1. Home
  2. Docs
  3. API Documentation
  4. Scans – Create
  5. NewTarget

NewTarget

Route: https://api.cytrix.io/NewTarget

This feature will allow you to start a new scan, including the option of adding modifiers as you please.

Roles Required: Admin, User or Private User.

Request Syntax

{
    "apiKey": "String", 
    "target": "URL"
    "targets": ["URL", "URL"],
    "targetsExcelFile": "String",
    "speed": 1-10,
    "singleCheck": True/False, 
    "profileLoginName": "String",
    "headers": {"key": "value"},
    "cookies": {".example.com": "key1=val1; key2=val2;"},
    "levelDeep": 1-10,
    "autoSpeed": True/False,
    "enumeration": True/False,
    "exclude": ["URL", "URL"],
    "include": ["URL", "URL"],
    "scheduleMode": True/False,
    "every": "day/week/month",
    "interval": int,
    "AllowedHosts": ["URL"],
    "projectName": "String",
    "proxyName": "String",
    "enumeration": True/False, 
    "description": "String",
    "fixedIp": True/False,
    "jiraProjectKey": "String",
    "mobile": True/False,
    "spaDetect": True/False,
    "spa": True/False,
    "durationLimit": 1-24,
    "robots": "String",
    "sitemap": "String",
    "emailType": "String",
    "modifiedEmail": "String",
    "justCves": True/False,
    "refreshToken": True/False,
    "pfxFile": "String",
    "pfxPwd": "String",
    "fileCrawler": "String",
    "apiSchemaFile": "String",
    "checkStoredInjection": True/False,
    "usePayloads": True/False,
    "allPorts": True/False,
    "scanPorts": True/False,
    "scanSubdomains": True/False,
    "crtName": "String",
    "keyName": "String"
}

Request Parameters

Parameters being used in the Request

Parameter Name :

apiKey

Parameter Usage and Options :

Your Kayran given API Key.

How do I get it ? :

Located in the “Profile” section.

Note : by default, the “API Status” is enabled, unless, the Admin has disabled it in the “Server Settings” section.

Type :

String

Is it Optional ? :

No.


Parameter Name :

target

Parameter Usage and Options :

The URL you wish to scan.

How do I get it ? :

The URL\address that usually appears in the address bar.

Type :

String

Is it Optional ? :

No.


Parameter Name :

targets

Parameter Usage and Options :

The URLs you wish to scan.

How do I get it ? :

The URL\address that usually appears in the address bar.

Type :

String

Is it Optional ? :

No.


Parameter Name :

speed

Parameter Usage and Options :

Setting Kayran scan speed, changing the value of the speed parameter will cause Kayran to change the number of RPS (Requests Per Second).
Note : if you determine that the value of autoSpeed is “on”, the speed will be set automatically and dynamically.

Value :

Ranges from 1 to 10.

1 – Lowest Speed

10 – Highest Speed

Type :

Integer

Is it Optional ? :

Yes \ No – Depends on what autoSpeed is set to.


Parameter Name :

singleCheck

Parameter Usage and Options :

Value :

on \ off

In case that you will need to run a scan on a single page,

This parameter will allow you to set a scan aiming at a specific and single path.

Type :

String

Is it Optional ? :

Yes – you can adjust the levelDeep manually.


Parameter Name :

profileLoginName

Parameter Usage and Options :

A certain form\method of Login Authentication you created.

How do I get it ? :

There’s a table, displaying all the login profiles you created in the “Login Authentication” section.

Type :

String

Is it Optional ? :

Yes – if you don’t wish to use login profiles.


Parameter Name :

headers

Parameter Usage and Options :

Value :

“Your Desired Headers”

This parameter will allow you to set your own headers that will be sent forward to your target while scanning with Kayran.

Type :

String

Is it Optional ? :

Yes – if you don’t wish to use any specific headers.


Parameter Name :

levelDeep

Parameter Usage and Options :

Value :

Ranging from1 to 10.

Allows you to set the scan’s depth.

Note : high\low values set in the levelDeep will affect the scan’s duration.

