Riferimento per sviluppatori
Certificati SSL
Consulta la documentazione API di Certificati SSL, i parametri delle richieste, i campi delle risposte, gli esempi di codice e la gestione degli errori per le integrazioni DomScan.
Certificati SSL
Interrogate i log di Certificate Transparency per scoprire tutti i certificati SSL/TLS mai emessi per un dominio. Utile per l'enumerazione dei sottodomini, il controllo della sicurezza e il monitoraggio dell'emissione non autorizzata di certificati. I dati provengono da crt.sh.
GET
/v1/certificates
Parametri di query
| Parametro | Tipo | Descrizione |
|---|---|---|
| domain obbligatorio | string | Dominio per il quale cercare certificati (ad es. "github.com") |
| include_subdomains facoltativo | boolean | Includere certificati wildcard e sottodominio (predefinito: true) |
Casi d'uso
- Enumerazione sottodominio tramite campi SAN del certificato
- Rileva l'emissione di certificati non autorizzati
- Monitora i certificati di phishing
- Controllare le date di scadenza dei certificati
Richiesta di esempio
curl -H "X-API-Key: your-api-key" "https://domscan.net/v1/certificates?domain=github.com&include_subdomains=true"
import requests
domscan = requests.Session()
domscan.headers.update({"X-API-Key": "your-api-key"})
response = domscan.get(
"https://domscan.net/v1/certificates",
params={"domain": "github.com", "include_subdomains": "true"}
)
data = response.json()
# Extract unique subdomains from certificates
subdomains = set()
for cert in data['certificates']:
for name in cert.get('names', []):
if name.endswith('.github.com'):
subdomains.add(name)
print(f"Found {len(subdomains)} subdomains")
for subdomain in sorted(subdomains)[:10]:
print(f" {subdomain}")
Risposta di esempio
{
"domain": "github.com",
"certificates": [
{
"issuer": "Let's Encrypt",
"common_name": "example.com",
"san": ["example.com", "www.example.com"],
"not_before": "2024-01-01T00:00:00Z",
"not_after": "2024-04-01T00:00:00Z"
}
],
"total": 1
}
Campi di risposta
| Campo | Tipo |
|---|---|
domain |
string |
certificates[] |
object[] |
certificates[] |
object |
certificates[].id |
string |
certificates[].issuer |
object |
certificates[].common_name |
string |
certificates[].san[] |
string[] |
certificates[].not_before |
string |
certificates[].not_after |
string |
certificates[].is_expired |
boolean |
certificates[].is_wildcard |
boolean |
certificates[].fingerprint_sha256 |
string |
summary |
object |
summary.total_found |
integer |
summary.returned |
integer |
summary.unique_subdomains |
integer |
summary.issuers[] |
string[] |
summary.earliest_cert |
string | null |
summary.latest_cert |
string | null |
pagination |
object |
pagination.limit |
integer |
pagination.offset |
integer |
pagination.returned |
integer |
pagination.total |
integer |
pagination.has_more |
boolean |
pagination.next_cursor |
string | null |
intelligence_summary |
object |
intelligence_summary.data_source |
string |
intelligence_summary.ct_log_sources[] |
string[] |
intelligence_summary.source_count |
integer |
intelligence_summary.cache_status |
string |
intelligence_summary.returned_count |
integer |
intelligence_summary.total_found |
integer |
intelligence_summary.truncated |
boolean |
intelligence_summary.limit |
integer |
intelligence_summary.include_subdomains |
boolean |
intelligence_summary.include_expired |
boolean |
intelligence_summary.unique_name_count |
integer |
intelligence_summary.unique_subdomains |
integer |
intelligence_summary.issuer_count |
integer |
intelligence_summary.wildcard_cert_count |
integer |
intelligence_summary.active_cert_count |
integer |
intelligence_summary.expired_cert_count |
integer |
intelligence_summary.expiring_within_30_days_count |
integer |
intelligence_summary.earliest_cert |
string | null |
intelligence_summary.latest_cert |
string | null |
intelligence_summary.latest_expiry |
string | null |
intelligence_summary.has_more |
boolean |
intelligence_summary.next_cursor |
string | null |
intelligence_summary.warning_code |
string | null |
meta |
object |
GET
/v1/ssl/audit
Parametri di query
| Parametro | Tipo | obbligatorio |
|---|---|---|
| domain | string | obbligatorio |
Campi di risposta
| Campo | Tipo |
|---|---|
domain |
string |
audit_completeness |
string |
probe_coverage |
object |
probe_coverage.tls_inspect |
boolean |
probe_coverage.tls_audit |
boolean |
probe_coverage.tls_posture |
boolean |
probe_coverage.revocation |
boolean |
probe_coverage.hsts |
boolean |
probe_coverage.http_versions |
boolean |
certificate |
object |
certificate.subject |
string |
certificate.issuer |
string |
certificate.issuer_org |
string |
certificate.valid_from |
string |
certificate.valid_until |
string |
certificate.days_remaining |
integer |
certificate.expired |
boolean |
certificate.san[] |
