Once your pentest or custom task is complete, you will want to review the results. This guide explains how to access structured pentest reports, browse individual evidence files, and download complete evidence archives for your records.
Understanding Available Artifacts
When a pentest finishes, the system generates several types of artifacts. You can interact with these depending on whether you need a high-level summary or deep technical evidence.
flowchart TD
A["Completed Pentest"] --> B["Structured Report"]
A --> C["Evidence Files"]
A --> D["Full Archive Download"]
C --> E["List Directory"]
C --> F["View Specific File"]Viewing Pentest Reports
The structured report contains the finalized data, findings, and summaries from your pentest.
To retrieve the report data, make a GET request to the report endpoint using your pentest_id:
curl -X GET "https://api.studio.example.com/pentests/YOUR_PENTEST_ID/report-data"
-H "Authorization: Bearer YOUR_TOKEN"The report data is returned as structured JSON, making it easy to parse and integrate into your own internal dashboards or ticketing systems.
Browsing Evidence Files
During a pentest, various evidence files (like logs, raw outputs, and screenshots) are collected. You can browse and read these files directly without downloading the entire archive.
- 1
List available files
First, list the files generated by the pentest. You can optionally include a
pathparameter to filter the results to a specific directory.curl -X GET "https://api.studio.example.com/pentests/YOUR_PENTEST_ID/files?path=optional/sub/folder" -H "Authorization: Bearer YOUR_TOKEN" - 2
Locate your target file
Review the JSON response to find the exact
file_pathof the evidence document you want to view. - 3
Retrieve the file contents
Request the specific file using its path. The API automatically handles both plain text and JSON formats, returning the appropriate content type.
curl -X GET "https://api.studio.example.com/api/v1/pentests/YOUR_PENTEST_ID/files/YOUR_FILE_PATH" -H "Authorization: Bearer YOUR_TOKEN" -H "X-Target-Server: YOUR_TARGET"
If a file cannot be found or an error occurs, the system will return a clear HTTP status code (e.g., HTTP 404) along with error details in JSON format.
Downloading Evidence Archives
If you prefer to keep a local copy of all evidence, or if you are working with a standalone custom task, you can download a complete evidence archive.
The system provides separate endpoints for downloading pentest archives and custom task archives.
Generating a Download URL
To download an archive, you first request a secure download URL.
For a Pentest:
curl -X GET "https://api.studio.example.com/api/pentests/YOUR_PENTEST_ID/download"
-H "Authorization: Bearer YOUR_TOKEN"
-H "X-Target-Server: YOUR_TARGET"For a Custom Task:
curl -X GET "https://api.studio.example.com/api/tasks/YOUR_TASK_ID/download"
-H "Authorization: Bearer YOUR_TOKEN"
-H "X-Target-Server: YOUR_TARGET"Required Headers: When accessing the download URLs or specific file contents, you must include both your Authorization: Bearer <token> header and the X-Target-Server header to route your request correctly.
Endpoint Summary Reference
| Action | Endpoint | Description |
|---|---|---|
| Get Report | GET /pentests/{id}/report-data | Retrieves the structured final report for a pentest. |
| List Files | GET /pentests/{id}/files | Lists evidence files. Accepts an optional path query parameter. |
| Get File | GET /api/v1/pentests/{id}/files/{path} | Retrieves the contents of a specific evidence file. |
| Download Pentest | GET /api/pentests/{id}/download | Generates a download URL for a full pentest archive. |
| Download Task | GET /api/tasks/{id}/download | Generates a download URL for a custom task archive. |
Frequently Asked Questions
What formats are supported for individual evidence files?
The Get File endpoint automatically handles both application/json and plain text formats. If you request a JSON file, it will be returned as properly formatted JSON. Other readable files will be returned as plain text.
Can I download evidence for a task that is still running?
No. Evidence archives and final reports are only compiled and made available once the pentest or custom task has fully completed or has been cancelled/closed.
