{
  "name": "Vuln Scanner API",
  "version": "1.0.0",
  "description": "Passive vulnerability surface scanner — checks security headers, HTTPS, open redirects, and common misconfigurations",
  "note": "Passive surface scan only — no active exploitation",
  "endpoints": {
    "scan": "GET /vuln-scanner?url=https://example.com — Full passive vulnerability surface scan",
    "headers": "GET /vuln-scanner/headers?url=https://example.com — Security headers audit",
    "csp": "GET /vuln-scanner/csp?url=https://example.com — CSP policy analysis",
    "health": "GET /vuln-scanner/health"
  }
}