string[] |
certificate.key_type |
string |
certificate.key_size |
integer |
certificate.signature_algorithm |
string |
certificate.serial_number |
string |
certificate.fingerprint_sha256 |
string |
certificate.hostname_match |
boolean | null |
chain |
object |
chain.length |
integer |
chain.valid |
boolean |
chain.certificates[] |
object[] |
chain.certificates[] |
object |
chain.certificates[].subject |
string |
chain.certificates[].issuer |
string |
chain.certificates[].type |
string |
chain.certificates[].valid_from |
string | null |
chain.certificates[].valid_until |
string | null |
chain.issues[] |
string[] |
protocols |
object |
protocols.tls_1_3 |
boolean |
protocols.tls_1_2 |
boolean |
protocols.tls_1_1 |
boolean |
protocols.tls_1_0 |
boolean |
protocols.ssl_3 |
boolean |
protocols.preferred_protocol |
string |
protocols.detection_method |
string |
protocols.deprecated_protocols_enabled |
boolean |
connection |
object |
connection.preferred_protocol |
string | null |
connection.preferred_cipher |
string | null |
connection.alpn_negotiated |
string | null |
connection.forward_secrecy |
boolean |
connection.forward_secrecy_cipher |
string | null |
connection.secure_renegotiation_supported |
boolean | null |
connection.server_temp_key |
string | null |
connection.peer_signing_digest |
string | null |
connection.peer_signature_type |
string | null |
connection.server_public_key_bits |
integer | null |
connection.compression |
string | null |
connection.expansion |
string | null |
connection.client_certificate_requested |
boolean | null |
certificate_delivery |
object |
certificate_delivery.must_staple |
boolean |
certificate_delivery.sct_embedded |
boolean |
certificate_delivery.sct_count |
integer |
certificate_delivery.ocsp_stapling_present |
boolean |
certificate_delivery.ocsp_stapling_fresh |
boolean | null |
certificate_delivery.ocsp_stapling_status |
string | null |
certificate_delivery.ocsp_this_update |
string | null |
certificate_delivery.ocsp_next_update |
string | null |
handshake_size |
object |
handshake_size.chain_certificate_count |
integer |
handshake_size.estimated_certificate_bytes |
integer |
handshake_size.estimated_handshake_bytes |
integer |
handshake_size.risk |
string |
handshake_size.mobile_client_warning |
boolean |
alpn_summary |
object |
alpn_summary.negotiated_protocol |
string | null |
alpn_summary.http2_ready |
boolean | null |
alpn_summary.http3_advertised |
boolean | null |
alpn_summary.fallback_protocols[] |
string[] |
alpn_summary.evidence_sources[] |
string[] |
transport |
object |
transport.hsts |
object |
transport.hsts.reachable |
boolean |
transport.hsts.final_url |
string | null |
transport.hsts.status_code |
integer | null |
transport.hsts.header_present |
boolean |
transport.hsts.hsts_header |
string | null |
transport.hsts.max_age |
integer | null |
transport.hsts.include_subdomains |
boolean | null |
transport.hsts.preload_directive |
boolean | null |
transport.hsts.preload_eligible |
boolean |
transport.hsts.preload_status |
string | null |
transport.hsts.preloaded_domain |
string | null |
transport.hsts.issues[] |
string[] |
transport.hsts.errors[] |
string[] |
transport.http_versions |
object |
transport.http_versions.http1_1 |
boolean |
transport.http_versions.http2 |
boolean |
transport.http_versions.http3 |
boolean |
transport.http_versions.alt_svc |
string | null |
transport.http_versions.http3_advertised |
boolean |
transport.http_versions.alt_svc_protocols[] |
string[] |
transport.http_versions.curl_http3_supported |
boolean |
revocation |
object |
revocation.ocsp |
object |
revocation.ocsp.present |
boolean |
revocation.ocsp.uris[] |
string[] |
revocation.ocsp.checked_uri |
string | null |
revocation.ocsp.status |
string | null |
revocation.ocsp.verify_ok |
boolean |
revocation.ocsp.this_update |
string | null |
revocation.ocsp.next_update |
string | null |
revocation.ocsp.error |
string | null |
revocation.crl |
object |
revocation.crl.present |
boolean |
revocation.crl.uris[] |
string[] |
revocation.crl.checked_uri |
string | null |
revocation.crl.fetched |
boolean |
revocation.crl.http_status |
integer | null |
revocation.crl.revoked |
boolean | null |
revocation.crl.last_update |
string | null |
revocation.crl.next_update |
string | null |
revocation.crl.revoked_serial_count |
integer | null |
revocation.crl.error |
string | null |
tls_extensions[] |
string[] |
edge_summary |
object |
edge_summary.relay_configured |
boolean |
edge_summary.evidence_sources[] |
string[] |
edge_summary.probe_success_count |
integer |
edge_summary.probe_attempt_count |
integer |
edge_summary.live_handshake_ms |
integer | null |
edge_summary.strongest_protocol |
string | null |
edge_summary.weakest_supported_protocol |
string | null |
edge_summary.deprecated_protocol_count |
