Patronus API

The Patronus API Developer Hub

Welcome to the Patronus API developer hub. You'll find comprehensive guides and documentation to help you start working with our pentest module as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    API Reference

Scan Configuration

You can configure the following parameters:


API-Key Name

The name of the API-Key (can arbitrarily chosen)


The host or start-URL you want the crawler to start at.

This needs to be a full URL including the protocol.


Requests per Minute

The number of requests per minute our services are allowed to send towards your hosts.

Default: 1000


If you want to run tests behind a login-wall as well, you can provide the API with information about your login-forms.

Login Domain

The domain on which your login form is located at.


Login Path

The path on the domain where you login form is located at.

Example: /login.php

Login HTML Form Action

If your login forms action-URL is not the same as the URL the form itself is on, please enable this and enter the path to the forms action URL.

Example: /login-perform.php

Login Data

This is the actual login data that will be sent via the login form. This needs to be a JSON-object with the keys being the form's field-names and their values being the actual value you would enter in the fields.


  "username": "example-user",
  "password-field": "secret-password",
  "additional-fields-name": "additional-fields-value"

Login Noncer

If your login form uses a CSRF-token (numeric or something similar) to protect your website you can pass the fields name here and not include it in the login-data-setting.

Before sending the login-data we will then open the site where the login-form is located at and extract the value that was provided in the field with the given name before submitting the login form.

Example: user_token

Login Check

The data provided in this field will be used to validate if the login was successful.

You can pass the following data:

Select the HTTP-Method that can be use to make a request to the given path.

Example: GET

The path that can be requested to check if the login was successful.

Example: /admin-dashboard.php

The expected status code when requesting this endpoint when the login is successful.

Example: 200

Regex (optional):
A regex run against the response of the request to check if the login was successful.

Example: logout

Login Fallback

This path will be used if the login-form does not redirect you to a site that is only visible to logged-in users.

Example: /admin-dashboard.php

Testing a Single-Page Application?

If you want to test a web application that is based on a javascript framework like REACT, please select the crawler type: Javascript (currently in BETA).

If you have questions regarding the settings, please get in touch via

Scan Configuration

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.