Skip to main content
GET
/
v1
/
asset
/
enumerate
/
misconfiguration
List Misconfiguration Findings
curl --request GET \
  --url https://api.projectdiscovery.io/v1/asset/enumerate/misconfiguration \
  --header 'X-API-Key: <api-key>'
{
  "message": "<string>",
  "total_pages": 123,
  "total_results": 123,
  "current_page": 123,
  "data": [
    {
      "id": "<string>",
      "enumeration_id": "<string>",
      "finding_type": "dangling_dns",
      "host": "<string>",
      "severity": "critical",
      "status": "open",
      "event": {},
      "created_at": "2023-12-25",
      "updated_at": "2023-12-25"
    }
  ]
}

Finding Types

TypeDescription
dangling_dnsAWS Elastic IPs that no longer exist, leaving DNS records vulnerable to subdomain takeover
origin_exposureCloudflare-proxied origin IPs independently discoverable through other hostnames

AWS Dangling DNS

A dangling DNS finding is reported when a DNS record points to an AWS Elastic IP that no longer exists, making it potentially vulnerable to subdomain takeover. Requires an AWS cloud integration.

Cloudflare Origin IP Exposure

When a domain is proxied through Cloudflare, its origin server IP is hidden behind Cloudflare’s network. An origin exposure finding indicates that this origin IP is independently discoverable through another hostname that resolves to it directly, without going through Cloudflare. This finding requires two things:
  1. A Cloudflare cloud integration — This allows us to read your DNS records and identify which hostnames are proxied and what origin IPs they point to.
  2. Asset inventory — Hostnames and their resolved IPs from your attack surface discovery. The check runs against your entire inventory, excluding assets sourced from cloud integrations.
When a hostname from your inventory resolves to the same IP as the origin behind one of your proxied Cloudflare records, it is flagged as an origin exposure finding.

Event Details by Finding Type

The event object contains type-specific details: dangling_dns
FieldDescription
hostThe vulnerable hostname
ipThe dangling IP address
providerCloud provider (e.g., AWS)
origin_exposure
FieldDescription
origin_ipThe exposed origin server IP
providerCDN provider (e.g., Cloudflare)
leaking_hostsThe hostnames from your inventory that resolve directly to the origin IP

Example Requests

List all misconfigurations

curl -X GET "https://api.projectdiscovery.io/v1/asset/enumerate/misconfiguration?limit=50" \
  -H "X-Api-Key: YOUR_API_KEY"

Filter by finding type

curl -X GET "https://api.projectdiscovery.io/v1/asset/enumerate/misconfiguration?finding_type=dangling_dns" \
  -H "X-Api-Key: YOUR_API_KEY"

Search by host

curl -X GET "https://api.projectdiscovery.io/v1/asset/enumerate/misconfiguration?search=staging.example.com" \
  -H "X-Api-Key: YOUR_API_KEY"

Authorizations

X-API-Key
string
header
required

Headers

X-Team-Id
string

Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team

Query Parameters

limit
integer

The numbers of items to return

offset
integer

The number of items to skip before starting to collect the result set

search
string

Case-insensitive substring search on the host field

finding_type
enum<string>

Filter by finding type

Available options:
dangling_dns,
origin_exposure

Response

OK

message
string
total_pages
integer
total_results
integer
current_page
integer
data
MisconfigurationResponse · object[]