releases less risky and your security issues easier to fix - proactively. Establish continuous security testing and automate it for maximum efficiency with the API.

Deploy safe, resilient code by running security assessments with our ready-to-use scanners. Enhance your CI/CD process with built-in vulnerability testing to remove unintended backdoors and misconfigurations that endanger performance.

Easily integrate it using the detailed API reference

It’s really easy to scan multiple targets simultaneously using the API with minimal input from your side. Plus, you can instantly see if scans are running properly, eliminating errors and duplicate work.

It only takes a few lines of code to initiate scans in several workspaces and run the same scan against multiple targets. Check out our sample API client to see for yourself! API Reference

What our customers say

Peter Bassill

90% of the early recon work is done for us

Likes the API for

  • Flexibility

  • Extensive suite of tools

  • Very simple to use

  • Fast and accurate

"Imagine a world where all your "onsite" testing was performed offsite. Where your only choice is to send an appliance to a client site. That would never happen right? Well it did in February 2020. We started looking at this puzzle in August of 2019 to answer a problem for a very specific group group of clients and had a suite of tools that would work for us. And they had an API!

Fast forward to May of 2020. Thanks to the flexibility of, and the responsiveness of their support and development teams, we are shipping bespoke appliances to clients to use as drop boxes. But rather than just spin up a VPN, we gave the client a simple portal to log into and click "start" on their test. Using the full extensive suite of tools through the API, 90% of the early recon work is done for us with a simple PHP and Python script. Even the report is partially completed.

If you are a solo pentester, or a small testing house, then I would heartily recommend The platform is very simple to use, fast and accurate.”

Peter Bassill

Pentester, Security Researcher, Bounty Hunter, CISO/CIO with 20+ years of experience, Founder at Hedgehog Security

Ioan Constantin

The go-to platform for automated web vulnerability assessments

Likes the API for

  • Ease of use

  • Great reporting capabilities

“Having access to a well documented API was key for the successful integration of Threatmap and and the girls and guys over there delivered a great API, were prompt in answering our feedback and supporting our needs for some over-the-top custom integration requirements.”

Ioan Constantin

Cyber Security Expert, Orange | Industry: Telecom

Sign up to start using the API

Or check out our API reference to learn more

4 ways to use the API

Ship safer deployments with less bugs and no major vulnerabilities

Capture security issues early by integrating our API into your automated tests.

Reduce your attack surface based on accurate, prioritized findings: troubleshoot misconfigurations, identify and close open ports, limit outsiders’ access to internal network services, and more! Make delivering secure code your competitive advantage.

Reduce your testing costs (time & money)

Merge our API into your CI/CD server and run 11 security tools in a matter of seconds!

Replace manual work with scheduled scans and free up internal resources. Set your scripts to run during the night and get more out of your workday. Spend more time on strategic tasks such as updating workflows for a boost in productivity.

Scan new infrastructure while deploying it

Add the API to your deployment pipeline and discover vulnerabilities as they emerge. Use it to find issues such as outdated server software, SQL injection, XSS risks, security gaps in network services, and more.

Our API is well-suited for complex deployment scripts. Run authenticated security tests and scan internal networks through VPN to get results for a broad range of apps and network components.

Integrate our tools into your web app, dashboard, or network

Prefer things done your way? We get it!

Incorporate data from our API into your UI. Get reliable, consistent scan results from up to date scans engines we maintain.

Choose the features you want to use and set it up to get crucial findings - filtered and organized just how you like it.

See what else you get with the Enterprise plan

Developed for...

  • DevOps teams

    Tasked with preventing security gaps in web apps and networks

  • Pentesters

    Who manage a large number of targets, scans, and findings programmatically

  • Developers

    Who want to automate their application security testing with a reliable set of up-to-date tools

  • Network security specialists

    Looking to quickly surface new, critical issues that expose their systems

Over 1 million people use every year, including experts at:

Our clients

Get better results with less work

Sign up to use the API

We built the API for security and IT experts who want

  • More control

    Use the vulnerability ID to filter and zoom in on interesting findings or edit them.

  • More accuracy

    Automatically map and scan redirects with zero impact to your initial setup.

  • More reliability

    Get instant feedback on potential errors before the scan starts.

  • More flexibility

    Merge, modify, and customize output from multiple scanners or 3rd party tools.

Start using the API

The Enterprise plan also includes:

  • Authenticated website scans
  • Internal network scanning (through VPN)
  • Multi-user access
  • JIRA integration
  • White label reports
  • Access to all 25+ tools on the platform and more!
Become an Enterprise customer

Frequently asked questions

If your question is not covered here, please check our FAQ or contact us.

Does the API provide support for all the tools on

Currently, the following tools can be used through our API: Website Scan, Find Subdomains, Find Virtual Hosts, TCP Port Scan, UDP Port Scan, Network Scan OpenVAS, URL Fuzzer, SQLi Scan, XSS Scan, WordPress Scan, Drupal Scan.

We plan to add support for other tools and scanners at in future iterations. Keep an eye on our changelog, blog, and on our LinkedIn page to be the first to know when we do! You can also explore more details in the dedicated article in our Support Center.

Do API scans appear in the Attack Surface view?

For the moment, the Attack Surface view covers manual scans only from the following tools: Website Recon, Website Scanner, TCP Port Scanner, UDP Port Scanner, and OpenVAS Scanner.

Wondering why your scans don’t appear in the Attack Surface view? This article in our support center is just what you need.

Additionally, we plan to add support for scans run using the API in future iterations. Keep an eye on our changelog, blog, and on our LinkedIn page to be the first to know when we do!