integer |
edge_summary.http3_ready |
boolean |
edge_summary.hsts_preload_ready |
boolean |
edge_summary.revocation_checked |
boolean |
edge_summary.revocation_good |
boolean | null |
edge_summary.certificate_transparency_ready |
boolean |
edge_summary.client_auth_requested |
boolean | null |
edge_summary.weak_transport_detected |
boolean |
issues[] |
string[] |
recommendations[] |
string[] |
checked_at |
string |
check_duration_ms |
integer |
Richiesta di esempio
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/ssl/audit?domain=example.com"
Risposta di esempio
{
"domain": "cloudflare.com",
"audit_completeness": "full",
"probe_coverage": {
"tls_inspect": true,
"tls_audit": true,
"tls_posture": true,
"revocation": true,
"hsts": true,
"http_versions": true
},
"certificate": {
"subject": "cloudflare.com",
"issuer": "Google Trust Services",
"valid_from": "2026-03-01T00:00:00Z",
"valid_until": "2026-05-30T23:59:59Z",
"days_remaining": 42,
"expired": false,
"san": [
"cloudflare.com",
"*.cloudflare.com"
],
"key_type": "ECDSA",
"key_size": 256,
"signature_algorithm": "ecdsaWithSHA256",
"serial_number": "539933F4CFE7E8CF13F5E60D139675A1",
"fingerprint_sha256": "AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99",
"hostname_match": true
},
"chain": {
"length": 3,
"valid": true,
"certificates": [
{
"subject": "cloudflare.com",
"issuer": "Google Trust Services",
"type": "leaf"
},
{
"subject": "Google Trust Services",
"issuer": "GlobalSign",
"type": "intermediate"
},
{
"subject": "GlobalSign",
"issuer": "GlobalSign",
"type": "root"
}
],
"issues": []
},
"protocols": {
"tls_1_3": true,
"tls_1_2": true,
"tls_1_1": false,
"tls_1_0": false,
"ssl_3": false,
"preferred_protocol": "TLSv1.3",
"detection_method": "active",
"deprecated_protocols_enabled": false
},
"connection": {
"preferred_protocol": "TLSv1.3",
"preferred_cipher": "TLS_AES_256_GCM_SHA384",
"alpn_negotiated": "h2",
"forward_secrecy": true,
"forward_secrecy_cipher": "TLS_AES_256_GCM_SHA384",
"secure_renegotiation_supported": false,
"server_temp_key": "X25519, 253 bits",
"peer_signing_digest": "SHA256",
"peer_signature_type": "ECDSA",
"server_public_key_bits": 256,
"compression": "NONE",
"expansion": "NONE",
"client_certificate_requested": false
},
"certificate_delivery": {
"must_staple": false,
"sct_embedded": true,
"sct_count": 2,
"ocsp_stapling_present": true,
"ocsp_stapling_fresh": true,
"ocsp_stapling_status": "successful (0x0)",
"ocsp_this_update": "2026-04-15T02:35:16Z",
"ocsp_next_update": "2026-04-22T01:35:15Z"
},
"handshake_size": {
"chain_certificate_count": 3,
"estimated_certificate_bytes": 3200,
"estimated_handshake_bytes": 4600,
"risk": "low",
"mobile_client_warning": false
},
"alpn_summary": {
"negotiated_protocol": "h2",
"http2_ready": true,
"http3_advertised": true,
"fallback_protocols": [
"TLSv1.3",
"TLSv1.2",
"http/1.1"
],
"evidence_sources": [
"tls_audit",
"http_versions"
]
},
"transport": {
"hsts": {
"reachable": true,
"final_url": "https://cloudflare.com/",
"status_code": 200,
"header_present": true,
"hsts_header": "max-age=31536000; includeSubDomains",
"max_age": 31536000,
"include_subdomains": true,
"preload_directive": false,
"preload_eligible": true,
"preload_status": "preloaded",
"preloaded_domain": "cloudflare.com",
"issues": [
"missing preload directive"
],
"errors": []
},
"http_versions": {
"http1_1": true,
"http2": true,
"http3": true,
"alt_svc": "h3=\":443\"; ma=86400",
"http3_advertised": true,
"alt_svc_protocols": [
"h3"
],
"curl_http3_supported": true
}
},
"revocation": {
"ocsp": {
"present": true,
"uris": [
"http://o.pki.goog/wr2"
],
"checked_uri": "http://o.pki.goog/wr2",
"status": "good",
"verify_ok": true,
"this_update": "2026-04-18T20:30:00Z",
"next_update": "2026-04-19T20:30:00Z",
"error": null
},
"crl": {
"present": true,
"uris": [
"http://c.pki.goog/wr2.crl"
],
"checked_uri": "http://c.pki.goog/wr2.crl",
"fetched": true,
"http_status": 200,
"revoked": false,
"last_update": "2026-04-17T00:00:00Z",
"next_update": "2026-04-24T00:00:00Z",
"revoked_serial_count": 0,
"error": null
}
},
"tls_extensions": [
"key share",
"supported versions",
"server name"
],
"edge_summary": {
"relay_configured": true,
"evidence_sources": [
"tls_inspect",
"tls_audit",
"tls_posture",
"revocation",
"hsts",
"http_versions"
],
"probe_success_count": 6,
"probe_attempt_count": 6,
"live_handshake_ms": 51,
"strongest_protocol": "TLSv1.3",
"weakest_supported_protocol": "TLSv1.2",
"deprecated_protocol_count": 0,
"http3_ready": true,
"hsts_preload_ready": true,
"revocation_checked": true,
"revocation_good": true,
"certificate_transparency_ready": true,
"client_auth_requested": false,
"weak_transport_detected": false
},
"issues": [],
"recommendations": [
"Add the preload directive if you want HSTS preload-list eligibility."
