Route: https://api.cytrix.io/NewTarget
This feature will allow you to start a new scan, including the option of adding modifiers as you please.
Roles Required: Admin, User or Private User.
Request Syntax
{
"apiKey": "String",
"target": "URL"
"targets": ["URL", "URL"],
"targetsExcelFile": "String",
"speed": 1-10,
"singleCheck": True/False,
"profileLoginName": "String",
"headers": {"key": "value"},
"cookies": {".example.com": "key1=val1; key2=val2;"},
"levelDeep": 1-10,
"autoSpeed": True/False,
"enumeration": True/False,
"exclude": ["URL", "URL"],
"include": ["URL", "URL"],
"scheduleMode": True/False,
"every": "day/week/month",
"interval": int,
"AllowedHosts": ["URL"],
"projectName": "String",
"proxyName": "String",
"enumeration": True/False,
"description": "String",
"fixedIp": True/False,
"jiraProjectKey": "String",
"mobile": True/False,
"spaDetect": True/False,
"spa": True/False,
"durationLimit": 1-24,
"robots": "String",
"sitemap": "String",
"emailType": "String",
"modifiedEmail": "String",
"justCves": True/False,
"refreshToken": True/False,
"pfxFile": "String",
"pfxPwd": "String",
"fileCrawler": "String",
"apiSchemaFile": "String",
"checkStoredInjection": True/False,
"usePayloads": True/False,
"allPorts": True/False,
"scanPorts": True/False,
"scanSubdomains": True/False,
"crtName": "String",
"keyName": "String"
}
Request Parameters
Parameters being used in the Request
Parameter Name :
apiKey
Parameter Usage and Options :
Your Kayran given API Key.
How do I get it ? :
Located in the “Profile” section.
Note : by default, the “API Status” is enabled, unless, the Admin has disabled it in the “Server Settings” section.
Type :
String
Is it Optional ? :
No.
Parameter Name :
target
Parameter Usage and Options :
The URL you wish to scan.
How do I get it ? :
The URL\address that usually appears in the address bar.
Type :
String
Is it Optional ? :
No.
Parameter Name :
targets
Parameter Usage and Options :
The URLs you wish to scan.
How do I get it ? :
The URL\address that usually appears in the address bar.
Type :
String
Is it Optional ? :
No.
Parameter Name :
speed
Parameter Usage and Options :
Setting Kayran scan speed, changing the value of the speed parameter will cause Kayran to change the number of RPS (Requests Per Second).
Note : if you determine that the value of autoSpeed is “on”, the speed will be set automatically and dynamically.
Value :
Ranges from 1 to 10.
1 – Lowest Speed
10 – Highest Speed
Type :
Integer
Is it Optional ? :
Yes \ No – Depends on what autoSpeed is set to.
Parameter Name :
singleCheck
Parameter Usage and Options :
Value :
on \ off
In case that you will need to run a scan on a single page,
This parameter will allow you to set a scan aiming at a specific and single path.
Type :
String
Is it Optional ? :
Yes – you can adjust the levelDeep manually.
Parameter Name :
profileLoginName
Parameter Usage and Options :
A certain form\method of Login Authentication you created.
How do I get it ? :
There’s a table, displaying all the login profiles you created in the “Login Authentication” section.
Type :
String
Is it Optional ? :
Yes – if you don’t wish to use login profiles.
Parameter Name :
headers
Parameter Usage and Options :
Value :
“Your Desired Headers”
This parameter will allow you to set your own headers that will be sent forward to your target while scanning with Kayran.
Type :
String
Is it Optional ? :
Yes – if you don’t wish to use any specific headers.
Parameter Name :
levelDeep
Parameter Usage and Options :
Value :
Ranging from1 to 10.
Allows you to set the scan’s depth.
Note : high\low values set in the levelDeep will affect the scan’s duration.
Type :
Integer
Is it Optional ? :
Yes \ No – Depending on whether singleCheck is being used.
