Microsoft-IIS 10.0
tcp/443
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549b0a478ccf7e10d2ccd2bf9184385e97f3d5f3884
Public Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/company GET /api/costCenter GET /api/costCenter/all GET /api/costCenter/child GET /api/location/areas GET /api/location/buildings GET /api/location/countries GET /api/location/facilities GET /api/organization/department GET /api/organization/department/all GET /api/organization/division GET /api/organization/division/all GET /api/organization/group/all GET /api/organization/position/all GET /api/person GET /api/person/approvers GET /api/person/citizenship GET /api/person/ctsTraining GET /api/person/doa GET /api/person/dob GET /api/person/extended GET /api/person/gender GET /api/person/homeAddress GET /api/person/payStatus GET /api/person/personDirectReports GET /api/person/related GET /api/person/searchFields GET /api/person/smartSearch GET /api/service/enum GET /api/user GET /api/user/checkRole POST /api/service/updateSharedEmail
Open service 40.114.210.78:443 ยท psws-dev.tengizchevroil.com
2026-01-23 12:09
HTTP/1.1 401 Unauthorized Content-Length: 0 Connection: close Date: Fri, 23 Jan 2026 12:09:39 GMT Server: Microsoft-IIS/10.0 Set-Cookie: ARRAffinity=e9e81f2ac2a4bf9f7313a0e23d048c6ea80e4c5057f6a319743189af4f90b5c7;Path=/;HttpOnly;Secure;Domain=psws-dev.tengizchevroil.com Set-Cookie: ARRAffinitySameSite=e9e81f2ac2a4bf9f7313a0e23d048c6ea80e4c5057f6a319743189af4f90b5c7;Path=/;HttpOnly;SameSite=None;Secure;Domain=psws-dev.tengizchevroil.com WWW-Authenticate: Bearer X-Powered-By: ASP.NET