APIs, AI & Dev Tooling
REST, GraphQL, AI/LLM, and developer-tooling APIs commonly enumerated by bots.
62 probed paths in this category.
actuator/env
Spring Boot Actuator environment endpoint exposing configuration and environment properties
Risk: This Spring Boot endpoint dumps environment properties and configuration, frequently leaking database passwords, API keys, cloud credentials, and internal hostnames that enable lateral movement and account takeover.
Fix: Disable or restrict Actuator with management.endpoints.web.exposure.exclude, require authentication via Spring Security on the management context, bind it to a separate internal port, and mask sensitive keys with management.endpoint.env.show-values=never.
actuator/gateway/routes
Spring Boot Actuator
Risk: An exposed Spring Boot Actuator gateway endpoint reveals internal routing config and, combined with other actuator endpoints, can enable SSRF, config disclosure, or remote code execution via env/refresh manipulation.
Fix: Restrict actuator endpoints to internal access, expose only health/info, require authentication via Spring Security, and set management.endpoints.web.exposure.include to a minimal allowlist.
actuator/health
Spring Boot Actuator
Risk: Confirms a Spring Boot app and, if other actuator endpoints (env, heapdump, mappings) are unsecured, can leak environment variables, credentials, and full heap memory dumps enabling deeper compromise.
Fix: Restrict actuator endpoints with Spring Security, expose only /health with management.endpoints.web.exposure.include limited explicitly, and bind the management port to an internal interface.
actuator/heapdump
Spring Boot Actuator heap-dump endpoint that can leak credentials and secrets from memory
Risk: A Spring Boot heap dump is a snapshot of application memory; attackers mine it for plaintext passwords, session tokens, and API keys, often yielding instant authenticated access.
Fix: Disable the heapdump actuator endpoint in production, restrict /actuator to internal networks behind authentication, and expose only the minimum management endpoints needed.
actuator/logfile
Spring Boot Actuator logfile endpoint exposing the application log
Risk: Direct access to the application log can expose stack traces, user data, session tokens, SQL statements, and credentials written during normal operation, aiding reconnaissance and account compromise.
Fix: Disable the logfile endpoint in production, require authentication on Actuator, avoid pointing logging.file to a web-accessible location, and ensure sensitive data is never written to logs.
actuator/loggers
Spring Boot Actuator loggers endpoint for viewing and changing log levels at runtime
Risk: Write access to this endpoint lets an attacker change log levels at runtime, enabling DEBUG/TRACE logging that can expose request bodies, tokens, and SQL, or be used to exhaust disk and degrade the service.
Fix: Do not expose the loggers endpoint publicly; require authentication on the Actuator management context, exclude it from web exposure, and restrict POST access so log configuration cannot be altered by anonymous users.
actuator/mappings
Spring Boot Actuator mappings endpoint exposing all request mappings
Risk: This endpoint reveals every request mapping in the application, handing attackers a complete map of hidden and undocumented routes, internal APIs, and admin handlers to target next.
Fix: Exclude mappings from web exposure, secure the Actuator context behind authentication, and run management endpoints on an internal-only port unreachable from the internet.
admin/api/clusters
Pulsar Admin API
Risk: Unauthenticated access to the Pulsar admin API exposes cluster, tenant, namespace, and topic configuration and allows an attacker to create or delete namespaces, grant permissions, and read or publish to messaging topics.
Fix: Enable Pulsar authentication (JWT/TLS/OAuth2) and authorization, set superuser roles explicitly, and keep the admin (web service) port on a private network.
api-docs
API Documentation
Risk: This API documentation path (often the raw OpenAPI JSON) exposes the full endpoint and schema inventory, enabling attackers to automate discovery of unsecured operations.
Fix: Require authentication for the docs route in production or disable it entirely, and verify every listed endpoint independently enforces authentication and authorization.
api/chat
Ollama Chat API
Risk: An open Ollama chat endpoint allows unauthenticated conversational use of hosted models, leaking model identity and enabling resource exhaustion and jailbreak/prompt-injection testing against your infrastructure.
Fix: Restrict the Ollama listener to loopback or an internal network and require authentication via a proxy; enforce rate limits and per-client quotas.
api/config
API Configuration Endpoint
Risk: A configuration endpoint may return backend service URLs, feature flags, or credentials that reveal internal architecture and provide secrets an attacker can use to access dependent services.
Fix: Require authentication and authorization on config endpoints, return only the minimum client-needed values, and keep server-side secrets out of any API response.
api/embed
Ollama Embeddings API
Risk: Unauthenticated access to Ollama embeddings lets attackers consume GPU/CPU compute for free and probe model behavior, while large batch requests can be used for denial of service.