],
"checked_at": "2026-04-18T21:00:00Z",
"check_duration_ms": 512
}
GET
/v1/ssl/deep-scan
Parametri di query
| Parametro | Tipo | obbligatorio |
|---|---|---|
| domain | string | obbligatorio |
| refresh | boolean | facoltativo |
| profile | string | facoltativo |
Campi di risposta
| Campo | Tipo |
|---|---|
status |
string |
domain |
string |
host |
string |
port |
integer |
profile |
string |
scan_token |
string |
message |
string |
poll_after_ms |
integer |
cache |
object |
cache.hit |
boolean |
cache.fresh |
boolean |
cache.started_at |
string | null |
cache.completed_at |
string | null |
cache.expires_at |
string | null |
cache.engine |
string | null |
cache.profile |
string | null |
result |
object |
result.domain |
string |
result.host |
string |
result.port |
integer |
result.engine |
object |
result.engine.name |
string |
result.engine.mode |
string |
result.engine.version |
string | null |
result.engine.profile |
string |
result.target |
object |
result.target.ip |
string | null |
result.target.service |
string | null |
result.target.rdns |
string | null |
result.summary |
object |
result.summary.severity_counts |
object |
result.summary.severity_counts.critical |
integer |
result.summary.severity_counts.high |
integer |
result.summary.severity_counts.medium |
integer |
result.summary.severity_counts.low |
integer |
result.summary.severity_counts.warn |
integer |
result.summary.severity_counts.info |
integer |
result.summary.severity_counts.ok |
integer |
result.summary.actionable_findings |
integer |
result.summary.protocols_offered[] |
string[] |
result.summary.deprecated_protocols[] |
string[] |
result.summary.supports_tls_1_3 |
boolean |
result.summary.supports_http2 |
boolean | null |
result.summary.supports_http3 |
boolean | null |
result.sections |
object |
result.sections.pretest[] |
object[] |
result.sections.pretest[] |
object |
result.sections.pretest[].id |
string |
result.sections.pretest[].severity |
string |
result.sections.pretest[].finding |
string |
result.sections.pretest[].cve |
string |
result.sections.pretest[].cwe |
string |
result.sections.protocols[] |
object[] |
result.sections.protocols[] |
object |
result.sections.protocols[].id |
string |
result.sections.protocols[].severity |
string |
result.sections.protocols[].finding |
string |
result.sections.protocols[].cve |
string |
result.sections.protocols[].cwe |
string |
result.sections.server_defaults[] |
object[] |
result.sections.server_defaults[] |
object |
result.sections.server_defaults[].id |
string |
result.sections.server_defaults[].severity |
string |
result.sections.server_defaults[].finding |
string |
result.sections.server_defaults[].cve |
string |
result.sections.server_defaults[].cwe |
string |
result.sections.server_preferences[] |
object[] |
result.sections.server_preferences[] |
object |
result.sections.server_preferences[].id |
string |
result.sections.server_preferences[].severity |
string |
result.sections.server_preferences[].finding |
string |
result.sections.server_preferences[].cve |
string |
result.sections.server_preferences[].cwe |
string |
result.sections.cipher_categories[] |
object[] |
result.sections.cipher_categories[] |
object |
result.sections.cipher_categories[].id |
string |
result.sections.cipher_categories[].severity |
string |
result.sections.cipher_categories[].finding |
string |
result.sections.cipher_categories[].cve |
string |
result.sections.cipher_categories[].cwe |
string |
result.sections.forward_secrecy[] |
object[] |
result.sections.forward_secrecy[] |
object |
result.sections.forward_secrecy[].id |
string |
result.sections.forward_secrecy[].severity |
string |
result.sections.forward_secrecy[].finding |
string |
result.sections.forward_secrecy[].cve |
string |
result.sections.forward_secrecy[].cwe |
string |
result.sections.vulnerabilities[] |
object[] |
result.sections.vulnerabilities[] |
object |
result.sections.vulnerabilities[].id |
string |
result.sections.vulnerabilities[].severity |
string |
result.sections.vulnerabilities[].finding |
string |
result.sections.vulnerabilities[].cve |
string |
result.sections.vulnerabilities[].cwe |
string |
result.sections.browser_simulations[] |
object[] |
result.sections.browser_simulations[] |
object |
result.sections.browser_simulations[].id |
string |
result.sections.browser_simulations[].severity |
string |
result.sections.browser_simulations[].finding |
string |
result.sections.browser_simulations[].cve |
string |
result.sections.browser_simulations[].cwe |
string |
result.sections.rating[] |
object[] |
result.sections.rating[] |
object |
result.sections.rating[].id |
string |
result.sections.rating[].severity |
string |
result.sections.rating[].finding |
string |
result.sections.rating[].cve |
string |
result.sections.rating[].cwe |
string |
result.findings[] |
object[] |
result.findings[] |
object |
result.findings[].section |
string |
result.findings[].id |
string |
result.findings[].severity |
string |
result.findings[].finding |
string |
result.findings[].cve |
string |
result.findings[].cwe |
string |
result.checked_at |
string |
result.scan_duration_ms |
integer |
result.notes[] |
string[] |
error |
object |
error.message |
string |
error.retryable |
boolean |
Richiesta di esempio
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/ssl/deep-scan?domain=openai.com&refresh=example.com&profile=example.com"
