Kestrel
tcp/443
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549f74d9dc474cb45550acbd5e30d433a8bb583695a
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /info
GET /tenantpricelists
GET /tenantpricelists/active
GET /tenantpricelists/{TenantPriceListId}
PUT /tenantpricelists/{TenantPriceListId}/validityend
PUT /tenantpricelists/{TenantPriceListId}/validitystart
Open service 20.40.202.29:443 · ichtystenantpricelist.alpha-cr.com
2026-01-22 19:48
HTTP/1.1 404 Not Found Content-Length: 0 Connection: close Date: Thu, 22 Jan 2026 19:48:50 GMT Server: Kestrel Request-Context: appId=cid-v1:0f6fe5c9-93fe-472a-9cc6-8fbda594a368
Open service 20.40.202.29:80 · ichtystenantpricelist.alpha-cr.com
2026-01-12 18:47
HTTP/1.1 301 Moved Permanently Content-Length: 0 Connection: close Date: Mon, 12 Jan 2026 18:48:11 GMT Location: https://ichtystenantpricelist.alpha-cr.com/
Open service 20.40.202.29:443 · ichtystenantpricelist.alpha-cr.com
2026-01-12 18:47
HTTP/1.1 404 Not Found Content-Length: 0 Connection: close Date: Mon, 12 Jan 2026 18:48:12 GMT Server: Kestrel Request-Context: appId=cid-v1:0f6fe5c9-93fe-472a-9cc6-8fbda594a368