Fix: Require authentication and rate limiting in front of the embeddings endpoint and ensure the Ollama port is not reachable from the public internet.
api/generate
Ollama Text Generation API
Risk: An exposed Ollama generate endpoint lets anyone run arbitrary prompts against locally hosted models for free, exhausting GPU/CPU resources and enabling abuse such as content generation or prompt-injection probing.
Fix: Bind Ollama to localhost only or place it behind an authenticating reverse proxy with allowlisted IPs, and never expose the 11434 API port directly to the internet.
api/github/repos
GitHub Repositories API
Risk: Querying the repositories API can reveal private repo names and, with a compromised token, clone source, read Actions secrets, and push malicious commits or workflows into the supply chain.
Fix: Use fine-grained, least-privilege tokens with short expiry, enable secret scanning and push protection, and audit and revoke leaked credentials immediately.
api/graphql
GraphQL API Endpoint
Risk: This GraphQL API path exposes the same risks of schema enumeration and resource-exhausting queries, and may bypass controls applied only to the root /graphql route.
Fix: Apply identical hardening to all GraphQL routes - disable introspection, set depth and complexity limits, and enforce authentication and persisted-query allowlists consistently.
api/index.php/v1/config/application?public=true
GitLab
Risk: Probes a GitLab/Joomla-style config API that, if misconfigured, returns application settings including database credentials, secret keys, and SMTP passwords, enabling full account and infrastructure takeover.
Fix: Patch to a fixed version, ensure config API endpoints require authentication, and remove or restrict any debug/config-dump routes; rotate any secrets that may have been exposed.
api/internal/config
Internal Configuration API
Risk: An internal config endpoint reachable externally can dump application settings, connection strings, and secret keys, or allow runtime reconfiguration that weakens security controls.
Fix: Bind internal endpoints to loopback or a private network, enforce authentication, and never expose configuration values through any externally routable path.
api/models
Ollama Models List API
Risk: Enumerates every model installed in the Ollama instance, fingerprinting the deployment and revealing which custom or proprietary models are available for further abuse.
Fix: Do not expose the Ollama API publicly; gate the models listing behind authentication and network ACLs so unauthenticated clients cannot enumerate inventory.
api/pull
Ollama Model Download API
Risk: An open Ollama pull endpoint lets attackers force the server to download arbitrary large models, filling disk and consuming bandwidth, or stage malicious model files for later use.
Fix: Disable or authenticate the pull endpoint, restrict outbound model registry access, and keep the Ollama API bound to localhost or an internal network.
api/v1/admin/users
Admin User Management API
Risk: If this admin API lacks proper authorization, an attacker can enumerate, create, modify, or delete user accounts and escalate privileges to full administrative control.
Fix: Require admin-level authentication plus server-side authorization on every method, restrict access by network or role, and log all administrative user changes.
api/v1/airflow/dags
Apache Airflow DAGs API
Risk: Exposing the DAGs API lets an attacker trigger, pause, or inspect workflow definitions and may reveal connection objects containing database and cloud credentials, enabling arbitrary code execution via crafted DAG runs on worker nodes.
Fix: Require authentication on the Airflow REST API, set a strong webserver secret_key, store credentials in a secrets backend rather than the metadata DB, and restrict the webserver to an internal network.
api/v1/grafana/dashboards
Grafana Dashboards API
Risk: Exposed Grafana dashboards reveal datasource names, internal queries, and infrastructure details, and unauthenticated instances are prone to path-traversal and SSRF flaws that read local files or pivot to backends.
Fix: Disable anonymous access, enforce strong admin credentials with SSO, keep Grafana patched against datasource/proxy CVEs, and restrict network exposure.
api/v1/hasura/metadata
Hasura Metadata API
Risk: An unprotected Hasura metadata endpoint lets an attacker read the full GraphQL schema, permissions, and remote/event configurations, and if the admin secret leaks, rewrite permissions to expose all underlying database tables.
Fix: Set a strong `HASURA_GRAPHQL_ADMIN_SECRET`, disable the console and metadata APIs in production, and restrict the metadata/admin endpoints to internal networks only.
api/v1/inference
Hugging Face Inference API
Risk: An open Hugging Face inference endpoint allows attackers to run arbitrary prompts against hosted models, incurring compute cost, extracting training data via inversion, or abusing the model for prohibited content.
