Skip to content

discover api

Probe a base URL for common API paths (e.g. /openapi.json, /graphql, /.well-known/) and read response headers to fingerprint the server framework and language.

Terminal window
vulnapi discover api <URL> [flags]

Accepts all common flags.

The command prints two tables:

  • Well-known paths — paths that returned a non-404 response, with their HTTP status codes.
  • Fingerprints — detected technologies inferred from response headers (server, framework, language, etc.).

Discover well-known paths and fingerprints

Terminal window
vulnapi discover api https://api.example.com

Pass an Authorization header

Terminal window
vulnapi discover api https://api.example.com \
-H "Authorization: Bearer <token>"
CodeMeaning
0Discovery completed successfully
1Fatal error (invalid URL, network failure, etc.)