Lab 9
Level 1 - Beginner
Exposed API Docs Lab
Level 1 Recon & Enumeration simulation: learn how public API documentation can reveal internal routes and sensitive structure.
Beginner
Recon & Enumeration • 20 min
Learning Objectives
This lab is a controlled simulation only. No real backend or dangerous code execution is used.
Objective 1
Review a fake API docs listing and look for endpoints that should not be public.
Objective 2
Identify internal-style routes that expand visible attack surface.
Objective 3
Understand why documentation exposure can reveal more than intended.
Challenge Area
Use the input fields below to safely simulate the vulnerable behavior.
Sensitive API Endpoint
Fake API Documentation
/api/profile
/api/orders
/api/internal-users
Submitted endpoint: (none yet)
Result Panel
Review the fake API documentation and identify the endpoint that looks internal rather than appropriate for public exposure.
Hints
Reveal them progressively if you get stuck.
Click the hint button to reveal progressive guidance.