Parameter Name :
scheduleMode
Parameter Usage and Options :
Value :
on\off
Set scheduleMode to “on” if you want to schedule scan to be initiated based on your preferences.
Type :
String
Is it Optional ? :
Yes
Parameter Name :
every
Parameter Usage and Options :
Value :
d\w\m
Set your scheduled scan schedule by day\week\month
Type :
String
Is it Optional ? :
No – if you wish to schedule a scan.
Parameter Name :
interval
Parameter Usage and Options :
Value :
A number.
Set the number of times a scheduled scan should be scheduled to.
Example : setting the value 1 in “interval” and d in “every” will schedule a scan to be initiated daily.
Type :
Integer
Is it Optional ? :
No – if you wish to schedule a scan.
Parameter Name :
projectName
Parameter Usage and Options :
This parameter will allow you to set your Project Name that will be used to tag your targets while scanning with Kayran.
How do I get it ? :
There’s a table, containing all the projects you created in the “Projects” section.
Type :
String
Is it Optional ? :
Yes
Parameter Name:
proxyName
Parameter Usage and Options :
Allows you to use a certain Proxy you created.
How do I get it ? :
There’s a table, containing all the proxies you created in the “Proxy” section.
Type :
String
Is it Optional ? :
No – if you wish to use a Proxy while scanning.
Parameter Name :
autoSpeed
Parameter Usage and Options :
Value :
on \ off
Auto Speed allows Kayran to set up the scan speed according to your target resources, in addition, Kayran will adjust the speed UP and DOWN automatically when needed.
Type :
String
Is it Optional ? :
Yes – you can adjust the scan’s speed manually.
Parameter Name :
enumeration
Parameter Usage and Options :
Value :
on \ off
Sets Kayran enumeration mode ON.
This will make Kayran guess all of the possible paths and parameters on the scanned URL.
Note : enabling enumeration will significantly extend the scan’s duration.
Type :
String
Is it Optional ? :
Yes
Parameter Name :
exclude
Parameter Usage and Options :
You can choose to restrict Kayran from scaning certain domains.
How do I get it ? :
Your desired URL to be excluded.
Type :
String
Is it Optional ? :
Yes
Parameter Name :
apis
Parameter Usage and Options :
You can choose to add API’s that Kayran will scan as part of the scan.
How do I get it ? :
Your desired API to be scanned.
Type :
String
Is it Optional ? :
Yes
Parameter Name :
description
Parameter Usage and Options :
There is an option to write a description for the scan.
Value :
Any text you wish to use.
Type :
String
Is it Optional ? :
Yes
Parameter Name :
fixedIp
Parameter Usage and Options :
In case you’ve purchased the option to constantly scan a single target.
Value :
on\off
Type :
String
Is it Optional ? :
Yes
Parameter Name :
jiraProjectKey
Parameter Usage and Options :
Key of the project you’ve created in Jira.
Type :
String
Is it Optional ? :
Yes
Parameter Name :
mobile
Parameter Usage and Options :
In case you wish to scan the Target as mobile.
Value :
true/false
Type :
Boolean
Is it Optional ? :
Yes
Parameter Name :
spaDetect
Parameter Usage and Options :
Allowing Kayran to automatically determine if the site is an SPA or not.
Value :
true/false
Type :
Boolean
Is it Optional ? :
Yes
Parameter Name :
spa
Parameter Usage and Options :
Allowing you to manually determine if the site is an SPA or not.
Value :
true/false
Type :
Boolean
Is it Optional ? :
Yes
Parameter Name :
durationLimit
Parameter Usage and Options :
Allowing you to manually adjust the scan’s length.
Value :
1-24
Type :
int
Is it Optional ? :
Yes
Parameter Name :
robots
Parameter Usage and Options :
The contents of the file encoded in Base64.
Type :
String
Is it Optional ? :
Yes
Parameter Name :
sitemap
Value :
The contents of the file encoded in Base64.
