Exposure Surface – Endpoint

Base URL


https://api.rsch.io

Path


/api/v1/recon/exposure

Method

GET

Query Parameters

domain – Required. Root domain to query Certificate Transparency logs for,
for example indonesia.go.od.

Example Request


GET https://api.rsch.io/api/v1/recon/exposure?domain=indonesia.go.id

Example Response

Responses use the standard API envelope:


{
  "status": "success",
  "request_id": "15664aab-9fd4-4147-be98-03068056966b",
  "date": "2025-11-26 10:13:11",
  "duration": 87.0333063602448,
  "data": {
    "input": "indonesia.go.id",
    "url": "https://indonesia.go.id",
    "final_url": "https://indonesia.go.id/",
    "host": "indonesia.go.id",
    "analysis": {
      "checks": [
        {
          "path": "/.well-known/security.txt",
          "url": "https://indonesia.go.id/.well-known/security.txt",
          "category": "security_contact",
          "present": false,
          "status_code": 404,
          "status": "INFO",
          "icon": "ℹ️",
          "notes": "Endpoint not present (status 404)."
        },
        {
          "path": "/security.txt",
          "url": "https://indonesia.go.id/security.txt",
          "category": "security_contact",
          "present": false,
          "status_code": 404,
          "status": "INFO",
          "icon": "ℹ️",
          "notes": "Endpoint not present (status 404)."
        },
        {
          "path": "/.well-known/vulnerability-disclosure.txt",
          "url": "https://indonesia.go.id/.well-known/vulnerability-disclosure.txt",
          "category": "security_contact",
          "present": false,
          "status_code": 404,
          "status": "INFO",
          "icon": "ℹ️",
          "notes": "Endpoint not present (status 404)."
        }
 
        ..........
        ....................
        
      ],
      "overall_risk": "MEDIUM",
      "findings": [
        "debug endpoint /phpinfo.php is exposed with status 403 (WARN).",
        "debug endpoint /phpinfo is exposed with status 403 (WARN).",
        "debug endpoint /info.php is exposed with status 403 (WARN).",
        "debug endpoint /config.php is exposed with status 403 (WARN).",
        "debug endpoint /settings.php is exposed with status 403 (WARN).",
        "debug endpoint /.env is exposed with status 403 (WARN).",
        "debug endpoint /.git/ is exposed with status 403 (WARN).",
        "debug endpoint /adminer is exposed with status 403 (WARN).",
        "debug endpoint /adminer.php is exposed with status 403 (WARN).",
        "debug endpoint /admin/phpmyadmin is exposed with status 403 (WARN).",
        "debug endpoint /admin is exposed with status 403 (WARN).",
        "debug endpoint /admin/ is exposed with status 403 (WARN).",
        "debug endpoint /administrator is exposed with status 403 (WARN).",
        "debug endpoint /administrator/ is exposed with status 403 (WARN)."
      ]
    }
  }
}

data.items contains discovered hostnames and any resolved IPv4/IPv6 addresses.
data.count is the number of unique items returned.

On error, status will be error and the envelope includes an error field with details.