Risposta di esempio
{
"status": "ready",
"domain": "openai.com",
"host": "openai.com",
"port": 443,
"profile": "full",
"scan_token": "eyJrIjoidGxzLWRlZXAtc2NhbiIsImkiOiJleGFtcGxlIiwiaCI6Im9wZW5haS5jb20ifQ",
"cache": {
"hit": true,
"fresh": true,
"completed_at": "2026-04-18T22:10:00Z",
"expires_at": "2026-04-19T22:10:00Z",
"engine": "testssl.sh",
"profile": "full"
},
"result": {
"domain": "openai.com",
"host": "openai.com",
"port": 443,
"engine": {
"name": "testssl.sh",
"mode": "testssl",
"version": "3.3dev",
"profile": "full"
},
"target": {
"ip": "172.64.154.211",
"service": "HTTP",
"rdns": "--"
},
"summary": {
"severity_counts": {
"critical": 0,
"high": 1,
"medium": 1,
"low": 0,
"warn": 1,
"info": 6,
"ok": 4
},
"actionable_findings": 3,
"protocols_offered": [
"TLS1_2",
"TLS1_3"
],
"deprecated_protocols": [],
"supports_tls_1_3": true,
"supports_http2": true,
"supports_http3": null
},
"sections": {
"pretest": [],
"protocols": [
{
"id": "TLS1_2",
"severity": "OK",
"finding": "offered"
},
{
"id": "TLS1_3",
"severity": "OK",
"finding": "offered with final"
},
{
"id": "QUIC",
"severity": "WARN",
"finding": "not tested due to lack of local OpenSSL support"
}
],
"server_defaults": [
{
"id": "early_data",
"severity": "HIGH",
"finding": "supported"
}
],
"server_preferences": [],
"cipher_categories": [],
"forward_secrecy": [],
"vulnerabilities": [
{
"id": "BREACH",
"severity": "MEDIUM",
"finding": "potentially VULNERABLE, br gzip HTTP compression detected",
"cve": "CVE-2013-3587",
"cwe": "CWE-310"
}
],
"browser_simulations": [],
"rating": []
},
"findings": [
{
"section": "protocols",
"id": "QUIC",
"severity": "WARN",
"finding": "not tested due to lack of local OpenSSL support"
},
{
"section": "server_defaults",
"id": "early_data",
"severity": "HIGH",
"finding": "supported"
},
{
"section": "vulnerabilities",
"id": "BREACH",
"severity": "MEDIUM",
"finding": "potentially VULNERABLE, br gzip HTTP compression detected",
"cve": "CVE-2013-3587",
"cwe": "CWE-310"
}
],
"checked_at": "2026-04-18T22:10:00Z",
"scan_duration_ms": 53880,
"notes": []
}
}
GET
/v1/ssl/deep-scan/status
Parametri di query
| Parametro | Tipo | obbligatorio |
|---|---|---|
| scan_token | string | obbligatorio |
Campi di risposta
| Campo | Tipo |
|---|---|
status |
string |
domain |
string |
host |
string |
port |
integer |
profile |
string |
scan_token |
string |
message |
string |
poll_after_ms |
integer |
cache |
object |
cache.hit |
boolean |
cache.fresh |
boolean |
cache.started_at |
string | null |
cache.completed_at |
string | null |
cache.expires_at |
string | null |
cache.engine |
string | null |
cache.profile |
string | null |
result |
object |
result.domain |
string |
result.host |
string |
result.port |
integer |
result.engine |
object |
result.engine.name |
string |
result.engine.mode |
string |
result.engine.version |
string | null |
result.engine.profile |
string |
result.target |
object |
result.target.ip |
string | null |
result.target.service |
string | null |
result.target.rdns |
string | null |
result.summary |
object |
result.summary.severity_counts |
object |
result.summary.severity_counts.critical |
integer |
result.summary.severity_counts.high |
integer |
result.summary.severity_counts.medium |
integer |
result.summary.severity_counts.low |
integer |
result.summary.severity_counts.warn |
integer |
result.summary.severity_counts.info |
integer |
result.summary.severity_counts.ok |
integer |
result.summary.actionable_findings |
integer |
result.summary.protocols_offered[] |
string[] |
result.summary.deprecated_protocols[] |
string[] |
result.summary.supports_tls_1_3 |
boolean |
result.summary.supports_http2 |
boolean | null |
result.summary.supports_http3 |
boolean | null |
result.sections |
object |
result.sections.pretest[] |
object[] |
result.sections.pretest[] |
object |
result.sections.pretest[].id |
string |
result.sections.pretest[].severity |
string |
result.sections.pretest[].finding |
string |
result.sections.pretest[].cve |
string |
result.sections.pretest[].cwe |
string |
result.sections.protocols[] |
object[] |
result.sections.protocols[] |
object |
result.sections.protocols[].id |
string |
result.sections.protocols[].severity |
string |
result.sections.protocols[].finding |
string |
result.sections.protocols[].cve |
string |
result.sections.protocols[].cwe |
string |
result.sections.server_defaults[] |
object[] |
result.sections.server_defaults[] |
object |
result.sections.server_defaults[].id |
string |
result.sections.server_defaults[].severity |
string |
result.sections.server_defaults[].finding |
string |
result.sections.server_defaults[].cve |
string |
result.sections.server_defaults[].cwe |
string |
result.sections.server_preferences[] |
object[] |
result.sections.server_preferences[] |
object |
result.sections.server_preferences[].id |
string |
result.sections.server_preferences[].severity |
string |
result.sections.server_preferences[].finding |
string |
result.sections.server_preferences[].cve |
string |
result.sections.server_preferences[].cwe |
string |
result.sections.cipher_categories[] |
object[] |
result.sections.cipher_categories[] |
object |
result.sections.cipher_categories[].id |
string |
result.sections.cipher_categories[].severity |
string |
result.sections.cipher_categories[].finding |
string |
result.sections.cipher_categories[].cve |
