A collective awesome list of public (JSON) APIs for use in security.
The list is supported by https://alexanderjaeger.de
Learn about REST: https://github.com/marmelab/awesome-rest
Sample API used by hendryadrian.com >> https://www.hendryadrian.com/ransom/all.php
API | Description | Auth | HTTPS | Link | Free / Commercial |
---|---|---|---|---|---|
Alexa | Alexa Top Sites | apiKey | Yes | Link! | ? |
ANY.RUN | Interactive malware analysis service. | apiKey | Yes | Link! | Both, API commercial only |
BinaryEdge.io | Search Engine for internet connected devices and Honeypot Network | apiKey | Yes | Link! | Free/Commercial |
CriminalIP.io | Search Engine for internet connected devices | apiKey | Yes | Link! | Free/Commercial |
Bluecoat Site Review | URL Analysis | none | Yes | Link! | Free |
bgpmon.net | Bgp monitoring | ? | Yes | Link! | ? |
caprivacy.github.io | California Privacy Directory | None | Yes | Link! | ? |
censys.io | Free for Researchers Threat Intel | apiKey | Yes | Link! | ? |
CIRCL CVE Search | CVE Search | none | Yes | Link! | Free |
CIRCL hashlookup | File hash lookup | none | Yes | Link! | Free |
CIRCL Passive SSH | Passive SSH | ApiKey | Yes | Link! | Free for security teams |
Cloidsploit | Vuln Scanner | apiKey | Yes | Link! | Free |
CrowdStrike API | TI | apiKey | Yes | Link! | NO |
CVEAPI | API for CVE data | none | Yes | Link! | Free |
Cymon.io | Open Threat Intel | apiKey | Yes | Link! | ? |
Cybergreen | How clean is a network | apiKey | Yes | Link! | ? |
CyCAT.org | The Cybersecurity Resource Catalogue public API services. | none | Yes | Link! | Free – OpenAPI |
Domaintools | Commercial Threat Intel | apiKey | Yes | Link! | Commercial |
Dragos WorldView | ICS Threat Intelligence | apiKey | Yes | Link! | Commercial |
DShield | Internet Storm Center API | apiKey | Yes | Link! | Free |
EmailRep | Free API to query email reputation and report malicious senders | none | Yes | Link! | Free |
emergingthreats.net | Domain / IP intelligence and reputation | apiKey | Yes | Link! | ? |
Farsight DNSDB Passive DNS | Passive DNS and more | apiKey | Yes | Link! | ? |
Fireeye iSight | Commercial Threat Intel | apiKey | Yes | Link! | Commercial |
FIRST.org | Incident Response Teams API | none | Yes | Link! | ? |
Flashpoint Intel | Threat Intel | apiKey | Yes | Link! | ? |
Flexera | Vuln Management | apiKey | Yes | Link! | ? |
GreyNoise | GreyNoise is a system that collects and analyzes data on Internet-wide scanners. | apiKey | Yes | Link! | Free/Commercial |
HackerOne | Query HackerOne reports | apiKey | Yes | Link! | ? |
have i been pwned | unofficial endpoints | apiKey | Yes | Link! | ? |
Hybrid Analysis | Online Sandbox | none | Yes | Link! | Free |
IP ASN History (D4 Project – CIRCL) | IP and BGP intelligence | none | Yes | Link! | Free |
MAlshare | Malware Sharing | apiKey | Yes | Link! | ? |
Mac Vendor Lookup | Threat Intel | apiKey | Yes | Link! | ? |
MAC address API | Threat Intel | apiKey | Yes | Link! | Commercial |
Malpedia | Curated list of malware | apiKey | Yes | Link! | Free |
MalwareBazaar | Malware Sharing Service | apiKey | Yes | Link! | Free (CCO) |
MaxMind | GeoIP and More | apiKey | Yes | Link! | ? |
Microsoft Security Response Center API | Programmatic interfaces to engage with the Microsoft Security Response Center (MSRC) | None | Yes | Link! | Free |
MWDB | The MWDB system (also known as the “Malware Database”) is a repository for storing malware samples and information acquired during their analysis | apiKey | Yes | Link! | Free |
NeutrinoAPI | IP Blocklist API | apiKey | Yes | Link! | ? |
Onyphe | Search Engine for internet connected devices | apiKey | Yes | Link! | Free/Commercial |
ORKL.eu | Search Engine for intel reports | apiKey | Yes | Link! | Free (API rate limited) |
Passive Total | Threat Intel | apiKey | Yes | Link! | ? |
Pastebin | apiKey | Yes | Link! | ? | |
Phishtank | ? | Yes | Link! | ? | |
Pulsedive | Free threat intelligence platform ingesting over 50 OSINT feeds and user submissions. | apiKey | Yes | Link! | Both |
Qualys SSLLabs | Test SSL and more | apiKey | Yes | Link! | ? |
Spamhaus | Domain / IP intelligence and reputation | ? | Yes | Link! | ? |
Shadowserver Sandbox API | Sandbox | ? | Yes | Link! | Free |
Shadowserver Bintest API | This server provides a lookup mechanism to test an executable file against a list of known software applications. | ? | Yes | Link! | Free |
Shadowserver IP-BGP API | Mapping IP numbers to BGP prefixes and ASNs | ? | Yes | Link! | Free |
Shodan.io | Search Engine for internet connected devices | apiKey | Yes | Link! | Free/Commercial |
