List Misconfiguration Findings

curl --request GET \
  --url https://api.projectdiscovery.io/v1/asset/enumerate/misconfiguration \
  --header 'X-API-Key: <api-key>'

{
  "message": "<string>",
  "total_pages": 123,
  "total_results": 123,
  "current_page": 123,
  "data": [
    {
      "id": "<string>",
      "enumeration_id": "<string>",
      "finding_type": "dangling_dns",
      "host": "<string>",
      "severity": "critical",
      "status": "open",
      "event": {},
      "created_at": "2023-12-25",
      "updated_at": "2023-12-25"
    }
  ]
}

GET

asset

enumerate

misconfiguration

List Misconfiguration Findings

curl --request GET \
  --url https://api.projectdiscovery.io/v1/asset/enumerate/misconfiguration \
  --header 'X-API-Key: <api-key>'

{
  "message": "<string>",
  "total_pages": 123,
  "total_results": 123,
  "current_page": 123,
  "data": [
    {
      "id": "<string>",
      "enumeration_id": "<string>",
      "finding_type": "dangling_dns",
      "host": "<string>",
      "severity": "critical",
      "status": "open",
      "event": {},
      "created_at": "2023-12-25",
      "updated_at": "2023-12-25"
    }
  ]
}

Finding Types

Type	Description
`dangling_dns`	DNS records pointing to resources that no longer exist, potentially vulnerable to subdomain takeover
`origin_exposure`	Backend origin IPs exposed behind CDN or proxy services

Event Details by Finding Type

The event object contains type-specific details: dangling_dns

Field	Description
`host`	The vulnerable hostname
`ip`	The dangling IP address
`provider`	Cloud provider (e.g., AWS)

origin_exposure

Field	Description
`origin_ip`	The exposed origin server IP
`provider`	CDN provider (e.g., CloudFlare)
`leaking_hosts`	Hostnames leaking the origin IP

Example Requests

List all misconfigurations

curl -X GET "https://api.projectdiscovery.io/v1/asset/enumerate/misconfiguration?limit=50" \
  -H "X-Api-Key: YOUR_API_KEY"

Filter by finding type

curl -X GET "https://api.projectdiscovery.io/v1/asset/enumerate/misconfiguration?finding_type=dangling_dns" \
  -H "X-Api-Key: YOUR_API_KEY"

Search by host

curl -X GET "https://api.projectdiscovery.io/v1/asset/enumerate/misconfiguration?search=staging.example.com" \
  -H "X-Api-Key: YOUR_API_KEY"

Authorizations

X-API-Key

string

header

required

Headers

X-Team-Id

string

Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team

Query Parameters

limit

integer

The numbers of items to return

offset

integer

The number of items to skip before starting to collect the result set

string

Case-insensitive substring search on the host field

finding_type

enum<string>

Filter by finding type

Available options:

dangling_dns,

origin_exposure

Response

message

string

total_pages

integer

total_results

integer

current_page

integer

data

MisconfigurationResponse · object[]

Show child attributes

Get asset enumeration history data List asset policies

⌘I

API Reference

​Finding Types

​Event Details by Finding Type

​Example Requests

​List all misconfigurations

​Filter by finding type

​Search by host

Authorizations

Headers

Query Parameters

Response

Finding Types

Event Details by Finding Type

Example Requests

List all misconfigurations

Filter by finding type

Search by host