string |
result.sections.cipher_categories[].cwe |
string |
result.sections.forward_secrecy[] |
object[] |
result.sections.forward_secrecy[] |
object |
result.sections.forward_secrecy[].id |
string |
result.sections.forward_secrecy[].severity |
string |
result.sections.forward_secrecy[].finding |
string |
result.sections.forward_secrecy[].cve |
string |
result.sections.forward_secrecy[].cwe |
string |
result.sections.vulnerabilities[] |
object[] |
result.sections.vulnerabilities[] |
object |
result.sections.vulnerabilities[].id |
string |
result.sections.vulnerabilities[].severity |
string |
result.sections.vulnerabilities[].finding |
string |
result.sections.vulnerabilities[].cve |
string |
result.sections.vulnerabilities[].cwe |
string |
result.sections.browser_simulations[] |
object[] |
result.sections.browser_simulations[] |
object |
result.sections.browser_simulations[].id |
string |
result.sections.browser_simulations[].severity |
string |
result.sections.browser_simulations[].finding |
string |
result.sections.browser_simulations[].cve |
string |
result.sections.browser_simulations[].cwe |
string |
result.sections.rating[] |
object[] |
result.sections.rating[] |
object |
result.sections.rating[].id |
string |
result.sections.rating[].severity |
string |
result.sections.rating[].finding |
string |
result.sections.rating[].cve |
string |
result.sections.rating[].cwe |
string |
result.findings[] |
object[] |
result.findings[] |
object |
result.findings[].section |
string |
result.findings[].id |
string |
result.findings[].severity |
string |
result.findings[].finding |
string |
result.findings[].cve |
string |
result.findings[].cwe |
string |
result.checked_at |
string |
result.scan_duration_ms |
integer |
result.notes[] |
string[] |
error |
object |
error.message |
string |
error.retryable |
boolean |
Richiesta di esempio
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/ssl/deep-scan/status?scan_token=example.com"
Risposta di esempio
{
"status": "ready",
"domain": "openai.com",
"host": "openai.com",
"port": 443,
"profile": "full",
"scan_token": "eyJrIjoidGxzLWRlZXAtc2NhbiIsImkiOiJleGFtcGxlIiwiaCI6Im9wZW5haS5jb20ifQ",
"cache": {
"hit": true,
"fresh": true,
"completed_at": "2026-04-18T22:10:00Z",
"expires_at": "2026-04-19T22:10:00Z",
"engine": "testssl.sh",
"profile": "full"
},
"result": {
"domain": "openai.com",
"host": "openai.com",
"port": 443,
"engine": {
"name": "testssl.sh",
"mode": "testssl",
"version": "3.3dev",
"profile": "full"
},
"target": {
"ip": "172.64.154.211",
"service": "HTTP",
"rdns": "--"
},
"summary": {
"severity_counts": {
"critical": 0,
"high": 1,
"medium": 1,
"low": 0,
"warn": 1,
"info": 6,
"ok": 4
},
"actionable_findings": 3,
"protocols_offered": [
"TLS1_2",
"TLS1_3"
],
"deprecated_protocols": [],
"supports_tls_1_3": true,
"supports_http2": true,
"supports_http3": null
},
"sections": {
"pretest": [],
"protocols": [
{
"id": "TLS1_2",
"severity": "OK",
"finding": "offered"
},
{
"id": "TLS1_3",
"severity": "OK",
"finding": "offered with final"
},
{
"id": "QUIC",
"severity": "WARN",
"finding": "not tested due to lack of local OpenSSL support"
}
],
"server_defaults": [
{
"id": "early_data",
"severity": "HIGH",
"finding": "supported"
}
],
"server_preferences": [],
"cipher_categories": [],
"forward_secrecy": [],
"vulnerabilities": [
{
"id": "BREACH",
"severity": "MEDIUM",
"finding": "potentially VULNERABLE, br gzip HTTP compression detected",
"cve": "CVE-2013-3587",
"cwe": "CWE-310"
}
],
"browser_simulations": [],
"rating": []
},
"findings": [
{
"section": "protocols",
"id": "QUIC",
"severity": "WARN",
"finding": "not tested due to lack of local OpenSSL support"
},
{
"section": "server_defaults",
"id": "early_data",
"severity": "HIGH",
"finding": "supported"
},
{
"section": "vulnerabilities",
"id": "BREACH",
"severity": "MEDIUM",
"finding": "potentially VULNERABLE, br gzip HTTP compression detected",
"cve": "CVE-2013-3587",
"cwe": "CWE-310"
}
],
"checked_at": "2026-04-18T22:10:00Z",
"scan_duration_ms": 53880,
"notes": []
}
}
GET
/v1/ssl/grade
Parametri di query
| Parametro | Tipo | obbligatorio |
|---|---|---|
| domain | string | obbligatorio |
Campi di risposta
| Campo | Tipo |
|---|---|
domain |
string |
grade |
string |
score |
integer |
protocol_support |
object |
protocol_support.tls_1_3 |
boolean |
protocol_support.tls_1_2 |
boolean |
protocol_support.tls_1_1 |
boolean |
protocol_support.tls_1_0 |
boolean |
protocol_support.ssl_3 |
boolean |
protocol_support.preferred_protocol |
string |
protocol_support.detection_method |
string |
certificate |
object |
certificate.subject |
string |
certificate.issuer |
string |
certificate.valid_from |
string |
certificate.valid_until |
string |
certificate.days_remaining |
integer |
certificate.expired |
boolean |
certificate.san[] |
string[] |
certificate.key_type |
string |
certificate.key_size |
integer |
certificate.signature_algorithm |
string |
certificate.fingerprint_sha256 |
string |
chain |
object |
chain.length |
integer |
chain.valid |
boolean |
chain.certificates[] |
object[] |
chain.certificates[] |
object |
chain.certificates[].subject |
string |
chain.certificates[].issuer |
string |
chain.certificates[].type |
string |
chain.issues[] |
string[] |
security |
object |
security.forward_secrecy |
boolean |
security.forward_secrecy_cipher |
string |
security.hsts_enabled |
boolean |
