开发者参考
漏洞情报
通过 DomScan API,发现公开网站上暴露的软件、高风险配置和已知受影响版本。每项结果都会说明检查了什么、为何匹配以及证据的可信程度。
漏洞情报
发现公开网站上暴露的软件、高风险配置和已知受影响版本。每项结果都会说明检查了什么、为何匹配以及证据的可信程度。
覆盖范围和数据源:
未发现问题的结果无法证明应用不存在漏洞,也不能替代经授权的渗透测试。
GET
/v1/vulnerabilities
查询参数
| 参数 | 类型 | 必需 |
|---|---|---|
| url | string | 可选 |
| domain | string | 可选 |
| mode | string | 可选 |
响应字段
| 字段 | 类型 |
|---|---|
target |
object |
target.requested_url |
string |
target.final_url |
string |
target.hostname |
string |
scan |
object |
scan.mode |
string |
scan.status |
string |
scan.checked_at |
string |
scan.duration_ms |
integer |
scan.disclaimer |
string |
summary |
object |
summary.posture |
string |
summary.risk_level |
string |
summary.finding_count |
integer |
summary.version_affected_count |
integer |
summary.misconfiguration_count |
integer |
summary.urgent_count |
integer |
summary.severity_counts |
object |
findings[] |
object[] |
findings[] |
object |
findings[].fingerprint |
string |
findings[].classification |
string |
findings[].severity |
string |
findings[].priority |
string |
findings[].title |
string |
findings[].summary |
string |
findings[].component |
object |
findings[].component.technology_id |
string |
findings[].component.name |
string |
findings[].component.detected_version |
string |
findings[].component.version_kind |
string |
findings[].component.confidence |
string |
findings[].component.confidence_score |
integer |
findings[].component.ecosystem |
string |
findings[].component.package |
string |
findings[].component.purl |
string |
findings[].advisory |
object |
findings[].advisory.id |
string |
findings[].advisory.aliases[] |
string[] |
findings[].advisory.cves[] |
string[] |
findings[].advisory.published_at |
string | null |
findings[].advisory.modified_at |
string | null |
findings[].advisory.cvss[] |
object[] |
findings[].advisory.cvss[] |
object |
findings[].advisory.cvss[].type |
string |
findings[].advisory.cvss[].vector |
string |
findings[].advisory.fixed_versions[] |
string[] |
findings[].advisory.affected_ranges[] |
object[] |
findings[].advisory.affected_ranges[] |
object |
findings[].advisory.references[] |
string[] |
findings[].exploitation |
object |
findings[].exploitation.cisa_kev |
boolean | null |
findings[].exploitation.kev_added_at |
string | null |
findings[].exploitation.kev_required_action |
string | null |
findings[].exploitation.known_ransomware_use |
string | null |
findings[].exploitation.epss_probability |
number | null |
findings[].exploitation.epss_percentile |
number | null |
findings[].exploitation.epss_date |
string | null |
findings[].evidence |
object |
findings[].evidence.confidence |
string |
findings[].evidence.observed[] |
string[] |
findings[].evidence.limitations[] |
string[] |
findings[].remediation |
object |
findings[].remediation.summary |
string |
findings[].remediation.fixed_versions[] |
string[] |
findings[].sources[] |
string[] |
components[] |
object[] |
components[] |
object |
components[].technology_id |
string |
components[].name |
string |
components[].detected_version |
string | null |
components[].version_kind |
string | null |
components[].confidence |
string |
components[].advisory_status |
string |
components[].matched_advisories |
integer |
coverage |
object |
coverage.target_response |
string |
coverage.technology_detection |
string |
coverage.package_advisories |
string |
coverage.known_exploitation |
string |
coverage.exploitation_probability |
string |
coverage.detected_components |
integer |
coverage.versioned_components |
integer |
coverage.advisory_eligible_components |
integer |
coverage.advisory_checked_components |
integer |
coverage.advisory_deferred_components |
integer |
coverage.advisory_query_limit |
integer |
coverage.relay_used |
boolean |
coverage.limitations[] |
string[] |
sources[] |
object[] |
sources[] |
object |
sources[].id |
string |
sources[].name |
string |
sources[].owner |
string |
sources[].url |
string |
sources[].status |
string |
sources[].retrieved_at |
string | null |
sources[].cache_hit |
boolean |
sources[].expected_freshness |
string |
sources[].fallback_behavior |
string |
sources[].cost |
string |
_meta |
object |
请求示例
curl -H "X-API-Key: $DOMSCAN_API_KEY" "https://domscan.net/v1/vulnerabilities?url=https%3A%2F%2Fexample.com&domain=example.com&mode=example.com"
响应示例
{
"target": {
"requested_url": "https://example.com",
"final_url": "https://example.com",
"hostname": "string"
},
"scan": {
"mode": "standard",
"status": "complete",
"checked_at": "2026-04-15T12:00:00Z",
"duration_ms": 1,
"disclaimer": "string"
},
"summary": {
"posture": "action_required",
"risk_level": "critical",
"finding_count": 1,
"version_affected_count": 1,
"misconfiguration_count": 1,
"urgent_count": 1,
"severity_counts": {}
},
"findings": [
{
"fingerprint": "string",
"classification": "version_affected",
"severity": "critical",
"priority": "urgent",
"title": "string",
"summary": "string",
"component": {
"technology_id": "string",
"name": "string",
"detected_version": "string",
"version_kind": "product",
"confidence": "high",
"confidence_score": 1,
"ecosystem": "string",
"package": "string",
"purl": "https://example.com"
},
"advisory": {
"id": "string",
"aliases": [
"string"
],
"cves": [
"string"
],
"published_at": "2026-04-15T12:00:00Z",
"modified_at": "2026-04-15T12:00:00Z",
"cvss": [
{
"type": "string",
"vector": "string"
}
],
"fixed_versions": [
"string"
],
"affected_ranges": [
{}
],
"references": [
"https://example.com"
]
},
"exploitation": {
"cisa_kev": true,
"kev_added_at": "2026-04-15",
"kev_required_action": "string",
"known_ransomware_use": "string",
"epss_probability": 1,
"epss_percentile": 1,
"epss_date": "2026-04-15"
},
"evidence": {
"confidence": "high",
"observed": [
"string"
],
"limitations": [
"string"
]
},
"remediation": {
"summary": "string",
"fixed_versions": [
"string"
]
},
"sources": [
"osv"
]
}
],
"components": [
{
"technology_id": "string",
"name": "string",
"detected_version": "string",
"version_kind": "string",
"confidence": "high",
"advisory_status": "checked",
"matched_advisories": 1
}
],
"coverage": {
"target_response": "string",
"technology_detection": "string",
"package_advisories": "string",
"known_exploitation": "string",
"exploitation_probability": "string",
"detected_components": 1,
"versioned_components": 1,
"advisory_eligible_components": 1,
"advisory_checked_components": 1,
"advisory_deferred_components": 1,
"advisory_query_limit": 1,
"relay_used": true,
"limitations": [
"string"
]
},
"sources": [
{
"id": "string",
"name": "string",
"owner": "string",
"url": "https://example.com",
"status": "string",
"retrieved_at": "2026-04-15T12:00:00Z",
"cache_hit": true,
"expected_freshness": "string",
"fallback_behavior": "string",
"cost": "none"
}
],
"_meta": {}
}