Start a scan

curl --request POST \ --url https://app.pentest-tools.com/api/v2/scans \ --header 'Authorization: Bearer <token>' \ --header 'Content-Type: application/json' \ --data ' { "tool_id": 123, "tool_params": { "scan_type": "deep", "web_details": true, "whois": false, "unresolved_results": false, "search_methods": { "passive_detection": true, "dns_records": true, "dns_enumeration": { "enabled": true, "wordlist_id": 1600 }, "ctr_search": true, "external_api_search": true, "bing_search": true, "google_search": true, "html_search": true, "ssl_search": true, "revdns_search": true, "alteration_search": true, "cname_search": true } }, "target_id": 123, "target_name": "<string>", "workspace_id": 123, "vpn_profile_uuid": "<string>", "max_scan_time": 1440, "scan_original_url": false, "redirect_level": "same_domain" } '

Tool	`tool_id`
Subdomain Finder	20
WHOIS	30
Port Scanner	70
URL Fuzzer	90
Virtual Hosts Finder	160
Website Scanner	170
ICMP Ping	240
SharePoint Scanner	260
WordPress Scanner	270
Drupal Scanner	280
Joomla Scanner	290
Website Recon	310
Subdomain Takeover	320
Network Scanner	350
SQLi Exploiter	380
Domain Finder	390
Password Auditor	400
SSL/TLS Scanner	450
Sniper	490
WAF Detector	500
API Scanner	510
Cloud Scanner	520
People Hunter	530
Kubernetes Scanner	540

Tool

tool_id

Subdomain Finder

WHOIS

Port Scanner

URL Fuzzer

Virtual Hosts Finder

160

Website Scanner

170

ICMP Ping

240

SharePoint Scanner

260

WordPress Scanner

270

Drupal Scanner

280

Joomla Scanner

290

Website Recon

310

Subdomain Takeover

320

Network Scanner

350

SQLi Exploiter

380

Domain Finder

390

Password Auditor

400

SSL/TLS Scanner

450

Sniper

490

WAF Detector

500

API Scanner

510

Cloud Scanner

520

People Hunter

530

Kubernetes Scanner

540

Authorizations

Authorization

string

header

required

Use the "API key" from the profile page as the token

Body

application/json

tool_id

integer

required

tool_params

object

Show child attributes

target_id

integer

only one of target_id and target_name should be used

target_name

string | null

only one of target_id and target_name should be used

workspace_id

integer | null

Workspace where the scan is started. It has to match the workspace ID of the target

vpn_profile_uuid

string | null

VPN profile to use for the scan. If null, there will be no VPN profile used. If not specified, the profile attached to the workspace will be used.

max_scan_time

integer

default:1440

Maximum number of minutes that the scan should run. Not supported by: Sniper, tools with short scan duration (like Website Recon or ICMP Ping).

Required range: 1 <= x <= 1440

report_callback

object

Send the report in a specific format to this URL when the scan finishes

Show child attributes

scan_original_url

boolean

default:false

If true, the original URL is passed to the scanner, even if it redirects. If false, the redirected URL will be scanned instead.

redirect_level

enum<string>

default:same_domain

Possible values:

none - the target is passed directly to the scanner
check_accessibility - the target is checked for accessibility and an error is thrown on any redirect
same_host - only redirects within the same host are allowed
same_domain - redirects to subdomains are allowed
allow_all - any redirects are allowed

Available options:

none,

check_accessibility,

same_host,

same_domain,

allow_all

Response

Created

data

object

required

Show child attributes

Using the API

API reference

Authorizations

Body

Response