Kestrel
tcp/443
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354965c8e012d1b3373e6edfa177da7f509bfb894d00
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /health
GET /v1/metadata
GET /v1/stores
GET /v1/surveys/questions/{id}
GET /v1/user-settings/{userId}
GET /v2/media/{publicId}
GET /v2/media/{publicId}/metadata
GET /v2/stores/media/{publicId}
GET /v2/stores/media/{publicId}/metadata
GET /v3/media/details
GET /v3/stores/media/details
POST /v1/media/sign
POST /v1/stores/media/sign
POST /v1/surveys/{id}/answers
POST /v1/user-actions
POST /v1/user-actions/search
POST /v1/user-settings/pin-store
POST /v1/user-settings/unpin-store
POST /v2/media/search
POST /v2/stores/{storeId}/media/search
POST /v3/media/batch-delete
POST /v3/media/batch-update
PUT /v3/stores/media/batch-update
Open service 13.69.68.21:443 ยท api.test.mediabanken.ica.se
2026-01-23 12:30
HTTP/1.1 404 Not Found Content-Length: 0 Connection: close Date: Fri, 23 Jan 2026 12:31:27 GMT Server: Kestrel