Skip to content

scan curl

Scan a single API endpoint by specifying a URL and optional HTTP method and body. Accepts the same flags as curl for familiarity when pasting commands from documentation or browser DevTools.

Terminal window
vulnapi scan curl <URL> [flags]
FlagDefaultDescription
-X, --request <method>GETHTTP method to use
-d, --data <data>HTTP request body

Also accepts all common flags.

Simple GET request

Terminal window
vulnapi scan curl https://api.example.com/endpoint

POST with a JSON body and an Authorization header

Terminal window
vulnapi scan curl https://api.example.com/endpoint \
-X POST \
-d '{"key":"value"}' \
-H "Authorization: Bearer <token>"

Run only JWT-related scans

Terminal window
vulnapi scan curl https://api.example.com/endpoint \
-H "Authorization: Bearer <token>" \
--scans "jwt.*"

Write the report as JSON to a file

Terminal window
vulnapi scan curl https://api.example.com/endpoint \
--report-format json \
--report-file report.json
CodeMeaning
0Scan completed successfully
1Fatal error (invalid URL, network failure, etc.)

When a finding exceeds --severity-threshold, additional output is written to stderr. See exit behaviour.