Kestrel
tcp/443
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549a36a8b228a71862c9c4734aaff7616a8ff7616a8
Public Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/query/Disclaimer/DigitalSpendOptimizationDisclaimer GET /api/query/Disclaimer/MaximumSalesDateDisclaimer POST /api/query/Enrollment/EnrollmentDetails POST /api/query/TrafficEvent/TrafficEvent
Open service 40.121.32.232:443 ยท api-staging.hyundaiusasmartdigitalanalytics.com
2026-01-23 10:52
HTTP/1.1 302 Found Content-Length: 0 Connection: close Date: Fri, 23 Jan 2026 10:52:34 GMT Server: Kestrel Location: /swagger Strict-Transport-Security: max-age=2592000