Pentester API

Manage hands-off pentester engagements via the Nullify API

Endpoints currently live under the /dast namespace. A /pentester alias will be introduced in a future release alongside the updated naming in the UI.

Base URL

https://api.<TENANT>.nullify.ai

List Engagements

GET undefined/dast/scans

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/dast/scans?githubOwnerId=1234'

Start an Engagement

POST undefined/dast/scans

curl -s -X POST \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
        "appName": "Payments API",
        "host": "api.example.com",
        "authConfig": {"headers": {"Authorization": "Bearer 123"}},
        "openapiSpec": {"url": "https://example.com/openapi.yaml"}
      }' \
  'https://api.<TENANT>.nullify.ai/dast/scans?githubOwnerId=1234'

Retrieve Engagement Status

GET undefined/dast/scans/{scanId}

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/dast/scans/01J6EEXK3NKYKWW9XTPQYAF41N?githubOwnerId=1234'

List Engagement Findings

GET undefined/dast/scans/{scanId}/findings

curl -s \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/dast/scans/01J6EEXK3NKYKWW9XTPQYAF41N/findings?githubOwnerId=1234'

Stop an Engagement

POST undefined/dast/scans/{scanId}/stop

curl -s -X POST \
  -H "Accept: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  'https://api.<TENANT>.nullify.ai/dast/scans/01J6EEXK3NKYKWW9XTPQYAF41N/stop?githubOwnerId=1234'

Asset Inventory

GET /dast/inventory/endpoints
POST /dast/inventory/endpoints
GET /dast/inventory/hosts
POST /dast/inventory/hosts

PreviousSecrets & Data API NextCloud Audits API

Last updated 2 months ago