Documentation & API
Everything you need to integrate WebAudit Pro into your CI/CD pipelines or understand our audit methodology.
Audit Methodology
WebAudit Pro performs 100% passive security scanning. This means we do not send malicious payloads, attempt to bypass authentication, or stress-test your infrastructure. We rely on public records, DNS queries, TLS handshakes, and HTTP response headers.
- Headers: Checks for missing CSP, HSTS, X-Frame-Options, etc.
- TLS/SSL: Validates certificate chains, expiry, and weak cipher suites.
- DNS: Verifies SPF, DMARC, and DNSSEC records.
- Reputation: Cross-references IPs against Shodan and VirusTotal datasets.
REST API (Beta)
You can programmatically trigger audits using our REST endpoints. Rate limits apply to unauthenticated requests.
1. Start a Scan
POST /api/audit/start
Content-Type: application/json
{ "url": "https://example.com", "depth": "STANDARD" }
Content-Type: application/json
{ "url": "https://example.com", "depth": "STANDARD" }
Returns a scanId which you can use to stream or poll results.
2. Fetch Results
GET /api/audit/[scanId]
Returns the complete JSON report once the scan status is COMPLETE.