Domain dev1-papi.kekker.com
Ireland
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-25 10:18-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e064c567368a5346f8bdcf2ea6d900421022f715Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/v1/events/subscriptions/{uid} GET /api/v1/assets GET /api/v1/assets/{uid} GET /api/v1/assets/{uid}/orders/burning GET /api/v1/assets/{uid}/orders/buy GET /api/v1/assets/{uid}/orders/exchange GET /api/v1/assets/{uid}/orders/init GET /api/v1/assets/{uid}/orders/sell GET /api/v1/auth/check GET /api/v1/auth/stsloginurl GET /api/v1/auth/stslogouturl GET /api/v1/clients GET /api/v1/clients/groups GET /api/v1/dictionaries/document-types GET /api/v1/dicts/reports/periods GET /api/v1/dicts/reports/statuses GET /api/v1/dicts/reports/types GET /api/v1/documents/{uid} GET /api/v1/documents/{uid}/zip GET /api/v1/events GET /api/v1/events/subscriptions GET /api/v1/events/subscriptions/{uid}/events GET /api/v1/files/outbox/{uid} GET /api/v1/files/{uid} GET /api/v1/orders/{uid} GET /api/v1/profile GET /api/v1/profile/qualification GET /api/v1/reports GET /api/v1/reports/types/{type}/settings GET /api/v1/reports/{uid} POST /api/v1/assets/{uid}/balance/lock POST /api/v1/assets/{uid}/balance/unlock POST /api/v1/auth/refreshtokens POST /api/v1/auth/tokens POST /api/v1/clients/register/batch POST /api/v1/clients/register/test POST /api/v1/events/subscriptions/{uid}/ack/{lastEventId} POST /api/v1/files/outbox POST /api/v1/files/outbox/issueEventForm POST /api/v1/files/outbox/issueFulfillmentProspectus POST /api/v1/files/outbox/issueInitProspectus POST /api/v1/files/outbox/issueLockProspectus POST /api/v1/files/outbox/issueOrderPairRequestProspectus/buy POST /api/v1/files/outbox/issueOrderPairRequestProspectus/sell POST /api/v1/files/outbox/issueTransferProspectus POST /api/v1/files/outbox/issueUnlockProspectus POST /api/v1/files/outbox/offerProspectus POST /api/v1/orders/burning/{uid}/payment POST /api/v1/orders/burning/{uid}/rejectpayment POST /api/v1/orders/buy POST /api/v1/orders/buy/{uid}/payment POST /api/v1/orders/buy/{uid}/rejectpayment POST /api/v1/orders/exchange POST /api/v1/orders/init POST /api/v1/orders/init/{uid}/payment POST /api/v1/orders/init/{uid}/rejectpayment POST /api/v1/orders/initEncumbrance POST /api/v1/orders/releaseEncumbrance POST /api/v1/orders/sell POST /api/v1/orders/transfer PUT /api/v1/orders/burning/{uid}/accept PUT /api/v1/orders/buy/{uid}/accept PUT /api/v1/orders/exchange/{uid}/accept PUT /api/v1/orders/init/{uid}/accept PUT /api/v1/orders/transfer/{uid}/accept PUT /api/v1/orders/transfer/{uid}/rejectFound on 2025-11-25 10:18
-
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-11-25 10:18-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549e064c567368a5346f8bdcf2ea6d900421022f715Public Swagger UI/API detected at path: /swagger/index.html - sample paths: DELETE /api/v1/events/subscriptions/{uid} GET /api/v1/assets GET /api/v1/assets/{uid} GET /api/v1/assets/{uid}/orders/burning GET /api/v1/assets/{uid}/orders/buy GET /api/v1/assets/{uid}/orders/exchange GET /api/v1/assets/{uid}/orders/init GET /api/v1/assets/{uid}/orders/sell GET /api/v1/auth/check GET /api/v1/auth/stsloginurl GET /api/v1/auth/stslogouturl GET /api/v1/clients GET /api/v1/clients/groups GET /api/v1/dictionaries/document-types GET /api/v1/dicts/reports/periods GET /api/v1/dicts/reports/statuses GET /api/v1/dicts/reports/types GET /api/v1/documents/{uid} GET /api/v1/documents/{uid}/zip GET /api/v1/events GET /api/v1/events/subscriptions GET /api/v1/events/subscriptions/{uid}/events GET /api/v1/files/outbox/{uid} GET /api/v1/files/{uid} GET /api/v1/orders/{uid} GET /api/v1/profile GET /api/v1/profile/qualification GET /api/v1/reports GET /api/v1/reports/types/{type}/settings GET /api/v1/reports/{uid} POST /api/v1/assets/{uid}/balance/lock POST /api/v1/assets/{uid}/balance/unlock POST /api/v1/auth/refreshtokens POST /api/v1/auth/tokens POST /api/v1/clients/register/batch POST /api/v1/clients/register/test POST /api/v1/events/subscriptions/{uid}/ack/{lastEventId} POST /api/v1/files/outbox POST /api/v1/files/outbox/issueEventForm POST /api/v1/files/outbox/issueFulfillmentProspectus POST /api/v1/files/outbox/issueInitProspectus POST /api/v1/files/outbox/issueLockProspectus POST /api/v1/files/outbox/issueOrderPairRequestProspectus/buy POST /api/v1/files/outbox/issueOrderPairRequestProspectus/sell POST /api/v1/files/outbox/issueTransferProspectus POST /api/v1/files/outbox/issueUnlockProspectus POST /api/v1/files/outbox/offerProspectus POST /api/v1/orders/burning/{uid}/payment POST /api/v1/orders/burning/{uid}/rejectpayment POST /api/v1/orders/buy POST /api/v1/orders/buy/{uid}/payment POST /api/v1/orders/buy/{uid}/rejectpayment POST /api/v1/orders/exchange POST /api/v1/orders/init POST /api/v1/orders/init/{uid}/payment POST /api/v1/orders/init/{uid}/rejectpayment POST /api/v1/orders/initEncumbrance POST /api/v1/orders/releaseEncumbrance POST /api/v1/orders/sell POST /api/v1/orders/transfer PUT /api/v1/orders/burning/{uid}/accept PUT /api/v1/orders/buy/{uid}/accept PUT /api/v1/orders/exchange/{uid}/accept PUT /api/v1/orders/init/{uid}/accept PUT /api/v1/orders/transfer/{uid}/accept PUT /api/v1/orders/transfer/{uid}/rejectFound on 2025-11-25 10:18
-