NOTE: this API is only available to On-demand scan subscribers. Contact us for details.

Ondemand Scope Hostname Bulk APIv3

This APIv3 is used to launch an active scan against a list of given hostnames. DNS enumeration won’t be performed at this stage, just given FQDNs with DNS resolution will be scanned. When launched, a Scan ID will be given back to you. This Scan ID can be used to track current scan result or to fetch past scan results.

Using curl

curl -H 'Content-Type: application/json' -H 'X-Api-Key: YOUR_APIKEY' -XPOST 'https://www.onyphe.io/api/v3/ondemand/scope/hostname/bulk' -d '{ "hostname":"HOSTNAME1.TLD,HOSTNAME2.TLD,HOSTNAME3.TLD" }'

Available parameters

curl -H 'Content-Type: application/json' -H 'X-Api-Key: YOUR_APIKEY' -XPOST 'https://www.onyphe.io/api/v3/ondemand/scope/hostname/bulk' -d '{ "hostname":"HOSTNAME1.TLD,HOSTNAME2.TLD,HOSTNAME3.TLD", "import":"false", "vulnscan":"false", "urlscan":"false", "ports":"80,443" }'

Using ONYPHE CLI

echo HOSTNAME1.TLD > /tmp/hostnames.txt
echo HOSTNAME2.TLD >> /tmp/hostnames.txt
echo HOSTNAME3.TLD >> /tmp/hostnames.txt

onyphe -ondemand-scope-hostname-bulk /tmp/hostnames.txt

Fetching scan results

See Ondemand Scope Result APIv3.

Response codes

error:    0, text: "Success"
error: 1000, text: "API doesn't exist"
error: 1001, text: "API rate limit reached"
error: 1002, text: "API key is not given"
error: 1003, text: "API key is not valid"
error: 1004, text: "User API failed"
error: 1005, text: "User API success"
error: 1006, text: "User failed"
error: 1007, text: "User success"
error: 1008, text: "API call not authorized"
error: 1009, text: "Ondemand API call failed"
error: 1010, text: "Ondemand API call success"
error: 1011, text: "All scanners are busy"
error: 1012, text: "Scan ID not found"
error: 2000, text: "Scope type is unknown"
error: 2001, text: "Failed to parse scope"
error: 2002, text: "Target is undefined"
error: 2003, text: "Scan is already running"
error: 2004, text: "Cache query failed"
error: 2005, text: "Target has invalid format"
error: 2006, text: "Scan ID is undefined"
error: 2007, text: "Scan ID not found"
error: 2008, text: "Scan ID has no results"
error: 2009, text: "Scan ID has empty results"
error: 2010, text: "Scan ID has no scope"
error: 2011, text: "Target not allowed"
error: 2012, text: "License not allowed"
error: 2013, text: "No API key given"
error: 2014, text: "Scan failed to start"
error: 2015, text: "maxscantime parameter must be an integer"
error: 2016, text: "urlscan parameter must be true or false"
error: 2017, text: "vulnscan parameter must be true or false"
error: 2018, text: "ports parameter must be comma-separated list of numbers"
error: 2019, text: "import parameter must be true or false"
error: 2020, text: "aslines parameter must be true or false"
error: 2021, text: "full parameter must be true or false"
error: 2022, text: "riskscan parameter must be true or false"
error: 2023, text: "asm parameter must be true or false"
error: 2024, text: "Scan ID not found"
error: 2025, text: "Scan ID has no scope file"
error: 2026, text: "Scan ID has an empty scope file"
error: 2027, text: "Scan ID is in progress"
error: 2028, text: "Scan ID has been killed"
error: 2029, text: "Scan ID has no DNS resolution"
error: 2030, text: "Scan ID has no open port"
error: 2031, text: "Scan ID has no application results"
error: 2032, text: "Scan ID has no result file"
error: 2033, text: "Scan ID has result file but is empty"
error: 2034, text: "Scan ID scope is of unknown type"
error: 2035, text: "Scan ID results are being built"