Fix: Gate inference behind per-token authentication and quotas, enforce rate limits and input size caps, and log requests to detect abuse and model-extraction patterns.
api/v1/jenkins/job/build
Jenkins Build API
Risk: An unauthenticated build-trigger endpoint lets an attacker run arbitrary pipeline jobs, and combined with the Jenkins script console or Groovy build steps this leads to remote code execution on the controller and access to stored CI credentials.
Fix: Enable Jenkins security with matrix/role-based authorization, require authenticated CSRF-protected build triggers, and isolate the controller from the public internet.
api/v1/kafka/topics
Apache Kafka Topics API
Risk: Listing Kafka topics without authentication lets an attacker map the data architecture and, if the brokers lack ACLs, consume sensitive event streams or produce forged messages that downstream consumers trust.
Fix: Enable SASL/SSL authentication and topic-level ACLs on the brokers, disable plaintext listeners, and never expose broker or admin ports directly to the internet.
api/v1/llm/chat
Large Language Model Chat API
Risk: An unauthenticated LLM chat endpoint can be abused for prompt injection, system-prompt extraction, jailbreaking, and quota theft that runs up provider token bills.
Fix: Gate the endpoint behind authentication and per-user rate/token limits, strip or pin the system prompt server-side, and apply input/output content filtering.
api/v1/ml/models
Machine Learning Models API
Risk: An exposed model registry lets an attacker enumerate model names, versions, and architectures, then download proprietary weights or replace a model artifact to poison downstream predictions.
Fix: Require authenticated, role-scoped access to the registry and serve models from object storage with signed, short-lived URLs rather than open listing endpoints.
api/v1/ml/predict
ML Model Prediction Endpoint
Risk: An open inference endpoint enables model-extraction and membership-inference attacks via crafted queries, plus cost amplification and denial of service from unbounded prediction calls.
Fix: Enforce API-key or token auth with per-client rate limits and input-size caps, and validate/normalize payloads before they reach the model.
api/v1/prometheus/query
Prometheus Query API
Risk: Open Prometheus query access leaks internal metrics, hostnames, service topology, and label values that map the environment, and supports resource-exhausting queries that degrade monitoring.
Fix: Require authentication via a reverse proxy, bind Prometheus to internal networks only, and enforce query limits to prevent expensive range scans.
api/v1/spark/applications
Apache Spark Applications API
Risk: An exposed Spark application/REST API permits an attacker to submit arbitrary jobs that execute code on the cluster, a well-known vector (CVE-2022-33891 and the Spark REST submission API) for full worker-node compromise and cryptomining.
Fix: Disable the standalone REST submission server unless required, enable Spark authentication (spark.authenticate) and ACLs, run on YARN/Kubernetes with proper RBAC, and firewall the master and UI ports.
api/v2/models
Hugging Face Models API
Risk: A Hugging Face models listing endpoint can reveal private or fine-tuned model names, versions, and metadata, exposing proprietary model inventory and aiding targeted attacks on specific models.
Fix: Require authenticated API tokens with scoped permissions to list models, and filter responses so private model metadata is never returned to unauthenticated callers.
api/v4/gitlab/projects
GitLab Projects API
Risk: Access to the GitLab projects API exposes repository metadata and, with a leaked token, source code, CI/CD variables, and pipeline secrets that enable supply-chain compromise of build artifacts.
Fix: Disable public project visibility where not required, scope and rotate personal/CI access tokens, and enforce authentication plus IP allow-listing on the API.
api/version
API Version Information
Risk: An API version endpoint discloses the exact application or framework version, letting attackers look up and target known CVEs for that specific release.
Fix: Remove version disclosure from public responses, or return a generic identifier, and ensure components are patched so any leaked version does not map to known exploits.
artifactory/api/repositories
JFrog Artifactory Repositories API
Risk: An exposed Artifactory repositories API enumerates build artifacts and, with anonymous or weak access, lets an attacker download proprietary binaries or upload poisoned packages consumed downstream by builds.
Fix: Disable anonymous access, enforce permission-target RBAC with named tokens, enable repository-level access logging, and require signed/verified artifacts in build pipelines.
bitbucket/api/2.0/repositories
Bitbucket Repositories API
Risk: The Bitbucket repositories API can enumerate workspace projects and, with stolen app passwords or tokens, expose source code and pipeline configuration enabling code tampering and credential theft.
Fix: Restrict repositories to private, issue scoped app passwords/OAuth tokens with minimal permissions, and enforce 2FA and IP allow-listing on API access.
elastic/api/_cluster/health
Elasticsearch Cluster Health API
Risk: An open Elasticsearch cluster API discloses node and shard topology and signals an unauthenticated cluster, allowing an attacker to read, modify, or delete indexed data and trigger ransom wipes.
