Kestrel
tcp/443
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd12ec8532c2ec8532c2ec8532c2ec8532c2ec8532c2ec8532c
Public Swagger UI/API detected at path: /swagger/index.html
Open service 20.105.232.48:443 · idsvr.test.semco.assetintegrityhub.com
2026-02-16 15:07
HTTP/1.1 200 OK
Content-Length: 4486
Connection: close
Content-Type: text/html
Date: Mon, 16 Feb 2026 15:07:42 GMT
Server: Kestrel
Accept-Ranges: bytes
ETag: "1dc852ca6565906"
Last-Modified: Wed, 14 Jan 2026 08:06:13 GMT
x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000
Request-Context: appId=cid-v1:452f9079-c459-4da6-97d6-1bbe59428f3e
Page title: AIH.IdentityServer!
<!doctype html>
<html lang="en">
<head>
<!-- Required meta tags -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<!-- Bootstrap CSS -->
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css"
integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
<title>AIH.IdentityServer!</title>
<style>
/* Style for modal body */
.cridentials-part {
font-size: 18px;
border-spacing: 10px;
padding: 30px;
margin: auto
}
.invalid-text {
color: red;
font-weight: bold;
font-size: 20px;
text-transform: uppercase;
background-color: #ffe6e6;
padding: 10px;
border-radius: 5px;
box-shadow: 0 0 10px rgba(255, 0, 0, 0.5);
}
.label {
display: block;
}
.input {
margin: 10px
}
.modal-footer {
padding: 5px
}
.invalid-text {
display: none
}
</style>
</head>
<body>
<form>
<div class="form-group">
<label for="accesstokentextarea">Access Token</label>
<textarea class="form-control" id="accesstokentextarea" rows="6" readonly></textarea>
</div>
<div class="form-group">
<label for="idtokentextarea">Id Token</label>
<textarea class="form-control" id="idtokentextarea" rows="6" readonly></textarea>
</div>
<button type="button" class="btn btn-primary" id="loginbtnAAD">LoginAAD</button>
<button type="button" class="btn btn-primary" id="loginbtnAADB2C">LoginAADB2C</button>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#system_user_dialog" id="loginSystemUser">
LoginSystemUser
</button>
<button type="button" class="btn btn-danger" id="logoutbtn">Logout</button>
</form>
<div id="system_user_dialog" class="modal" tabindex="-1" role="dialog">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Enter credentials</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<div class="cridentials-part">
<div class="input">
<label for="clientId" class="label">UserName</label>
<input type="text" id="clientId" size="40" placeholder="userName">
</div>
<div class="input">
<label for="clientsecret" class="label">Secret</label>
<input type="password" id="clientSecret" size="40" placeholder="Secret">
</div>
<div>
<label class="invalid-text">Invalid Client</label>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-primary" id="confirm">Confirm</button>
<button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
<!-- Optional JavaScript -->
<!-- jQuery first, then Popper.js, then Bootstrap JS -->
<script src="https://code.jquery.com/jquery-3.4.1.slim.min.js"
integrity="sha384-J6qa4849blE2+poT4WnyKhv5vZF5SrPo0iEjwBvKU7imGFAV0wwj1yYfoRSJoZ+n"
crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js"
integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3Uks
Open service 20.105.232.48:443 · idsvr.test.semco.assetintegrityhub.com
2026-01-23 11:32
HTTP/1.1 200 OK
Content-Length: 4486
Connection: close
Content-Type: text/html
Date: Fri, 23 Jan 2026 11:33:13 GMT
Server: Kestrel
Accept-Ranges: bytes
ETag: "1dc852ca6565906"
Last-Modified: Wed, 14 Jan 2026 08:06:13 GMT
x-ms-middleware-request-id: 00000000-0000-0000-0000-000000000000
Request-Context: appId=cid-v1:452f9079-c459-4da6-97d6-1bbe59428f3e
Page title: AIH.IdentityServer!
<!doctype html>
<html lang="en">
<head>
<!-- Required meta tags -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<!-- Bootstrap CSS -->
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css"
integrity="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">
<title>AIH.IdentityServer!</title>
<style>
/* Style for modal body */
.cridentials-part {
font-size: 18px;
border-spacing: 10px;
padding: 30px;
margin: auto
}
.invalid-text {
color: red;
font-weight: bold;
font-size: 20px;
text-transform: uppercase;
background-color: #ffe6e6;
padding: 10px;
border-radius: 5px;
box-shadow: 0 0 10px rgba(255, 0, 0, 0.5);
}
.label {
display: block;
}
.input {
margin: 10px
}
.modal-footer {
padding: 5px
}
.invalid-text {
display: none
}
</style>
</head>
<body>
<form>
<div class="form-group">
<label for="accesstokentextarea">Access Token</label>
<textarea class="form-control" id="accesstokentextarea" rows="6" readonly></textarea>
</div>
<div class="form-group">
<label for="idtokentextarea">Id Token</label>
<textarea class="form-control" id="idtokentextarea" rows="6" readonly></textarea>
</div>
<button type="button" class="btn btn-primary" id="loginbtnAAD">LoginAAD</button>
<button type="button" class="btn btn-primary" id="loginbtnAADB2C">LoginAADB2C</button>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#system_user_dialog" id="loginSystemUser">
LoginSystemUser
</button>
<button type="button" class="btn btn-danger" id="logoutbtn">Logout</button>
</form>
<div id="system_user_dialog" class="modal" tabindex="-1" role="dialog">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Enter credentials</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">×</span>
</button>
</div>
<div class="cridentials-part">
<div class="input">
<label for="clientId" class="label">UserName</label>
<input type="text" id="clientId" size="40" placeholder="userName">
</div>
<div class="input">
<label for="clientsecret" class="label">Secret</label>
<input type="password" id="clientSecret" size="40" placeholder="Secret">
</div>
<div>
<label class="invalid-text">Invalid Client</label>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-primary" id="confirm">Confirm</button>
<button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
<!-- Optional JavaScript -->
<!-- jQuery first, then Popper.js, then Bootstrap JS -->
<script src="https://code.jquery.com/jquery-3.4.1.slim.min.js"
integrity="sha384-J6qa4849blE2+poT4WnyKhv5vZF5SrPo0iEjwBvKU7imGFAV0wwj1yYfoRSJoZ+n"
crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js"
integrity="sha384-Q6E9RHvbIyZFJoft+2mJbHaEWldlvI9IOYy5n3zV9zzTtmI3Uks