curl --request POST \
--url https://vulnix0.com/api/v1/scan/{target} \
--header 'Content-Type: application/json' \
--header 'api-key: <api-key>' \
--data '
{
"web": true,
"fuzzing": true,
"follow_links": true,
"exclude_paths": [
"<string>"
],
"cookies": "<string>",
"proxy_usage": "<string>",
"Authorization": "<string>",
"openapi_spec": "<string>",
"openai_spec": "<string>",
"custom_headers": [
{
"name": "<string>",
"value": "<string>"
}
]
}
'import requests
url = "https://vulnix0.com/api/v1/scan/{target}"
payload = {
"web": True,
"fuzzing": True,
"follow_links": True,
"exclude_paths": ["<string>"],
"cookies": "<string>",
"proxy_usage": "<string>",
"Authorization": "<string>",
"openapi_spec": "<string>",
"openai_spec": "<string>",
"custom_headers": [
{
"name": "<string>",
"value": "<string>"
}
]
}
headers = {
"api-key": "<api-key>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {'api-key': '<api-key>', 'Content-Type': 'application/json'},
body: JSON.stringify({
web: true,
fuzzing: true,
follow_links: true,
exclude_paths: ['<string>'],
cookies: '<string>',
proxy_usage: '<string>',
Authorization: '<string>',
openapi_spec: '<string>',
openai_spec: '<string>',
custom_headers: [{name: '<string>', value: '<string>'}]
})
};
fetch('https://vulnix0.com/api/v1/scan/{target}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://vulnix0.com/api/v1/scan/{target}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'web' => true,
'fuzzing' => true,
'follow_links' => true,
'exclude_paths' => [
'<string>'
],
'cookies' => '<string>',
'proxy_usage' => '<string>',
'Authorization' => '<string>',
'openapi_spec' => '<string>',
'openai_spec' => '<string>',
'custom_headers' => [
[
'name' => '<string>',
'value' => '<string>'
]
]
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"api-key: <api-key>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://vulnix0.com/api/v1/scan/{target}"
payload := strings.NewReader("{\n \"web\": true,\n \"fuzzing\": true,\n \"follow_links\": true,\n \"exclude_paths\": [\n \"<string>\"\n ],\n \"cookies\": \"<string>\",\n \"proxy_usage\": \"<string>\",\n \"Authorization\": \"<string>\",\n \"openapi_spec\": \"<string>\",\n \"openai_spec\": \"<string>\",\n \"custom_headers\": [\n {\n \"name\": \"<string>\",\n \"value\": \"<string>\"\n }\n ]\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("api-key", "<api-key>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://vulnix0.com/api/v1/scan/{target}")
.header("api-key", "<api-key>")
.header("Content-Type", "application/json")
.body("{\n \"web\": true,\n \"fuzzing\": true,\n \"follow_links\": true,\n \"exclude_paths\": [\n \"<string>\"\n ],\n \"cookies\": \"<string>\",\n \"proxy_usage\": \"<string>\",\n \"Authorization\": \"<string>\",\n \"openapi_spec\": \"<string>\",\n \"openai_spec\": \"<string>\",\n \"custom_headers\": [\n {\n \"name\": \"<string>\",\n \"value\": \"<string>\"\n }\n ]\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://vulnix0.com/api/v1/scan/{target}")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["api-key"] = '<api-key>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"web\": true,\n \"fuzzing\": true,\n \"follow_links\": true,\n \"exclude_paths\": [\n \"<string>\"\n ],\n \"cookies\": \"<string>\",\n \"proxy_usage\": \"<string>\",\n \"Authorization\": \"<string>\",\n \"openapi_spec\": \"<string>\",\n \"openai_spec\": \"<string>\",\n \"custom_headers\": [\n {\n \"name\": \"<string>\",\n \"value\": \"<string>\"\n }\n ]\n}"
response = http.request(request)
puts response.read_body{
"message": "Scan initiated for target: grok.com (scanning on domain: grok.com)",
"reqid": "95e201b5-93bf-4218-8b96-6fb23b8874d3"
}{
"status": "error",
"error": "Error message description"
}Initiate Scan
Starts a new vulnerability scan for a given target. The target is specified as the final part of the URL path.
curl --request POST \
--url https://vulnix0.com/api/v1/scan/{target} \
--header 'Content-Type: application/json' \
--header 'api-key: <api-key>' \
--data '
{
"web": true,
"fuzzing": true,
"follow_links": true,
"exclude_paths": [
"<string>"
],
"cookies": "<string>",
"proxy_usage": "<string>",
"Authorization": "<string>",
"openapi_spec": "<string>",
"openai_spec": "<string>",
"custom_headers": [
{
"name": "<string>",
"value": "<string>"
}
]
}
'import requests
url = "https://vulnix0.com/api/v1/scan/{target}"
payload = {
"web": True,
"fuzzing": True,
"follow_links": True,
"exclude_paths": ["<string>"],
"cookies": "<string>",
"proxy_usage": "<string>",
"Authorization": "<string>",
"openapi_spec": "<string>",
"openai_spec": "<string>",
"custom_headers": [
{
"name": "<string>",
"value": "<string>"
}
]
}
headers = {
"api-key": "<api-key>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {'api-key': '<api-key>', 'Content-Type': 'application/json'},
body: JSON.stringify({
web: true,
fuzzing: true,
follow_links: true,
exclude_paths: ['<string>'],
cookies: '<string>',
proxy_usage: '<string>',
Authorization: '<string>',
openapi_spec: '<string>',
openai_spec: '<string>',
custom_headers: [{name: '<string>', value: '<string>'}]
})
};
fetch('https://vulnix0.com/api/v1/scan/{target}', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://vulnix0.com/api/v1/scan/{target}",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'web' => true,
'fuzzing' => true,
'follow_links' => true,
'exclude_paths' => [
'<string>'
],
'cookies' => '<string>',
'proxy_usage' => '<string>',
'Authorization' => '<string>',
'openapi_spec' => '<string>',
'openai_spec' => '<string>',
'custom_headers' => [
[
'name' => '<string>',
'value' => '<string>'
]
]
]),
CURLOPT_HTTPHEADER => [
"Content-Type: application/json",
"api-key: <api-key>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://vulnix0.com/api/v1/scan/{target}"
payload := strings.NewReader("{\n \"web\": true,\n \"fuzzing\": true,\n \"follow_links\": true,\n \"exclude_paths\": [\n \"<string>\"\n ],\n \"cookies\": \"<string>\",\n \"proxy_usage\": \"<string>\",\n \"Authorization\": \"<string>\",\n \"openapi_spec\": \"<string>\",\n \"openai_spec\": \"<string>\",\n \"custom_headers\": [\n {\n \"name\": \"<string>\",\n \"value\": \"<string>\"\n }\n ]\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("api-key", "<api-key>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://vulnix0.com/api/v1/scan/{target}")
.header("api-key", "<api-key>")
.header("Content-Type", "application/json")
.body("{\n \"web\": true,\n \"fuzzing\": true,\n \"follow_links\": true,\n \"exclude_paths\": [\n \"<string>\"\n ],\n \"cookies\": \"<string>\",\n \"proxy_usage\": \"<string>\",\n \"Authorization\": \"<string>\",\n \"openapi_spec\": \"<string>\",\n \"openai_spec\": \"<string>\",\n \"custom_headers\": [\n {\n \"name\": \"<string>\",\n \"value\": \"<string>\"\n }\n ]\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://vulnix0.com/api/v1/scan/{target}")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["api-key"] = '<api-key>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"web\": true,\n \"fuzzing\": true,\n \"follow_links\": true,\n \"exclude_paths\": [\n \"<string>\"\n ],\n \"cookies\": \"<string>\",\n \"proxy_usage\": \"<string>\",\n \"Authorization\": \"<string>\",\n \"openapi_spec\": \"<string>\",\n \"openai_spec\": \"<string>\",\n \"custom_headers\": [\n {\n \"name\": \"<string>\",\n \"value\": \"<string>\"\n }\n ]\n}"
response = http.request(request)
puts response.read_body{
"message": "Scan initiated for target: grok.com (scanning on domain: grok.com)",
"reqid": "95e201b5-93bf-4218-8b96-6fb23b8874d3"
}{
"status": "error",
"error": "Error message description"
}Authorizations
A unique API Key.
Headers
Organization ID to associate the scan with
Path Parameters
Target to scan (domain, IP, or URL)
Query Parameters
Organization ID to associate the scan with
Body
Optional advanced configuration for the scan
Advanced configuration options for initiating a scan. Useful for authenticated testing, api scanning, and fine-tuning crawler limits.
Enable web application scanning mode
Enable fuzzing for deeper discovery
Follow links during crawling
Paths to exclude from scanning (e.g., ['/logout', '/delete'])
Custom cookies to include in requests
Proxy URL to route scan traffic through
Authorization header value (e.g., Bearer token)
Raw JSON or YAML OpenAPI 2.x/3.x specification for API DAST scanning
Alias for openapi_spec (handles common typos)
Custom HTTP headers to include in requests
Show child attributes
Show child attributes