Type :

Integer

Is it Optional ? :

Yes \ No – Depending on whether singleCheck is being used.


Parameter Name :

scheduleMode

Parameter Usage and Options :

Value :

on\off

Set scheduleMode to “on” if you want to schedule scan to be initiated based on your preferences.

Type :

String

Is it Optional ? :

Yes


Parameter Name :

every

Parameter Usage and Options :

Value :

d\w\m

Set your scheduled scan schedule by day\week\month

Type :

String

Is it Optional ? :

No – if you wish to schedule a scan.


Parameter Name :

interval

Parameter Usage and Options :

Value :

A number.

Set the number of times a scheduled scan should be scheduled to.

Example : setting the value 1 in “interval” and d in “every” will schedule a scan to be initiated daily.

Type :

Integer

Is it Optional ? :

No – if you wish to schedule a scan.


Parameter Name :

projectName

Parameter Usage and Options :

This parameter will allow you to set your Project Name that will be used to tag your targets while scanning with Kayran.

How do I get it ? :

There’s a table, containing all the projects you created in the “Projects” section.

Type :

String

Is it Optional ? :

Yes


Parameter Name:

proxyName

Parameter Usage and Options :

Allows you to use a certain Proxy you created.

How do I get it ? :

There’s a table, containing all the proxies you created in the “Proxy” section.

Type :

String

Is it Optional ? :

No – if you wish to use a Proxy while scanning.


Parameter Name :

autoSpeed

Parameter Usage and Options :

Value :

on \ off

Auto Speed allows Kayran to set up the scan speed according to your target resources, in addition, Kayran will adjust the speed UP and DOWN automatically when needed.

Type :

String

Is it Optional ? :

Yes – you can adjust the scan’s speed manually.


Parameter Name :

enumeration

Parameter Usage and Options :

Value :

on \ off
Sets Kayran enumeration mode ON.

This will make Kayran guess all of the possible paths and parameters on the scanned URL.

Note : enabling enumeration will significantly extend the scan’s duration.

Type :

String

Is it Optional ? :

Yes


Parameter Name :

exclude

Parameter Usage and Options :

You can choose to restrict Kayran from scaning certain domains.

How do I get it ? :

Your desired URL to be excluded.

Type :

String

Is it Optional ? :

Yes


Parameter Name :

apis

Parameter Usage and Options :

You can choose to add API’s that Kayran will scan as part of the scan.

How do I get it ? :

Your desired API to be scanned.

Type :

String

Is it Optional ? :

Yes


Parameter Name :

description

Parameter Usage and Options :

There is an option to write a description for the scan.

Value :

Any text you wish to use.

Type :

String

Is it Optional ? :

Yes


Parameter Name :

fixedIp

Parameter Usage and Options :

In case you’ve purchased the option to constantly scan a single target.

Value :

on\off

Type :

String

Is it Optional ? :

Yes


Parameter Name :

jiraProjectKey

Parameter Usage and Options :

Key of the project you’ve created in Jira.

Type :

String

Is it Optional ? :

Yes


Parameter Name :

mobile

Parameter Usage and Options :

In case you wish to scan the Target as mobile.

Value :

true/false

Type :

Boolean

Is it Optional ? :

Yes


Parameter Name :

spaDetect

Parameter Usage and Options :

Allowing Kayran to automatically determine if the site is an SPA or not.

Value :

true/false

Type :

Boolean

Is it Optional ? :

Yes


Parameter Name :

spa

Parameter Usage and Options :

Allowing you to manually determine if the site is an SPA or not.

Value :

true/false

Type :

Boolean

Is it Optional ? :

Yes


Parameter Name :

durationLimit

Parameter Usage and Options :

Allowing you to manually adjust the scan’s length.

Value :

1-24

Type :

int

Is it Optional ? :

Yes


Parameter Name :

robots

Parameter Usage and Options :

The contents of the file encoded in Base64.

Type :

String

Is it Optional ? :

Yes


Parameter Name :

sitemap

Value :

The contents of the file encoded in Base64.

