Add documentation site using mdBook with GitHub Pages deployment

- User manual covering OpenAPI scan, SOAP scan, API discovery,
  and JSON to YAML converter
- 28 annotated screenshots from the product
- GitHub Actions workflow for automated mdBook build and deploy
- Documentation link added to README

Author: CSPF-Founder

.github/workflows/docs.yml

@@ -0,0 +1,55 @@
+name: Deploy docs
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'docs/**'
+      - '.github/workflows/docs.yml'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: pages
+  cancel-in-progress: false
+
+env:
+  MDBOOK_VERSION: 0.5.2
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install mdBook
+        run: |
+          mkdir -p $HOME/.local/bin
+          curl -sSL "https://github.com/rust-lang/mdBook/releases/download/v${MDBOOK_VERSION}/mdbook-v${MDBOOK_VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar -xz -C $HOME/.local/bin
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      - name: Setup Pages
+        uses: actions/configure-pages@v5
+
+      - name: Build documentation
+        run: mdbook build docs
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v4
+        with:
+          path: ./docs/book
+
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

README.md

@@ -134,6 +134,10 @@ docker compose ps
 
 **Database connection errors:** Wait 30-60 seconds after first start for databases to initialize.
 
+## Documentation
+
+Full user manual: [https://cysecurity.github.io/api-scanner/](https://cysecurity.github.io/api-scanner/)
+
 ## License
 
 Proprietary. See LICENSE file for details.

docs/.gitignore

@@ -0,0 +1 @@
+book/

docs/book.toml

@@ -0,0 +1,11 @@
+[book]
+title = "API Scanner"
+description = "User manual for API Scanner"
+authors = ["CySecurity"]
+language = "en"
+
+[output.html]
+site-url = "/api-scanner/"
+default-theme = "light"
+preferred-dark-theme = "navy"
+git-repository-url = "https://github.com/cysecurity/api-scanner"

docs/src/README.md

@@ -0,0 +1,17 @@
+# API Scanner
+
+API Scanner is an automated security testing tool that scans REST and SOAP APIs for vulnerabilities using OpenAPI/Swagger specifications and WSDL files.
+
+## Features
+
+- **[OpenAPI Scan](openapi-scan.md)** - Upload an OpenAPI spec (JSON/YAML) to scan REST API endpoints for security vulnerabilities. Supports unauthenticated and authenticated scans with Basic, Bearer, or API key authentication.
+
+- **[SOAP Scan](soap-scan.md)** - Upload a WSDL/XML file to scan SOAP web service operations. Supports Basic, Bearer, API key, and WS-Security authentication.
+
+- **[API Discovery](api-discovery.md)** - Scan a target URL to automatically discover API endpoints, OpenAPI/Swagger definitions, GraphQL endpoints, and health check paths.
+
+- **[JSON to YAML Converter](json-to-yaml.md)** - Convert OpenAPI specification files from JSON to YAML format.
+
+## Getting Started
+
+See the [Getting Started](getting-started.md) guide to access the web panel and log in.

docs/src/SUMMARY.md

@@ -0,0 +1,9 @@
+# Summary
+
+[Introduction](README.md)
+
+- [Getting Started](getting-started.md)
+- [OpenAPI Scan](openapi-scan.md)
+- [SOAP Scan](soap-scan.md)
+- [API Discovery](api-discovery.md)
+- [OpenAPI JSON to YAML Converter](json-to-yaml.md)

docs/src/api-discovery.md

@@ -0,0 +1,53 @@
+# API Discovery
+
+API Discovery scans a target URL to automatically identify available API endpoints. It detects OpenAPI/Swagger definitions, GraphQL endpoints, health check paths, and other commonly used API routes. Discovered API specifications can then be used to run security scans.
+
+## Starting a Discovery
+
+From the sidebar, click **Discover API Endpoint**. If no discoveries exist, click **Start First Discovery**. Otherwise, click **New Discovery** in the top-right corner.
+
+![First discovery page](images/discovery-first-scan.png)
+
+Enter the target URL and click **Start Discovery**.
+
+![New discovery form](images/discovery-new-scan.png)
+
+## Viewing Discoveries
+
+Click **Discover API Endpoint** in the sidebar to view all discovery runs.
+
+![Discovery list](images/discovery-scan-list.png)
+
+Each row shows:
+
+| Column | Description |
+|--------|-------------|
+| **Target URL** | The URL that was scanned for API endpoints |
+| **Status** | In progress, completed, failed, or stopped |
+| **Discoveries** | Number of endpoints discovered |
+| **Created** | Date and time the discovery was created |
+| **Actions** | Report, View Results, Delete |
+
+## Report
+
+Download discovered endpoints in document format.
+
+![Discovery report](images/discovery-report.png)
+
+## Scan Results
+
+Click **View Results** to view detected APIs, discovered endpoints, and any scan results found at those endpoints.
+
+![Discovery alerts](images/discovery-alerts.png)
+
+### Discovered Endpoints
+
+Click **View Discovered Endpoints** in the detected APIs section to see all endpoints found by scanning common API paths.
+
+![Discovered endpoints](images/discovery-endpoints.png)
+
+## Deleting a Discovery
+
+Click the **Delete** icon to remove a discovery entry.
+
+![Delete discovery](images/discovery-delete-scan.png)

docs/src/getting-started.md

@@ -0,0 +1,24 @@
+# Getting Started
+
+## Accessing the Panel
+
+Open a browser and navigate to:
+
+```
+https://<your-host>:4455
+```
+
+> [!NOTE]
+> If using a self-signed certificate, your browser will show a security warning. Accept it to proceed.
+
+## First-Time Setup
+
+On first access, you will be prompted to create an account. Enter a username, a password (minimum 10 characters), and confirm the password, then click **Create**.
+
+![Create user](images/create-user.png)
+
+## Login
+
+After the account is created, enter your username and password to log in.
+
+![Login page](images/login.png)