Kestrel
tcp/443
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549d807de2171428b09f3889c47074a218cbe47adc7
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
DELETE /contract/settlements/{associationId}
DELETE /medicalagreements/settlements/{ContractSettlementId}
GET /Practitioners/settlements/{PractitionerSettlementId}
GET /Practitioners/{PractitionerId}/settlements
GET /Sponsors/settlements/{SponsorSettlementId}
GET /Sponsors/{SponsorId}/settlements
GET /contract/settlements/{ContractSettlementId}
GET /contract/{ContractID}/settlements
GET /info
GET /medicalagreements/settlements/{AgreementSettlementId}
GET /medicalagreements/{agreementId}/settlements
GET /protocol/settlements/{ProtocolSettlementId}
GET /protocol/{ProtocolId}/patients
GET /protocol/{ProtocolId}/settlements
GET /settlements
GET /settlements/concepts/{SettlementConceptId}
GET /settlements/debts/{SettlementDebtId}
GET /settlements/details/concept-values/{ConceptValueId}
GET /settlements/details/{DetailId}/concept-values
GET /settlements/details/{SettlementDetailId}
GET /settlements/resumes/{SettlementResumeId}
GET /settlements/{SettlementId}
GET /settlements/{SettlementId}/concepts
GET /settlements/{SettlementId}/debts
GET /settlements/{SettlementId}/details
GET /settlements/{SettlementId}/resumes
PATCH /settlements/details/exclude/{excludeStatus}
PATCH /settlements/details/{SettlementDetailId}/exclude/{excludeStatus}
PATCH /settlements/details/{SettlementDetailId}/markok/{Status}
PATCH /settlements/details/{SettlementDetailId}/marktoreview/{Status}
POST /Practitioners/settlements
POST /Sponsors/settlements
POST /contract/settlements
POST /medicalagreements/settlements
POST /protocol/settlements
POST /settlements/concepts
POST /settlements/details
POST /settlements/details/concept-values
POST /settlements/resumes
Open service 20.40.202.29:443 ยท ichtyssettlement.alpha-cr.com
2026-01-23 15:33
HTTP/1.1 404 Not Found Content-Length: 0 Connection: close Date: Fri, 23 Jan 2026 15:33:54 GMT Server: Kestrel