StalkPhish.io | Phishing/brand impersonation detection feed | apiKey | Yes | Link! | Free/Commercial |
Tenable | ? | ? | Yes | Link! | ? |
Team Cymru | Threat Intel | apiKey | Yes | Link! | Both |
ThreatConnect | Threat Intel / SOC platform | apiKey | Yes | Link! | Commercial |
URLhaus | abuse.ch API | apiKey | Yes | Link! | Free |
urlscan.io | Online tool to scan URLs | apiKey | Yes | Link! | Free |
Valhalla | Online repository of curated yara rules | apiKey | Yes | Link! | Commercial |
VirusTotal | VirusTotal File/URL Analysis | apiKey | Yes | Link! | ? |
vulners | vulners Vuln Database | apiKey | Yes | Link! | ? |
whoisxmlapi.com | Whois APIs | apiKey | Yes | Link! | Commercial |
Zoomeye | Search Engine for internet connected devices | apiKey | Yes | Link! | Both |
Tools
API | Description | Auth | HTTPS | Link | Free / Commercial |
---|---|---|---|---|---|
Carbon Black | Endpoint Security | apiKey | Yes | Link! | Commercial |
Cuckoo | Cuckoo Sandbox | apiKey | Yes | Link! | OpenSource |
CRITS | TI System | apiKey | Yes | Link! | ? |
CrowdStrike falcon-orchestrator | Orchestrator | apiKey | Yes | Link! | yes |
emlrender | EML file rendering tool | password | Yes | Link! | OpenSource |
FireEye | Endpoint Security | apiKey | Yes | Link! | ? |
GRR | Endpoint Incident Response tool | apiKey | Yes | Link! | OpenSource |
Kolide Fleet | osQuery fleet management | ? | Yes | Link! | OpenSource |
Lastline | Lastline Enterprise | ApiKey | Yes | Link! | Commercial |
logdissect | CLI utility and Python API for analyzing log files and other data. | ? | Yes | Link! | OpenSource |
MISP | Open Source Threat Intelligence Platform | apiKey | Yes | Link! | OpenSource |
Metadefender | MultiAV | apiKey | Yes | Link! | Commercial |
Metasploit | Exploiting | apiKey | Yes | Link! | Commercial |
Moloch | Moloch is an open source, large scale, full packet capturing, indexing, and database system. | ? | Yes | Link! | OpenSource |
OTRS | Open Ticket Relay System | apiKey | Yes | Link! | ? |
Plaso | Plaso Langar Að Safna Öllu | apiKey | Yes | Link! | OpenSource |
Recorded Future | Threat Intelligence Platform | apiKey | Yes | Link! | ? |
Request Tracker | Ticketing System | apiKey | Yes | Link! REST2 | ? |
Scot | SCOT – Sandia Cyber Omni Tracker Ticketing System | apiKey | Yes | Link! | Free |
TheHive | Security Incident Response Platform | apiKey | Yes | Link! | Free |
Viper.li | Viper malware repository API | apiKey | Yes | Link! | OpenSource |
VMRay | VMRay Sandbox | apiKey | Yes | Link! | ? |
SIEM
API | Description | Auth | HTTPS | Link | Free / Commercial |
---|---|---|---|---|---|
ArcSight | HP ArcSight API | None | No | Link! | Commercial |
AlienVault | AlienVault API | Yes | Yes | Link! | Commercial |
ELK | ELK Stack API | None | No | Link! | OpenSource |
Gravwell | Gravwell API | Yes | Yes | Link! | Community / Commercial |
Humio | Humio API | Yes | Yes | Link! | Community / Commercial |
QRadar | IBM QRadar API | None | No | Link! | Commercial |
Splunk | Splunk API | None | No | Link! | Commercial |
Various
API | Description | Auth | HTTPS | Link | Free / Commercial |
---|---|---|---|---|---|
Akamai | Akamai CDN | apiKey | Yes | Link! | Commercial |
AlienVault Open Threat Exchange (OTX) | IP/domain/URL reputation | apiKey | Yes | Link! | ? |
Check Point APIs | Check Point APIs Homepage | apiKey | Yes | Link! | Commercial |
Cisco ISE | ISE is an identity and access control policy platform | apiKey | Yes | Link! | ? |
Cisco PXGrid | Cisco Platform Exchange Grid | apiKey | Yes | Link! | ? |
Cisco Security APIs | Cisco Developer Page | “ | ? | Link! | ? |
Cisco Umbrella | Cisco Umbrella Enforcement API | apiKey | Yes | Link! | ? |
Cyphon | Open Source INcident Management tool | apiKey | Yes | Link! | ? |
F5 Bip IP | F5 application services products | apiKey | Yes | Link! | Commercial |
Google Safe Browsing | Google Link/Domain Flagging | apiKey | Yes | Link! | ? |
Metacert | Metacert Link Flagging | apiKey | Yes | Link! | ? |
Netscaler | Citrix Netscaler application delivery controller | apiKey | Yes | Link! | Commercial |
Windows Defender Advanced Threat Protection (Windows Defender ATP) | WDATP | apiKey | Yes | Link! | ? |
National Software Reference Library (NSRL) | – | apiKey | Yes | Link! | ? |
PaloAlto | PaloAlto FW API | apiKey | Yes | Link! | Commercial |
RSA Secure ID | Metacert Link Flagging | apiKey | Yes | Link! | ? |
ServiceNow | ServiceNow API | apiKey | Yes | Link! | Commercial |
Web Of Trust (WOT) | Website reputation | apiKey | Yes | Link! | ? |
Yandex Safe Browsing | Yandex Link/Domain Flagging | apiKey | Yes | Link! | ? |
Source : https://github.com/jaegeral/security-apis