Domain harbor.khaoticen.dev
Software information
cloudflare
tcp/443
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2025-12-09 22:40
Last seen 2026-02-02 09:39
Open for 54 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1b885ff43340c51c6930c093d70a6a2f31178bebce9c34621Public Swagger UI/API detected at path: /swagger.json - sample paths: DELETE /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/labels/{label_id} DELETE /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/tags/{tag_name} GET /audit-logs GET /auditlog-exts GET /auditlog-exts/events GET /configurations GET /export/cve/download/{execution_id} GET /export/cve/execution/{execution_id} GET /export/cve/executions GET /health GET /icons/{digest} GET /internalconfig GET /jobservice/jobs/{job_id}/log GET /jobservice/pools GET /jobservice/pools/{pool_id}/workers GET /jobservice/queues GET /labels GET /labels/{label_id} GET /ldap/groups/search GET /ldap/users/search GET /p2p/preheat/instances GET /p2p/preheat/instances/{preheat_instance_name} GET /p2p/preheat/providers GET /permissions GET /ping GET /projects GET /projects/{project_name_or_id} GET /projects/{project_name_or_id}/_deletable GET /projects/{project_name_or_id}/artifacts GET /projects/{project_name_or_id}/immutabletagrules GET /projects/{project_name_or_id}/members GET /projects/{project_name_or_id}/members/{mid} GET /projects/{project_name_or_id}/metadatas/ GET /projects/{project_name_or_id}/metadatas/{meta_name} GET /projects/{project_name_or_id}/scanner GET /projects/{project_name_or_id}/scanner/candidates GET /projects/{project_name_or_id}/summary GET /projects/{project_name_or_id}/webhook/events GET /projects/{project_name_or_id}/webhook/jobs GET /projects/{project_name_or_id}/webhook/lasttrigger GET /projects/{project_name_or_id}/webhook/policies GET /projects/{project_name_or_id}/webhook/policies/{webhook_policy_id} GET /projects/{project_name_or_id}/webhook/policies/{webhook_policy_id}/executions GET /projects/{project_name_or_id}/webhook/policies/{webhook_policy_id}/executions/{execution_id}/tasks GET /projects/{project_name_or_id}/webhook/policies/{webhook_policy_id}/executions/{execution_id}/tasks/{task_id}/log GET /projects/{project_name}/auditlog-exts GET /projects/{project_name}/logs GET /projects/{project_name}/preheat/policies GET /projects/{project_name}/preheat/policies/{preheat_policy_name} GET /projects/{project_name}/preheat/policies/{preheat_policy_name}/executions GET /projects/{project_name}/preheat/policies/{preheat_policy_name}/executions/{execution_id} GET /projects/{project_name}/preheat/policies/{preheat_policy_name}/executions/{execution_id}/tasks GET /projects/{project_name}/preheat/policies/{preheat_policy_name}/executions/{execution_id}/tasks/{task_id}/logs GET /projects/{project_name}/preheat/providers GET /projects/{project_name}/repositories GET /projects/{project_name}/repositories/{repository_name} GET /projects/{project_name}/repositories/{repository_name}/artifacts GET /projects/{project_name}/repositories/{repository_name}/artifacts/{reference} GET /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/accessories GET /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/additions/vulnerabilities GET /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/additions/{addition} GET /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/scan/{report_id}/log GET /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/tags GET /quotas GET /quotas/{id} GET /registries GET /registries/{id} GET /registries/{id}/info GET /replication/adapterinfos GET /replication/adapters GET /replication/executions GET /replication/executions/{id} GET /replication/executions/{id}/tasks GET /replication/executions/{id}/tasks/{task_id}/log GET /replication/policies GET /replication/policies/{id} GET /repositories GET /retentions/metadatas GET /retentions/{id} GET /retentions/{id}/executions GET /retentions/{id}/executions/{eid}/tasks GET /retentions/{id}/executions/{eid}/tasks/{tid} GET /robots GET /robots/{robot_id} GET /scanners GET /scanners/{registration_id} GET /scanners/{registration_id}/metadata GET /scans/all/metrics GET /scans/schedule/metrics GET /schedules GET /schedules/{job_type}/paused GET /search GET /security/summary GET /security/vul GET /statistics GET /system/CVEAllowlist GET /system/gc GET /system/gc/schedule GET /system/gc/{gc_id} GET /system/gc/{gc_id}/log GET /system/purgeaudit GET /system/purgeaudit/schedule GET /system/purgeaudit/{purge_id} GET /system/purgeaudit/{purge_id}/log GET /system/scanAll/schedule GET /systeminfo GET /systeminfo/getcert GET /systeminfo/volumes GET /usergroups GET /usergroups/search GET /usergroups/{group_id} GET /users GET /users/current GET /users/current/permissions GET /users/search GET /users/{user_id} PATCH /retentions/{id}/executions/{eid} POST /export/cve POST /ldap/ping POST /ldap/users/import POST /p2p/preheat/instances/ping POST /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/labels POST /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/scan POST /projects/{project_name}/repositories/{repository_name}/artifacts/{reference}/scan/stop POST /registries/ping POST /retentions POST /scanners/ping POST /system/oidc/ping POST /system/scanAll/stop PUT /jobservice/jobs/{job_id} PUT /jobservice/queues/{job_type} PUT /projects/{project_name_or_id}/immutabletagrules/{immutable_rule_id} PUT /users/{user_id}/cli_secret PUT /users/{user_id}/password PUT /users/{user_id}/sysadminFound on 2026-02-02 09:39
-
-
Open service 104.21.92.27:443 · harbor.khaoticen.dev
2026-01-23 09:11
HTTP/1.1 200 OK Date: Fri, 23 Jan 2026 09:11:06 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Server: cloudflare Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} Last-Modified: Tue, 09 Sep 2025 11:37:00 GMT Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=nbw4Dls6jAqYm8szgm4YS5nk%2F1r5CLZOTQLSGBpc64f1V563iO7B2q9BhwHNxVRUp5EjYPk%2FYUmbZbzy4o0uljvNmH08jMRtQRuGQQUDRuKdWFn2"}]} Cache-Control: no-store, no-cache, must-revalidate Accept-Ranges: bytes Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: DENY Content-Security-Policy: frame-ancestors 'none' cf-cache-status: DYNAMIC Server-Timing: cfCacheStatus;desc="DYNAMIC" Server-Timing: cfEdge;dur=12,cfOrigin;dur=304 CF-RAY: 9c2629678a27e73e-EWR alt-svc: h3=":443"; ma=86400 Page title: Harbor <!DOCTYPE html> <html> <head> <meta charset="utf-8"/> <title>Harbor</title> <base href="/"/> <meta name="viewport" content="width=device-width, initial-scale=1"/> <link rel="icon" type="image/x-icon" href="favicon.ico?v=2"/> <link rel="stylesheet" href="styles.ac415221c96d2bef.css"></head> <body> <harbor-app> <div class="spinner spinner-lg app-loading app-loading-fixed"> Loading... </div> </harbor-app> <script src="runtime.2ce36195b41ae8b5.js" type="module"></script><script src="polyfills.d87db3092ff69ed9.js" type="module"></script><script src="scripts.3846d86d42cdb753.js" defer></script><script src="main.8999bc94f4db915b.js" type="module"></script><script defer src="https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015" integrity="sha512-ZpsOmlRQV6y907TI0dKBHq9Md29nnaEIPlkf84rnaERnq6zvWvPUqr2ft8M1aS28oN72PdrCzSjY4U6VaAw1EQ==" data-cf-beacon='{"version":"2024.11.0","token":"b8674034e4a44157999fea998b546b5a","r":1,"server_timing":{"name":{"cfCacheStatus":true,"cfEdge":true,"cfExtPri":true,"cfL4":true,"cfOrigin":true,"cfSpeedBrain":true},"location_startswith":null}}' crossorigin="anonymous"></script> </body> </html>Found 2026-01-23 by HttpPluginCreate report
-
Open service 104.21.92.27:443 · harbor.khaoticen.dev
2026-01-09 20:17
HTTP/1.1 200 OK Date: Fri, 09 Jan 2026 20:17:23 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Server: cloudflare Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} Last-Modified: Tue, 09 Sep 2025 11:37:00 GMT Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=n8D8OmNMkmXJs79RbOhUS0%2FTM0EOkDmHH5NeWmILE52UGXcvahBgMGJbaWeY4HHguB52QDLkx8GoHlDNsJ5vDezjVWYZ7cQmzPmL9ijrZlp5Xn93"}]} Cache-Control: no-store, no-cache, must-revalidate Accept-Ranges: bytes Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: DENY Content-Security-Policy: frame-ancestors 'none' cf-cache-status: DYNAMIC Server-Timing: cfCacheStatus;desc="DYNAMIC" Server-Timing: cfEdge;dur=15,cfOrigin;dur=360 CF-RAY: 9bb69e250d1c39c5-YYZ alt-svc: h3=":443"; ma=86400 Page title: Harbor <!DOCTYPE html> <html> <head> <meta charset="utf-8"/> <title>Harbor</title> <base href="/"/> <meta name="viewport" content="width=device-width, initial-scale=1"/> <link rel="icon" type="image/x-icon" href="favicon.ico?v=2"/> <link rel="stylesheet" href="styles.ac415221c96d2bef.css"></head> <body> <harbor-app> <div class="spinner spinner-lg app-loading app-loading-fixed"> Loading... </div> </harbor-app> <script src="runtime.2ce36195b41ae8b5.js" type="module"></script><script src="polyfills.d87db3092ff69ed9.js" type="module"></script><script src="scripts.3846d86d42cdb753.js" defer></script><script src="main.8999bc94f4db915b.js" type="module"></script><script defer src="https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015" integrity="sha512-ZpsOmlRQV6y907TI0dKBHq9Md29nnaEIPlkf84rnaERnq6zvWvPUqr2ft8M1aS28oN72PdrCzSjY4U6VaAw1EQ==" data-cf-beacon='{"version":"2024.11.0","token":"b8674034e4a44157999fea998b546b5a","r":1,"server_timing":{"name":{"cfCacheStatus":true,"cfEdge":true,"cfExtPri":true,"cfL4":true,"cfOrigin":true,"cfSpeedBrain":true},"location_startswith":null}}' crossorigin="anonymous"></script> </body> </html>Found 2026-01-09 by HttpPluginCreate report
-
Open service 104.21.92.27:443 · harbor.khaoticen.dev
2026-01-02 17:50
HTTP/1.1 200 OK Date: Fri, 02 Jan 2026 17:50:52 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Server: cloudflare Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} Last-Modified: Tue, 09 Sep 2025 11:37:00 GMT Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4H9XmPbByW9LWt4M4vwOQB7W9UfWA7fsWH8bC5V6WTsmpdiWJQpaI4%2Fv0vD0u%2FxF8bZI9ZMXt5roW%2B9SxY6vPTrKWet4tkUS8vlA4AHaTeW8U%2F1l"}]} Cache-Control: no-store, no-cache, must-revalidate Accept-Ranges: bytes Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: DENY Content-Security-Policy: frame-ancestors 'none' cf-cache-status: DYNAMIC CF-RAY: 9b7c19ea2bd49875-AMS alt-svc: h3=":443"; ma=86400 Page title: Harbor <!DOCTYPE html> <html> <head> <meta charset="utf-8"/> <title>Harbor</title> <base href="/"/> <meta name="viewport" content="width=device-width, initial-scale=1"/> <link rel="icon" type="image/x-icon" href="favicon.ico?v=2"/> <link rel="stylesheet" href="styles.ac415221c96d2bef.css"></head> <body> <harbor-app> <div class="spinner spinner-lg app-loading app-loading-fixed"> Loading... </div> </harbor-app> <script src="runtime.2ce36195b41ae8b5.js" type="module"></script><script src="polyfills.d87db3092ff69ed9.js" type="module"></script><script src="scripts.3846d86d42cdb753.js" defer></script><script src="main.8999bc94f4db915b.js" type="module"></script></body> </html>Found 2026-01-02 by HttpPluginCreate report
-
Open service 104.21.92.27:443 · harbor.khaoticen.dev
2025-12-23 08:12
HTTP/1.1 200 OK Date: Tue, 23 Dec 2025 08:12:43 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Server: cloudflare Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800} Last-Modified: Tue, 09 Sep 2025 11:37:00 GMT Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=jPonMpJ7P2Axi5NyYJ3iVnwu4Mz0FRyGzP%2F7pLTZ1PC8FIofE6NRaQ9pf18iOUbKzo75iIpKDxRt6R0jndNjnrqpCmqdqBNi4sEieT6VB0k%2FmrpB"}]} Cache-Control: no-store, no-cache, must-revalidate Accept-Ranges: bytes Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: DENY Content-Security-Policy: frame-ancestors 'none' cf-cache-status: DYNAMIC CF-RAY: 9b266541dcc835df-FRA alt-svc: h3=":443"; ma=86400 Page title: Harbor <!DOCTYPE html> <html> <head> <meta charset="utf-8"/> <title>Harbor</title> <base href="/"/> <meta name="viewport" content="width=device-width, initial-scale=1"/> <link rel="icon" type="image/x-icon" href="favicon.ico?v=2"/> <link rel="stylesheet" href="styles.ac415221c96d2bef.css"></head> <body> <harbor-app> <div class="spinner spinner-lg app-loading app-loading-fixed"> Loading... </div> </harbor-app> <script src="runtime.2ce36195b41ae8b5.js" type="module"></script><script src="polyfills.d87db3092ff69ed9.js" type="module"></script><script src="scripts.3846d86d42cdb753.js" defer></script><script src="main.8999bc94f4db915b.js" type="module"></script></body> </html>Found 2025-12-23 by HttpPluginCreate report