Pentester API

Manage hands-off pentester engagements via the Nullify API

Endpoints currently live under the /dast namespace. A /pentester alias will be introduced in a future release alongside the updated naming in the UI.

Base URL

https://api.<TENANT>.nullify.ai

List Engagements

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/dast/scans?githubOwnerId=1234'

Start an Engagement

curl -s -X POST \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
        "appName": "Payments API",
        "host": "api.example.com",
        "authConfig": {"headers": {"Authorization": "Bearer 123"}},
        "openapiSpec": {"url": "https://example.com/openapi.yaml"}
      }' \
  'https://api.<TENANT>.nullify.ai/dast/scans?githubOwnerId=1234'

Retrieve Engagement Status

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/dast/scans/01J6EEXK3NKYKWW9XTPQYAF41N?githubOwnerId=1234'

List Engagement Findings

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/dast/scans/01J6EEXK3NKYKWW9XTPQYAF41N/findings?githubOwnerId=1234'

Stop an Engagement

curl -s -X POST \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/dast/scans/01J6EEXK3NKYKWW9XTPQYAF41N/stop?githubOwnerId=1234'

Asset Inventory

GET /dast/inventory/endpoints
POST /dast/inventory/endpoints
GET /dast/inventory/hosts
POST /dast/inventory/hosts

PreviousSecrets & Data API NextCloud Audits API

Last updated 3 months ago

hashtagBase URL

hashtagList Engagements

hashtagStart an Engagement

hashtagRetrieve Engagement Status

hashtagList Engagement Findings

hashtagStop an Engagement

hashtagAsset Inventory

Base URL

List Engagements

Start an Engagement

Retrieve Engagement Status

List Engagement Findings

Stop an Engagement

Asset Inventory