security.hsts_max_age |
integer |
security.hsts_include_subdomains |
boolean |
security.hsts_preload |
boolean |
security.hsts_header |
string |
security.hsts_preload_status |
string |
security.hsts_preloaded_domain |
string |
security.hsts_preload_eligible |
boolean |
security.hsts_final_url |
string |
security.hsts_errors[] |
string[] |
security.alpn_negotiated |
string |
security.ocsp_stapling |
boolean |
security.ocsp_stapling_fresh |
boolean |
security.ocsp_stapling_status |
string | null |
security.ocsp_stapling_this_update |
string | null |
security.ocsp_stapling_next_update |
string | null |
security.sct_embedded |
boolean |
security.sct_count |
integer |
security.ct_compliance |
boolean |
security.must_staple |
boolean |
security.secure_renegotiation |
boolean |
revocation |
object |
revocation.ocsp |
object |
revocation.ocsp.present |
boolean |
revocation.ocsp.uris[] |
string[] |
revocation.ocsp.checked_uri |
string | null |
revocation.ocsp.status |
string | null |
revocation.ocsp.verify_ok |
boolean |
revocation.ocsp.this_update |
string | null |
revocation.ocsp.next_update |
string | null |
revocation.ocsp.error |
string | null |
revocation.crl |
object |
revocation.crl.present |
boolean |
revocation.crl.uris[] |
string[] |
revocation.crl.checked_uri |
string | null |
revocation.crl.fetched |
boolean |
revocation.crl.http_status |
integer | null |
revocation.crl.revoked |
boolean | null |
revocation.crl.last_update |
string | null |
revocation.crl.next_update |
string | null |
revocation.crl.revoked_serial_count |
integer | null |
revocation.crl.error |
string | null |
grade_delta |
object |
grade_delta.current_grade |
string |
grade_delta.score |
integer |
grade_delta.next_grade |
string | null |
grade_delta.points_to_next_grade |
integer | null |
grade_delta.top_blockers[] |
string[] |
issues[] |
string[] |
recommendations[] |
string[] |
checked_at |
string |
check_duration_ms |
integer |
Richiesta di esempio
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/ssl/grade?domain=example.com"
Risposta di esempio
{
"domain": "cloudflare.com",
"grade": "A+",
"score": 98,
"protocol_support": {
"tls_1_3": true,
"tls_1_2": true,
"tls_1_1": false,
"tls_1_0": false,
"ssl_3": false,
"preferred_protocol": "TLSv1.3",
"detection_method": "active"
},
"certificate": {
"subject": "cloudflare.com",
"issuer": "Google Trust Services",
"valid_from": "2026-03-01T00:00:00Z",
"valid_until": "2026-05-30T23:59:59Z",
"days_remaining": 42,
"expired": false,
"san": [
"cloudflare.com",
"*.cloudflare.com"
],
"key_type": "ECDSA",
"key_size": 256,
"signature_algorithm": "ecdsaWithSHA256",
"fingerprint_sha256": "AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99"
},
"chain": {
"length": 3,
"valid": true,
"certificates": [
{
"subject": "cloudflare.com",
"issuer": "Google Trust Services",
"type": "leaf"
},
{
"subject": "Google Trust Services",
"issuer": "GlobalSign",
"type": "intermediate"
},
{
"subject": "GlobalSign",
"issuer": "GlobalSign",
"type": "root"
}
],
"issues": []
},
"security": {
"forward_secrecy": true,
"forward_secrecy_cipher": "TLS_AES_256_GCM_SHA384",
"hsts_enabled": true,
"hsts_max_age": 31536000,
"hsts_include_subdomains": true,
"hsts_preload": true,
"hsts_header": "max-age=31536000; includeSubDomains; preload",
"hsts_preload_status": "preloaded",
"hsts_preloaded_domain": "cloudflare.com",
"hsts_preload_eligible": true,
"hsts_final_url": "https://cloudflare.com/",
"hsts_errors": [],
"alpn_negotiated": "h2",
"ocsp_stapling": true,
"ocsp_stapling_fresh": true,
"ocsp_stapling_status": "successful (0x0)",
"ocsp_stapling_this_update": "2026-04-15T02:35:16Z",
"ocsp_stapling_next_update": "2026-04-22T01:35:15Z",
"ct_compliance": true,
"must_staple": false,
"sct_embedded": true,
"sct_count": 2
},
"revocation": {
"ocsp": {
"present": true,
"uris": [
"http://o.pki.goog/wr2"
],
"checked_uri": "http://o.pki.goog/wr2",
"status": "good",
"verify_ok": true,
"this_update": "2026-04-18T20:30:00Z",
"next_update": "2026-04-19T20:30:00Z",
"error": null
},
"crl": {
"present": true,
"uris": [
"http://c.pki.goog/wr2.crl"
],
"checked_uri": "http://c.pki.goog/wr2.crl",
"fetched": true,
"http_status": 200,
"revoked": false,
"last_update": "2026-04-17T00:00:00Z",
"next_update": "2026-04-24T00:00:00Z",
"revoked_serial_count": 0,
"error": null
}
},
"grade_delta": {
"current_grade": "A+",
"score": 98,
"next_grade": null,
"points_to_next_grade": null,
"top_blockers": []
},
"issues": [],
"recommendations": [],
"checked_at": "2026-04-18T21:00:00Z",
"check_duration_ms": 142
}
GET
/v1/ssl/chain
Parametri di query
| Parametro | Tipo | obbligatorio |
|---|---|---|
| domain | string | obbligatorio |
Campi di risposta
| Campo | Tipo |
|---|---|
domain |
string |
chain[] |
object[] |
chain[] |
object |
chain[].subject |
string |
chain[].issuer |
string |
chain[].type |
string |
chain[].valid_from |
string | null |
chain[].valid_until |
string | null |
chain_length |
integer |
root_trusted |
boolean |
chain_valid |
boolean |
certificate |
object |
certificate.subject |
string |
certificate.issuer |
string |
certificate.valid_from |
string |
certificate.valid_until |
string |
certificate.days_remaining |
integer |
certificate.expired |
boolean |
certificate.san[] |
string[] |
certificate.key_type |
string |
certificate.key_size |
integer |
certificate.signature_algorithm |
string |
certificate.fingerprint_sha256 |
