Domain secinf-dev.tengizchevroil.com
The Netherlands
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
IP: 52.232.33.202
Domain: secinf-dev.tengizchevroil.com
Port: 443
URL: https://secinf-dev.tengizchevroil.comFirst seen 2025-12-26 08:20
Last seen 2026-02-09 14:56
Open for 45 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1f3d88d60f68287ca1fc03a962f828e6ad68017a376b9d625Public Swagger UI/API detected at path: /swagger/v1/swagger.json - sample paths: DELETE /api/BusinessPartnerAccount/{id} DELETE /api/Facility/{id} DELETE /api/MaterialType/{id} GET /account/SignIn GET /account/SignOut GET /account/me/identity GET /account/ping GET /api/BusinessPartnerAccount GET /api/BusinessPartnerAccount/actions/Company/Search/{queryString} GET /api/BusinessPartnerAccount/actions/Search/{queryString} GET /api/CostCenter/GetCostCenters GET /api/CostCenter/SearchCostCenter/{numberSearchString} GET /api/CostCenter/getCostCenter/{number} GET /api/Facility GET /api/Facility/getFacilityOwnerList/{id} GET /api/Facility/getFacilityOwnersHistoryLog GET /api/Geolocation GET /api/Geolocation/actions/get/unlinked GET /api/Geolocation/actions/search/{name} GET /api/Geolocation/actions/validate GET /api/Geolocation/actions/{id}/validate GET /api/Geolocation/{id} GET /api/GeolocationTypes GET /api/HsrmCategory GET /api/Material/actions/GetMaterialsByCostCenter GET /api/Material/actions/GetMaterialsByTacticalPlan GET /api/MaterialPass GET /api/MaterialType GET /api/PersonInformation/actions/DetailPersonInformation/{badgeNumber} GET /api/PersonInformation/actions/FullTextSearch GET /api/TacticalPlan GET /api/TacticalPlan/detailed/history/{tacticalPlanActionId} GET /api/TacticalPlan/get-attachments-total-count GET /api/TacticalPlan/history/{tacticalPlanId} GET /api/TacticalPlanFile/{id} GET /api/TacticalPlanInformationTab GET /api/TacticalPlanPersonTab GET /api/TacticalPlanProjectTab GET /api/Vendor/actions/Search/{companySearchString} GET /api/Vendor/{companyFullName} GET /app/info POST /api/Facility/actions/add/owners POST /api/Geolocation/getGeolocationsByTypes POST /api/TacticalPlanFile/Upload PUT /api/TacticalPlan/delete-tspFound on 2026-02-09 14:56
-