Type :

String

Is it Optional ? :

Yes


Parameter Name :

emailType

Parameter Usage and Options :

The type of modified Email to be used. To learn more, go here.

Value :

4 Types –

  1. starter_random or starter random – {random}@gmail.com
  2. starter_base_random or starter base random – {random}@{random}.com
  3. random_with_base or random with base – {random}@{base}
  4. custom_email or custom email – {Custom Mail}

[“starter_random”, “starter_base_random”, “random_with_base”, “custom_email”]

or

[“starter random”, “starter base random”, “random with base”, “custom email”]

Type :

String

Is it Optional ? :

Yes


Parameter Name :

modifiedEmail

Parameter Usage and Options :

The Email address you wish to be used. To learn more, go here.

Type :

String

Is it Optional ? :

No, if you use random_with_base (random with base) or custom_email (custom email).


Parameter Name :

justCves

Parameter Usage and Options :

In case that you wish the Scan will only search and detect CVEs.

Type :

Boolean

Value :

True|False

Is it Optional ? :

Yes.


Parameter Name :

refreshToken

Parameter Usage and Options :

In case that you wish to indicate that your site uses a ‘Refresh Token’. That site will be defined as an SPA.

Type :

Boolean

Value :

True|False

Is it Optional ? :

Yes.


Parameter Name :

targetsExcelFile

Parameter Usage and Options :

In case Users wants to initiate Multiple scans with multiple targets using an .xlsx File. Insert the exact full name of the File as it’s saved in the Storage. For example: file1.xlsx –> file1.xlsx .

Type :

String

Is it Optional ? :

If you wish to use an .xlsx file, then No.


Parameter Name :

pfxFile

Parameter Usage and Options :

Full, exact name of the Certificate as it’s saved in your Storage.

Type :

String

Is it Optional ? :

If you wish to use a Certificate, then No.


Parameter Name :

pfxPwd

Parameter Usage and Options :

The Password needed for the Certificate File.

Type :

String

Is it Optional ? :

If you wish to use a Certificate, then No.


Parameter Name :

fileCrawler

Parameter Usage and Options :

In case Users wish to use an .HAR file. Insert the exact full name of the File as it’s saved in the Storage.
For example: file1.har –> file1.har .

Type :

String

Is it Optional ? :

Yes.


Parameter Name :

apiSchemaFile

Parameter Usage and Options :

In case Users wish to use an API Schema file to initiate a Scan on their API. Insert the exact full name of the File as it’s saved in the Storage.
For example: file1.json –> file1.json .

Type :

String

Is it Optional ? :

If you wish to conduct an API Schema scan, then No.

Note: Currently, we support Postman and Swagger schemas.


Parameter Name :

allPorts

Parameter Usage and Options :

In case you wish to find all ports.

Value :

True/False

Type :

String

Is it Optional ? :

Yes


Parameter Name :

scanPorts

Parameter Usage and Options :

In case you wish to scan all found ports.

Value :

True/False

Type :

String

Is it Optional ? :

Yes


Parameter Name :

scanSubdomains

Parameter Usage and Options :

In case you wish to scan all found subdomains.

Value :

True/False

Type :

String

Is it Optional ? :

Yes


Parameter Name :

vpnConfName

Parameter Usage and Options :

Configure a VPN

Value :

VPN name

Type :

String

Is it Optional ? :

Yes


Parameter Name :

keyName

Parameter Usage and Options :

Certification verification

Value :

Key Name

Type :

String

Is it Optional ? :

Yes


Parameter Name :

crtName

Parameter Usage and Options :

Certification verification

Value :

Cert name

Type :

String

Is it Optional ? :

Yes


Successful Response


{
    "Error": 0,
    "Function": "NewTarget",
    "Data": [
        {
            "target": "URL",
            "status": "OK",
            "token": "String"
        }
    ]
}

Specific Errors and their Possible Causes

Scan_Not_Allowed : means that the number of scans you wish to initiate, exceeds the number of active scans you can initiate (based on your purchased plan).

For more information, please refer to the General Errors section.