AppSafe API

Security scanning as an API — built for AI agents, DevOps pipelines, and automated security audits.

🤖

Add AppSafe to Your Agent

Copy the prompt below and paste it into your AI agent (OpenClaw, Claude, GPT, Cursor, etc.) to add security scanning capabilities.

Read the AppSafe API documentation at https://appsafe.llmvps.com/api-docs and use it to implement a security scanning tool. The API lets you scan any IP address, domain, or URL for open ports, services, vulnerabilities, and security misconfigurations. It returns structured findings with severity levels (critical/high/medium/low/info), risk scores (0-100), CWE references, and actionable remediation commands. Available scan profiles: quick (fastest, custom ports only), fast (top 100 ports), standard (top 1000 + service detection), intense (all 65535 ports + OS detection), deep (all ports + vulnerability scripts). You can pass a custom list of specific ports to scan for maximum speed and efficiency. Create a reusable tool or skill that I can use to scan any target on demand.

⚡ Agent Quick Start

# 1. Start scan
SCAN_ID=$(curl -s -X POST https://appsafe.llmvps.com/scan \
  -H 'Content-Type: application/json' \
  -d '{"target":"YOUR_IP","profile":"quick","ports":[22,80,443]}' | jq -r .scan_id)

# 2. Poll until complete
curl -s https://appsafe.llmvps.com/scan/$SCAN_ID

# 3. Response includes: risk_score, findings by severity, remediation commands
Base URL
https://appsafe.llmvps.com

Authentication

API keys are optional by default. When API key authentication is enabled, include your key in the X-API-Key header.

# Generate a new API key
python main.py generate-key your-key-name

# Use in requests
curl -H "X-API-Key: your-api-key-here" https://appsafe.llmvps.com/scan/abc123

Scan Profiles

quick

Top 10 ports

~1 second

fast

Top 100 ports

~5 seconds

standard

Top 1000 ports + services

~30 seconds

intense

All 65535 ports + OS

~5 minutes

deep

Comprehensive + vulnerabilities

~10 minutes

Endpoints

POST /scan

Start a new security scan

Request Body
Field Type Required Description
target string Yes IP, domain, or URL to scan
profile string No Scan profile (default: fast)
ports array No Custom port list (max 1000) 
# Targeted scan
curl -X POST https://appsafe.llmvps.com/scan \
  -H 'Content-Type: application/json' \
  -d '{"target":"192.168.1.1","profile":"quick","ports":[22,80,443]}'

# Deep scan
curl -X POST https://appsafe.llmvps.com/scan \
  -H 'Content-Type: application/json' \
  -d '{"target":"example.com","profile":"deep"}'
GET /scan/{scan_id}

Get scan status and results

# Response
{
  "status": "completed",
  "target": "example.com",
  "profile": "quick",
  "risk_score": 42,
  "findings": [
    {
      "severity": "medium",
      "title": "Outdated TLS version",
      "description": "Server supports TLS 1.0",
      "remediation": "Disable TLS 1.0 and 1.1, enable only TLS 1.2+",
      "cwe": "326"
    }
  ],
  "data": {
    "resolved_ip": "93.184.216.34",
    "network": [...],
    "web": {...}
  }
}
GET /scan/{scan_id}/stream

Server-Sent Events stream for real-time progress updates

curl -N https://appsafe.llmvps.com/scan/abc123/stream

# SSE events:
data: {"phase":"port_scan","overall_progress":45,"current_activity":"Scanning port 443"}
GET /report/{scan_id}

Download PDF report for completed scan

GET /health

Health check and API version

{
  "status": "healthy",
  "version": "2.1.0",
  "profiles": ["quick", "fast", "standard", "intense", "deep"]
}

Findings & Risk Scoring

Severity Score Weight Examples
Critical 25 points Unencrypted admin ports, default credentials
High 15 points Outdated SSL/TLS, missing security headers
Medium 8 points Weak cipher suites, verbose error messages
Low 3 points Minor misconfigurations, information disclosure
Info 0 points General observations, no security impact

DevOps Integration

Use AppSafe as a pre-deploy security gate in your CI/CD pipeline:

#!/bin/bash
# Pre-deploy security gate

# Get currently running services
PORTS=$(netstat -tuln | grep LISTEN | awk '{print $4}' | cut -d':' -f2 | sort -u | tr '\n' ',' | sed 's/,$//')

# Scan localhost
SCAN_ID=$(curl -s -X POST https://appsafe.llmvps.com/scan \
  -H 'Content-Type: application/json' \
  -d "{\"target\":\"localhost\",\"profile\":\"fast\",\"ports\":[$PORTS]}" | jq -r .scan_id)

# Wait for completion
while true; do
  STATUS=$(curl -s https://appsafe.llmvps.com/scan/$SCAN_ID | jq -r .status)
  [ "$STATUS" = "completed" ] && break
  sleep 2
done

# Check risk score
RISK=$(curl -s https://appsafe.llmvps.com/scan/$SCAN_ID | jq -r .risk_score)
if [ "$RISK" -gt 50 ]; then
  echo "❌ Security gate failed: Risk score $RISK exceeds threshold"
  exit 1
fi

echo "✅ Security gate passed: Risk score $RISK"

Use Cases

🔄 CI/CD Gates

Automated security checks before deployment

📅 Scheduled Audits

Regular scans via cron or task scheduler

🤖 AI Agents

MCP/function calling for autonomous security audits

📋 Compliance

Evidence collection for audit trails