Fix: Enable the security features (authentication and TLS), bind to private interfaces, and place the cluster behind a network policy or authenticated gateway.
flink/overview
Apache Flink Dashboard
Risk: The Flink dashboard allows uploading and running arbitrary JAR files, so unauthenticated access gives an attacker direct remote code execution on the JobManager and TaskManagers, commonly abused for cryptominers.
Fix: Place the Flink web UI behind an authenticating reverse proxy, disable jar upload (web.submit.enable: false) in production, and bind the dashboard to localhost or an internal network only.
graphiql
GraphQL IDE
Risk: An exposed GraphiQL IDE gives attackers an interactive console to explore the schema and run arbitrary queries and mutations against the live API.
Fix: Disable the GraphiQL interface entirely in production environments, or restrict it to authenticated internal users behind a VPN or IP allowlist.
graphql
GraphQL API Endpoint
Risk: An exposed GraphQL endpoint with introspection enabled lets attackers map the entire schema, then craft deeply nested or batched queries to exfiltrate data or cause denial of service.
Fix: Disable introspection in production, enforce query depth/complexity limits and cost analysis, and require authentication plus field-level authorization on all resolvers.
Jenkinsfile
Jenkins pipeline definition file that can reveal build secrets and infrastructure
Risk: Exposes CI/CD pipeline logic that can reveal credential IDs, internal hostnames, deployment targets, and build steps, providing an attacker a roadmap to the build infrastructure and supply chain.
Fix: Avoid serving repository files from the web root, reference secrets via Jenkins credentials bindings rather than inline values, and restrict repository and Jenkins access to authorized users.
jupyter/tree
Jupyter Notebook Server
Risk: An unauthenticated Jupyter server grants arbitrary Python code execution on the host, giving the attacker a shell, access to mounted data, and any cloud credentials available to the kernel process.
Fix: Require a token or password, bind the server to localhost behind an authenticated proxy, and disable terminal/kernel spawning for untrusted users.
kibana/api/status
Kibana Status API
Risk: The status endpoint reveals the exact Kibana and plugin versions, letting an attacker fingerprint the stack and target known Kibana RCE and prototype-pollution vulnerabilities.
Fix: Require authentication on Kibana, restrict it to internal access behind a proxy, and keep both Kibana and Elasticsearch on patched versions.
ksqldb/query
ksqlDB Query API
Risk: An open ksqlDB query endpoint lets an attacker run arbitrary SQL against streaming data, creating or dropping streams and tables and exfiltrating records from the underlying Kafka topics.
Fix: Front ksqlDB with HTTPS and authentication, configure Kafka ACLs for the ksqlDB service principal, and restrict the REST listener to trusted internal clients.
metrics
Prometheus Metrics Endpoint
Risk: An exposed Prometheus metrics endpoint leaks internal hostnames, route names, request volumes, error rates, and library versions that help attackers fingerprint the stack and plan timing or DoS attacks.
Fix: Bind the metrics endpoint to an internal interface or scrape network only, and place it behind authentication or an IP allowlist so it is never reachable from the public internet.
mlflow/api/2.0/mlflow/experiments/list
MLflow Experiments API
Risk: An open MLflow API exposes all experiments, run parameters, and artifact paths, and unauthenticated MLflow has known LFI/RCE issues allowing arbitrary file read and code execution.
Fix: Front MLflow with an authenticating proxy, disable anonymous artifact access, restrict artifact stores to trusted paths, and upgrade past known CVE-affected versions.
nexus/service/rest/v1/repositories
Nexus Repository Manager API
Risk: An attacker enumerates hosted and proxy repositories and, if anonymous access or default admin/admin123 credentials are active, can pull private artifacts, poison build dependencies, or upload malicious packages consumed by downstream CI pipelines.
Fix: Disable anonymous access, rotate the default nexus admin credentials, enforce role-based content selectors on each repository, and place the Nexus instance behind a VPN or IP allowlist rather than the public internet.
notebooks/api/kernels
Jupyter Kernel Management API
Risk: Access to the kernel API lets an attacker start kernels and execute arbitrary code in the notebook server's context, achieving full remote code execution and lateral movement.
Fix: Protect the API with token authentication, restrict it to localhost or an authenticated gateway, and run kernels in sandboxed, least-privilege containers.
openapi.json
OpenAPI Specification
Risk: The machine-readable OpenAPI document exposes every route, request/response schema, and security definition, letting attackers auto-generate fuzzing and enumeration tooling against undocumented or admin endpoints.