string |
protocol_support |
object |
protocol_support.tls_1_3 |
boolean |
protocol_support.tls_1_2 |
boolean |
protocol_support.tls_1_1 |
boolean |
protocol_support.tls_1_0 |
boolean |
protocol_support.ssl_3 |
boolean |
protocol_support.preferred_protocol |
string |
protocol_support.detection_method |
string |
security |
object |
security.alpn_negotiated |
string |
security.forward_secrecy |
boolean |
security.forward_secrecy_cipher |
string |
security.must_staple |
boolean |
security.sct_embedded |
boolean |
security.sct_count |
integer |
security.ocsp_stapling |
boolean |
security.ocsp_stapling_fresh |
boolean |
security.ocsp_stapling_status |
string | null |
security.ocsp_stapling_this_update |
string | null |
security.ocsp_stapling_next_update |
string | null |
issues[] |
string[] |
remediation_hints[] |
string[] |
revocation |
object |
revocation.ocsp |
object |
revocation.ocsp.present |
boolean |
revocation.ocsp.uris[] |
string[] |
revocation.ocsp.checked_uri |
string | null |
revocation.ocsp.status |
string | null |
revocation.ocsp.verify_ok |
boolean |
revocation.ocsp.this_update |
string | null |
revocation.ocsp.next_update |
string | null |
revocation.ocsp.error |
string | null |
revocation.crl |
object |
revocation.crl.present |
boolean |
revocation.crl.uris[] |
string[] |
revocation.crl.checked_uri |
string | null |
revocation.crl.fetched |
boolean |
revocation.crl.http_status |
integer | null |
revocation.crl.revoked |
boolean | null |
revocation.crl.last_update |
string | null |
revocation.crl.next_update |
string | null |
revocation.crl.revoked_serial_count |
integer | null |
revocation.crl.error |
string | null |
checked_at |
string |
Richiesta di esempio
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/ssl/chain?domain=example.com"
Risposta di esempio
{
"domain": "cloudflare.com",
"chain": [
{
"subject": "cloudflare.com",
"issuer": "Google Trust Services",
"type": "leaf",
"valid_from": "2026-03-01T00:00:00Z",
"valid_until": "2026-05-30T23:59:59Z"
},
{
"subject": "Google Trust Services",
"issuer": "GlobalSign",
"type": "intermediate",
"valid_from": "2024-01-01T00:00:00Z",
"valid_until": "2029-01-01T00:00:00Z"
}
],
"chain_valid": true,
"chain_length": 2,
"root_trusted": true,
"certificate": {
"subject": "cloudflare.com",
"issuer": "Google Trust Services",
"valid_from": "2026-03-01T00:00:00Z",
"valid_until": "2026-05-30T23:59:59Z",
"days_remaining": 42,
"expired": false,
"san": [
"cloudflare.com",
"*.cloudflare.com"
],
"key_type": "ECDSA",
"key_size": 256,
"signature_algorithm": "ecdsaWithSHA256",
"fingerprint_sha256": "AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99"
},
"protocol_support": {
"tls_1_3": true,
"tls_1_2": true,
"tls_1_1": false,
"tls_1_0": false,
"ssl_3": false,
"preferred_protocol": "TLSv1.3",
"detection_method": "active"
},
"security": {
"alpn_negotiated": "h2",
"forward_secrecy": true,
"forward_secrecy_cipher": "TLS_AES_256_GCM_SHA384",
"must_staple": false,
"sct_embedded": true,
"sct_count": 2,
"ocsp_stapling": true,
"ocsp_stapling_fresh": true,
"ocsp_stapling_status": "successful (0x0)",
"ocsp_stapling_this_update": "2026-04-15T02:35:16Z",
"ocsp_stapling_next_update": "2026-04-22T01:35:15Z"
},
"issues": [],
"remediation_hints": [],
"revocation": {
"ocsp": {
"present": true,
"uris": [
"http://o.pki.goog/wr2"
],
"checked_uri": "http://o.pki.goog/wr2",
"status": "good",
"verify_ok": true,
"this_update": "2026-04-18T20:30:00Z",
"next_update": "2026-04-19T20:30:00Z",
"error": null
},
"crl": {
"present": true,
"uris": [
"http://c.pki.goog/wr2.crl"
],
"checked_uri": "http://c.pki.goog/wr2.crl",
"fetched": true,
"http_status": 200,
"revoked": false,
"last_update": "2026-04-17T00:00:00Z",
"next_update": "2026-04-24T00:00:00Z",
"revoked_serial_count": 0,
"error": null
}
},
"checked_at": "2026-04-18T21:00:00Z"
}
GET
/v1/ssl/expiring
Parametri di query
| Parametro | Tipo | obbligatorio |
|---|---|---|
| domain | string | obbligatorio |
| threshold_days | integer | facoltativo |
Campi di risposta
| Campo | Tipo |
|---|---|
domain |
string |
expiring_soon |
boolean |
expired |
boolean |
days_remaining |
integer |
valid_until |
string |
urgency |
string |
Richiesta di esempio
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/ssl/expiring?domain=example.com&threshold_days=example.com"
Risposta di esempio
{
"domain": "example.com",
"expiring_soon": true,
"expired": true,
"days_remaining": 1,
"valid_until": "string",
"urgency": "ok"
}
POST
/v1/certificates/bulk
Parametri del corpo
| Parametro | Tipo | obbligatorio |
|---|---|---|
| domains | string[] | obbligatorio |
| include_subdomains | boolean | facoltativo |
| include_expired | boolean | facoltativo |
| limit | integer | facoltativo |
Campi di risposta
| Campo | Tipo |
|---|---|
results[] |
unknown[] |
meta |
object |
meta.total |
integer |
meta.succeeded |
integer |
meta.failed |
integer |
meta.max_items |
integer |
meta.credits_per_item |
integer |
meta.duration_ms |
integer |
Richiesta di esempio
curl -X POST "https://domscan.net/v1/certificates/bulk" \
-H "Content-Type: application/json" \
-H "X-API-Key: $DOMSCAN_API_KEY" \
-d '{
"domains": [
"example.com",
"cloudflare.com"
],
"include_subdomains": true,
"limit": 100
}'
Risposta di esempio
{
"results": [
null
],
"meta": {
"total": 1,
"succeeded": 1,
"failed": 1,
"max_items": 10,
"credits_per_item": 1,
"duration_ms": 1
}
}