Domain coreapi.jitax.co.ke
Software information
cloudflare
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-10-17 09:48
Last seen 2026-02-14 07:36
Open for 119 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad0354948d4773934d01b1c7e31cc24e6e9c0dcb2465319Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/Organizations/{id}/businesses/{businessId}/users/{userId} DELETE /api/Organizations/{id}/users/{userId} GET /api/Common/DatabaseTypes GET /api/Common/KRAClassificationCodeTypes GET /api/Common/KRAClassificationCodes GET /api/Common/KRAItemClassificationCodes GET /api/Common/OrganizationTypes GET /api/Common/TenantTypes GET /api/Common/configurationData GET /api/Common/roles GET /api/Internal/tenants GET /api/Organizations/GetBusinessesByUserId GET /api/Organizations/{id} GET /api/Organizations/{id}/businesses/{businessId} GET /api/ServerInstances/{id} GET /api/Users/currentUser POST /api/Branches/Customer POST /api/Branches/Insurance POST /api/Branches/User POST /api/Common/statusTrackingHistory POST /api/Common/statusTrackingHistoryData POST /api/DatabaseTypeProperties POST /api/KRASync/branches POST /api/KRASync/imports POST /api/KRASync/notices POST /api/KRASync/purchases POST /api/Organizations POST /api/Organizations/InitializeBusiness POST /api/Organizations/{id}/businesses POST /api/Organizations/{id}/businesses/{businessId}/users POST /api/Organizations/{id}/users POST /api/Sales POST /api/ServerInstances POST /api/StockItems POST /api/StockItems/AdjustStock POST /api/StockItems/ConfirmAndMapImport/{importId} POST /api/StockItems/ConfirmAndMapPurchase/{purchaseId} POST /api/StockItems/ConfirmImport/{importId} POST /api/StockItems/ConfirmPurchase/{purchaseId} POST /api/StockItems/StockItemComposition POST /api/StockItems/StockMovement POST /api/ThirdPartySystem/AddCreditNote POST /api/ThirdPartySystem/AddSale POST /api/ThirdPartySystem/AddStock POST /api/ThirdPartySystem/AddStockComposition POST /api/ThirdPartySystem/AdjustStock POST /api/Users PUT /api/DatabaseTypeProperties/{id} PUT /api/StockItems/{itemCode}Found on 2026-02-14 07:36
-
-
Open service 104.26.14.101:443 ยท coreapi.jitax.co.ke
2026-01-23 08:10
HTTP/1.1 302 Found Date: Fri, 23 Jan 2026 08:10:37 GMT Content-Length: 0 Connection: close Server: cloudflare Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} Location: ./swagger Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=2Nfd%2BDUAHJG2T2%2FExbFsC8iYd0EMEzbqNxDnLnX9GY35lsjQWhJE4MHDhqiqLYmjFVo9GGrsshnY0eI0UJv6Sw2I2bJX%2FTQU0LvoKQeMn3QX6es%3D"}]} cf-cache-status: DYNAMIC CF-RAY: 9c25d0cc4fd94601-EWR alt-svc: h3=":443"; ma=86400Found 2026-01-23 by HttpPluginCreate report