vulnapi icon indicating copy to clipboard operation
vulnapi copied to clipboard
verified publisher icon cerberauth

Confirmation of endpoints scanned

Open slaterx opened this issue 1 year ago • 5 comments

Hi team,

I am wondering, how can I get confirmation of the endpoints scanned when you scan with curl or openapi?

Our API has a lot of endpoints, and with the current output, I can't tell whether the tool found all endpoints and attempted to reach each:


echo "secret-token" | vulnapi scan openapi /tmp/swagger.json


| WELL-KNOWN PATHS | URL |
|------------------|-----|
| OpenAPI          | N/A |
| GraphQL          | N/A |


Congratulations! No issues were found.

| OPERATION | RISK LEVEL | CVSS 4.0 SCORE | OWASP | VULNERABILITY |
|-----------|------------|----------------|-------|---------------|

Needless to say that the swagger.json I am using is a valid swagger:

image

slaterx avatar Sep 27 '24 09:09 slaterx

Thanks for your feedback.

Adding more details about the performed scans could indeed be useful. My main concern is to provide a summary in the CLI output.

Perhaps the best approach would be to display only the number of endpoints checked and the number of scans performed. What do you think?

In the new version, there is also an option to export all the scans performed, including the skipped ones if this can fit your need as well.

emmanuelgautier avatar Sep 29 '24 18:09 emmanuelgautier

If the export option is delivered, your proposal will be spot on because it provides quick feedback and allows the curious user to explore more on the exported output and the CI tooling to move along without cluttering the logs.

slaterx avatar Sep 30 '24 21:09 slaterx

Perfect. The report file structure is still in its alpha, so breaking changes can still be made.

Please don't hesitate to provide feedback. We're currently having discussions on Discord to improve the structure, if you're interested.

emmanuelgautier avatar Oct 01 '24 20:10 emmanuelgautier

well I am! how can I join it?

slaterx avatar Oct 02 '24 01:10 slaterx

You can join it at this link: https://discord.gg/H88NSKQ6wA

emmanuelgautier avatar Oct 02 '24 07:10 emmanuelgautier

Hello contributors!

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you believe this issue is still relevant, please comment with your thoughts or re-open it.

Thank you for your contributions! 🙏

github-actions[bot] avatar Dec 02 '24 01:12 github-actions[bot]