Type :
String
Is it Optional ? :
Yes
Parameter Name :
emailType
Parameter Usage and Options :
The type of modified Email to be used. To learn more, go here.
Value :
4 Types –
- starter_random or starter random – {random}@gmail.com
- starter_base_random or starter base random – {random}@{random}.com
- random_with_base or random with base – {random}@{base}
- custom_email or custom email – {Custom Mail}
[“starter_random”, “starter_base_random”, “random_with_base”, “custom_email”]
or
[“starter random”, “starter base random”, “random with base”, “custom email”]
Type :
String
Is it Optional ? :
Yes
Parameter Name :
modifiedEmail
Parameter Usage and Options :
The Email address you wish to be used. To learn more, go here.
Type :
String
Is it Optional ? :
No, if you use random_with_base (random with base) or custom_email (custom email).
Parameter Name :
justCves
Parameter Usage and Options :
In case that you wish the Scan will only search and detect CVEs.
Type :
Boolean
Value :
True|False
Is it Optional ? :
Yes.
Parameter Name :
refreshToken
Parameter Usage and Options :
In case that you wish to indicate that your site uses a ‘Refresh Token’. That site will be defined as an SPA.
Type :
Boolean
Value :
True|False
Is it Optional ? :
Yes.
Parameter Name :
targetsExcelFile
Parameter Usage and Options :
In case Users wants to initiate Multiple scans with multiple targets using an .xlsx File. Insert the exact full name of the File as it’s saved in the Storage. For example: file1.xlsx –> file1.xlsx .
Type :
String
Is it Optional ? :
If you wish to use an .xlsx file, then No.
Parameter Name :
pfxFile
Parameter Usage and Options :
Full, exact name of the Certificate as it’s saved in your Storage.
Type :
String
Is it Optional ? :
If you wish to use a Certificate, then No.
Parameter Name :
pfxPwd
Parameter Usage and Options :
The Password needed for the Certificate File.
Type :
String
Is it Optional ? :
If you wish to use a Certificate, then No.
Parameter Name :
fileCrawler
Parameter Usage and Options :
In case Users wish to use an .HAR file. Insert the exact full name of the File as it’s saved in the Storage.
For example: file1.har –> file1.har .
Type :
String
Is it Optional ? :
Yes.
Parameter Name :
apiSchemaFile
Parameter Usage and Options :
In case Users wish to use an API Schema file to initiate a Scan on their API. Insert the exact full name of the File as it’s saved in the Storage.
For example: file1.json –> file1.json .
Type :
String
Is it Optional ? :
If you wish to conduct an API Schema scan, then No.
Note: Currently, we support Postman and Swagger schemas.
Parameter Name :
allPorts
Parameter Usage and Options :
In case you wish to find all ports.
Value :
True/False
Type :
String
Is it Optional ? :
Yes
Parameter Name :
scanPorts
Parameter Usage and Options :
In case you wish to scan all found ports.
Value :
True/False
Type :
String
Is it Optional ? :
Yes
Parameter Name :
scanSubdomains
Parameter Usage and Options :
In case you wish to scan all found subdomains.
Value :
True/False
Type :
String
Is it Optional ? :
Yes
Parameter Name :
vpnConfName
Parameter Usage and Options :
Configure a VPN
Value :
VPN name
Type :
String
Is it Optional ? :
Yes
Parameter Name :
keyName
Parameter Usage and Options :
Certification verification
Value :
Key Name
Type :
String
Is it Optional ? :
Yes
Parameter Name :
crtName
Parameter Usage and Options :
Certification verification
Value :
Cert name
Type :
String
Is it Optional ? :
Yes
Successful Response
{
"Error": 0,
"Function": "NewTarget",
"Data": [
{
"target": "URL",
"status": "OK",
"token": "String"
}
]
}
Specific Errors and their Possible Causes
Scan_Not_Allowed : means that the number of scans you wish to initiate, exceeds the number of active scans you can initiate (based on your purchased plan).
For more information, please refer to the General Errors section.