Fix: Do not serve the spec publicly in production; gate it behind auth or generate it only at build time, and strip internal-only endpoints before publishing.
playground
GraphQL Playground
Risk: A GraphQL Playground interface provides attackers a ready UI for crafting and replaying queries and mutations against backend data without writing tooling.
Fix: Remove or disable GraphQL Playground in production builds and ensure the endpoint returns 404 to unauthenticated requests.
prefect/api/flows
Prefect Workflow API
Risk: Open access to the Prefect API allows an attacker to list and run flow deployments, read flow run parameters and logs, and access blocks that often hold cloud and database secrets, leading to remote code execution on agents/workers.
Fix: Enable Prefect Cloud/Server authentication with API keys, scope workspace roles tightly, encrypt and restrict access to secret blocks, and keep the API server off the public internet.
redoc
ReDoc API Documentation
Risk: A live ReDoc UI renders the full OpenAPI spec, handing attackers a complete map of every endpoint, parameter, and auth scheme to target, plus any example payloads or internal hostnames embedded in the spec.
Fix: Disable ReDoc and other doc UIs in production, or place them behind authentication and network restrictions so only internal users can reach them.
schema.json
JSON Schema
Risk: A JSON Schema reveals expected field names, types, and validation constraints, helping attackers craft inputs that bypass validation or probe for fields the UI does not expose.
Fix: Avoid serving schema files from public web roots, and ensure validation is enforced server-side regardless of what the schema discloses.
sonarqube/api/projects/search
SonarQube Projects API
Risk: The SonarQube projects search reveals analyzed codebase names and structure, and a default admin/admin login or leaked token grants access to source snippets, security hotspots, and unpatched-vulnerability details that aid targeted exploitation.
Fix: Change the default admin credentials, disable anonymous access (force authentication), scope analysis tokens narrowly, and keep the instance off the public internet.
streamlit/health
Streamlit Application Health Check
Risk: A reachable health endpoint confirms a Streamlit app is running and its version, which scanners use to fingerprint the stack and target known Streamlit file-access or websocket vulnerabilities.
Fix: Place the app behind authentication and a reverse proxy, restrict the health path to internal monitoring networks, and keep Streamlit patched to the current release.
swagger
Swagger API Documentation
Risk: An exposed Swagger/OpenAPI specification reveals every API route, parameter, and model, giving attackers a complete map for testing authorization gaps and injection points.
Fix: Disable Swagger spec generation in production or require authentication to access it, and ensure documented endpoints enforce authorization independently of the docs.
swagger-ui
Swagger UI Documentation Interface
Risk: The Swagger UI provides an interactive interface to invoke documented API endpoints directly, letting attackers probe and exploit operations without building their own client.
Fix: Remove Swagger UI from production deployments or place it behind authentication and an IP allowlist, and never embed live API credentials in the UI configuration.
v1/chat/completions
OpenAI Chat Completions API
Risk: An exposed OpenAI-compatible chat endpoint with an embedded API key allows attackers to run completions on your billing account, racking up unbounded charges and exfiltrating the key for reuse.
Fix: Keep API keys server-side only, proxy LLM calls through an authenticated backend with spend caps and rate limits, and never expose provider endpoints or keys to clients.
v1/completions
OpenAI Completions API
Risk: A reachable legacy OpenAI completions endpoint backed by your credentials lets an attacker generate text on your dime and confirm a valid, usable API key for resale.
Fix: Front all completion calls with an authenticated gateway, store keys in a secret manager, and set hard usage and budget limits on the provider account.
v1/embeddings
OpenAI Embeddings API
Risk: An exposed OpenAI-compatible embeddings endpoint tied to your key lets attackers generate embeddings at your expense and validate the key, enabling cost abuse and data inference attacks.
Fix: Proxy embedding requests through an authenticated service with per-user quotas, keep keys server-side, and monitor the provider account for anomalous usage.
v1/messages
Anthropic Claude Messages API
Risk: A reachable Anthropic Messages endpoint carrying your API key allows attackers to run Claude completions on your account, incurring charges and exfiltrating the key for continued unauthorized use.
Fix: Never embed the Anthropic key client-side; route requests through an authenticated backend with rate limits and spend alerts, and rotate any key that may have been exposed.
v1/models
OpenAI Models API
Risk: Lists the models accessible to the bound API key, confirming the key is valid and revealing which paid or fine-tuned models the account can reach for targeted abuse.
Fix: Do not expose the provider API directly; require authentication on any proxy and rotate keys immediately if a models listing is reachable without auth.