> ## Documentation Index > Fetch the complete documentation index at: https://docs.projectdiscovery.io/llms.txt > Use this file to discover all available pages before exploring further. # List Misconfiguration Findings > Retrieve infrastructure misconfiguration findings discovered during asset enumeration. Currently detects AWS dangling DNS (Elastic IPs that no longer exist) and Cloudflare origin IP exposure. ## Finding Types | Type | Description | | ----------------- | ------------------------------------------------------------------------------------------ | | `dangling_dns` | AWS Elastic IPs that no longer exist, leaving DNS records vulnerable to subdomain takeover | | `origin_exposure` | Cloudflare-proxied origin IPs independently discoverable through other hostnames | ### AWS Dangling DNS A dangling DNS finding is reported when a DNS record points to an AWS Elastic IP that no longer exists, making it potentially vulnerable to subdomain takeover. Requires an AWS cloud integration. ### Cloudflare Origin IP Exposure When a domain is proxied through Cloudflare, its origin server IP is hidden behind Cloudflare's network. An origin exposure finding indicates that this origin IP is independently discoverable through another hostname that resolves to it directly, without going through Cloudflare. This finding requires two things: 1. **A Cloudflare cloud integration** — This allows us to read your DNS records and identify which hostnames are proxied and what origin IPs they point to. 2. **Asset inventory** — Hostnames and their resolved IPs from your attack surface discovery. The check runs against your entire inventory, excluding assets sourced from cloud integrations. When a hostname from your inventory resolves to the same IP as the origin behind one of your proxied Cloudflare records, it is flagged as an origin exposure finding. ### Event Details by Finding Type The `event` object contains type-specific details: **`dangling_dns`** | Field | Description | | ---------- | -------------------------- | | `host` | The vulnerable hostname | | `ip` | The dangling IP address | | `provider` | Cloud provider (e.g., AWS) | **`origin_exposure`** | Field | Description | | --------------- | ------------------------------------------------------------------------ | | `origin_ip` | The exposed origin server IP | | `provider` | CDN provider (e.g., Cloudflare) | | `leaking_hosts` | The hostnames from your inventory that resolve directly to the origin IP | ## Example Requests ### List all misconfigurations ```bash theme={null} curl -X GET "https://api.projectdiscovery.io/v1/asset/enumerate/misconfiguration?limit=50" \ -H "X-Api-Key: YOUR_API_KEY" ``` ### Filter by finding type ```bash theme={null} curl -X GET "https://api.projectdiscovery.io/v1/asset/enumerate/misconfiguration?finding_type=dangling_dns" \ -H "X-Api-Key: YOUR_API_KEY" ``` ### Search by host ```bash theme={null} curl -X GET "https://api.projectdiscovery.io/v1/asset/enumerate/misconfiguration?search=staging.example.com" \ -H "X-Api-Key: YOUR_API_KEY" ``` ## OpenAPI ````yaml get /v1/asset/enumerate/misconfiguration openapi: 3.1.0 info: title: PDCP API version: '1.0' summary: ProjectDiscovery Cloud Platform description: >- For more details, checkout https://docs.projectdiscovery.io/api-reference/editor/scan servers: - url: https://api.projectdiscovery.io description: Production - url: https://api.dev.projectdiscovery.io description: Development - url: http://localhost:8085 description: Localhost security: - X-API-Key: [] paths: /v1/asset/enumerate/misconfiguration: get: tags: [] summary: List Misconfiguration Findings description: >- Retrieve infrastructure misconfiguration findings discovered during asset enumeration. Currently detects AWS dangling DNS (Elastic IPs that no longer exist) and Cloudflare origin IP exposure. operationId: get-v1-asset-enumerate-misconfiguration parameters: - schema: type: string in: header description: >- Retrieve the Team ID from: https://cloud.projectdiscovery.io/settings/team name: X-Team-Id - schema: type: integer in: query name: limit description: The numbers of items to return - schema: type: integer in: query description: >- The number of items to skip before starting to collect the result set name: offset - schema: type: string in: query name: search description: Case-insensitive substring search on the host field - schema: type: string enum: - dangling_dns - origin_exposure in: query name: finding_type description: Filter by finding type responses: '200': description: OK content: application/json: schema: type: object properties: message: type: string total_pages: type: integer total_results: type: integer current_page: type: integer data: type: array items: $ref: '#/components/schemas/MisconfigurationResponse' '400': $ref: '#/components/responses/ErrorResponse' '401': $ref: '#/components/responses/ErrorResponse' '403': $ref: '#/components/responses/ErrorResponse' '500': $ref: '#/components/responses/ErrorResponse' default: $ref: '#/components/responses/ErrorResponse' components: schemas: MisconfigurationResponse: title: MisconfigurationResponse type: object properties: id: type: string description: Unique identifier for the finding enumeration_id: type: string description: ID of the enumeration run that discovered this finding finding_type: type: string enum: - dangling_dns - origin_exposure description: >- Type of misconfiguration: dangling_dns (AWS Elastic IP no longer exists) or origin_exposure (Cloudflare origin IP leaked) host: type: string description: The affected hostname or domain severity: type: string enum: - critical - high - medium - low - info - unknown description: Severity level of the finding status: type: string enum: - open - fixed - false_positive - duplicate - fix_in_progress - accepted_risk - triaged - out_of_scope description: Current status of the finding event: type: object additionalProperties: true description: >- Type-specific finding details. For dangling_dns: host, ip, provider (AWS). For origin_exposure: provider (Cloudflare), origin_ip, leaking_hosts. created_at: type: string format: date description: When the finding was first discovered updated_at: type: string format: date description: When the finding was last updated responses: ErrorResponse: description: Example response content: application/json: schema: type: object required: - message properties: message: type: string kind: type: string code: type: string error: type: string error_id: type: string param: type: string status: type: integer securitySchemes: X-API-Key: name: X-API-Key type: apiKey in: header ````