Kestrel
tcp/443
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1aad035494d3fa71c8bd2e9732e0cf56fe90ebfa7d14b8bb8
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /api/v1/doctors/{id}
GET /api/v1/accounts/me
GET /api/v1/datahub/history
GET /api/v1/datahub/importer-types
GET /api/v1/doctors
GET /api/v1/doctors/coupon-waiting-list/xlsx
GET /api/v1/doctors/opt-in/report
GET /api/v1/invites/treatments
GET /api/v1/products
GET /api/v1/products/{id}
GET /api/v1/representatives/doctors
GET /api/v1/representatives/doctors/{id}/qrcode/pdf
GET /api/v1/representatives/qrcode-coupon/pdf
GET /api/v1/specialties
GET /api/v1/users
GET /api/v1/users/me
GET /api/v1/users/{id}
POST /api/v1/datahub/import/chat
POST /api/v1/datahub/import/csv
POST /api/v1/datahub/providers
PUT /api/v1/invites/treatments/{id}/accept
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
Public Swagger UI/API detected at path: /swagger/index.html
Open service 20.206.176.5:443 ยท api-backoffice-ait.dev.cuidadospelavida.com.br
2026-01-09 16:26
HTTP/1.1 404 Not Found Content-Length: 0 Connection: close Date: Fri, 09 Jan 2026 16:27:54 GMT Server: Kestrel Strict-Transport-Security: max-age=31536000; includeSubDomains x-ms-middleware-request-id: fece8c1f-da3c-495e-8257-9b4b044cdb5b x-correlation-id: 326aac5a43ea4ffdb25c28b799f6964a