A collective awesome list of public (JSON) APIs for use in security.
The list is supported by https://alexanderjaeger.de
Learn about REST: https://github.com/marmelab/awesome-rest
Thanks to all contributors, you're awesome and wouldn't be possible without you! The goal is to build a categorized community-driven collection of APIs relevant for security people.
API | Description | Auth | HTTPS | Link | Free / Commercial |
---|---|---|---|---|---|
Alexa | Alexa Top Sites | apiKey |
Yes | Link! | ? |
ANY.RUN | Interactive malware analysis service. | apiKey |
Yes | Link! | Both, API commercial only |
BinaryEdge.io | Search Engine for internet connected devices and Honeypot Network | apiKey |
Yes | Link! | Free/Commercial |
CriminalIP.io | Search Engine for internet connected devices | apiKey |
Yes | Link! | Free/Commercial |
Bluecoat Site Review | URL Analysis | none |
Yes | Link! | Free |
bgpmon.net | Bgp monitoring | ? |
Yes | Link! | ? |
caprivacy.github.io | California Privacy Directory | None | Yes | Link! | ? |
censys.io | Free for Researchers Threat Intel | apiKey |
Yes | Link! | ? |
CIRCL CVE Search | CVE Search | none |
Yes | Link! | Free |
CIRCL hashlookup | File hash lookup | none |
Yes | Link! | Free |
CIRCL Passive SSH | Passive SSH | ApiKey |
Yes | Link! | Free for security teams |
Cloidsploit | Vuln Scanner | apiKey |
Yes | Link! | Free |
CrowdStrike API | TI | apiKey |
Yes | Link! | NO |
CVEAPI | API for CVE data | none |
Yes | Link! | Free |
Cymon.io | Open Threat Intel | apiKey |
Yes | Link! | ? |
Cybergreen | How clean is a network | apiKey |
Yes | Link! | ? |
CyCAT.org | The Cybersecurity Resource Catalogue public API services. | none |
Yes | Link! | Free - OpenAPI |
Domaintools | Commercial Threat Intel | apiKey |
Yes | Link! | Commercial |
Dragos WorldView | ICS Threat Intelligence | apiKey |
Yes | Link! | Commercial |
DShield | Internet Storm Center API | apiKey |
Yes | Link! | Free |
EmailRep | Free API to query email reputation and report malicious senders | none | Yes | Link! | Free |
emergingthreats.net | Domain / IP intelligence and reputation | apiKey |
Yes | Link! | ? |
Farsight DNSDB Passive DNS | Passive DNS and more | apiKey |
Yes | Link! | ? |
Fireeye iSight | Commercial Threat Intel | apiKey |
Yes | Link! | Commercial |
FIRST.org | Incident Response Teams API | none |
Yes | Link! | ? |
Flashpoint Intel | Threat Intel | apiKey |
Yes | Link! | ? |
Flexera | Vuln Management | apiKey |
Yes | Link! | ? |
GreyNoise | GreyNoise is a system that collects and analyzes data on Internet-wide scanners. | apiKey |
Yes | Link! | Free/Commercial |
HackerOne | Query HackerOne reports | apiKey |
Yes | Link! | ? |
have i been pwned | unofficial endpoints | apiKey |
Yes | Link! | ? |
Hybrid Analysis | Online Sandbox | none |
Yes | Link! | Free |
IP ASN History (D4 Project - CIRCL) | IP and BGP intelligence | none |
Yes | Link! | Free |
MAlshare | Malware Sharing | apiKey |
Yes | Link! | ? |
Mac Vendor Lookup | Threat Intel | apiKey |
Yes | Link! | ? |
MAC address API | Threat Intel | apiKey |
Yes | Link! | Commercial |
Malpedia | Curated list of malware | apiKey |
Yes | Link! | Free |
MalwareBazaar | Malware Sharing Service | apiKey |
Yes | Link! | Free (CCO) |
MaxMind | GeoIP and More | apiKey |
Yes | Link! | ? |
Microsoft Security Response Center API | Programmatic interfaces to engage with the Microsoft Security Response Center (MSRC) | None |
Yes | Link! | Free |
MWDB | The MWDB system (also known as the “Malware Database”) is a repository for storing malware samples and information acquired during their analysis | apiKey |
Yes | Link! | Free |
NeutrinoAPI | IP Blocklist API | apiKey |
Yes | Link! | ? |
Onyphe | Search Engine for internet connected devices | apiKey |
Yes | Link! | Free/Commercial |
ORKL.eu | Search Engine for intel reports | apiKey |
Yes | Link! | Free (API rate limited) |
Passive Total | Threat Intel | apiKey |
Yes | Link! | ? |
Pastebin | apiKey |
Yes | Link! | ? | |
Phishtank | ? |
Yes | Link! | ? | |
ProxySpace | Proxy servers, proxy judge and IP geolocation | None | Yes | Link! | Free |
Pulsedive | Free threat intelligence platform ingesting over 50 OSINT feeds and user submissions. | apiKey |
Yes | Link! | Both |
Qualys SSLLabs | Test SSL and more | apiKey |
Yes | Link! | ? |
Spamhaus | Domain / IP intelligence and reputation | ? |
Yes | Link! | ? |
Shadowserver Sandbox API | Sandbox | ? |
Yes | Link! | Free |
Shadowserver Bintest API | This server provides a lookup mechanism to test an executable file against a list of known software applications. | ? |
Yes | Link! | Free |
Shadowserver IP-BGP API | Mapping IP numbers to BGP prefixes and ASNs | ? |
Yes | Link! | Free |
Shodan.io | Search Engine for internet connected devices | apiKey |
Yes | Link! | Free/Commercial |
StalkPhish.io | Phishing/brand impersonation detection feed | apiKey |
Yes | Link! | Free/Commercial |
Tenable | ? | ? |
Yes | Link! | ? |
Team Cymru | Threat Intel | apiKey |
Yes | Link! | Both |
ThreatConnect | Threat Intel / SOC platform | apiKey |
Yes | Link! | Commercial |
URLhaus | abuse.ch API | apiKey |
Yes | Link! | Free |
urlscan.io | Online tool to scan URLs | apiKey |
Yes | Link! | Free |
Valhalla | Online repository of curated yara rules | apiKey |
Yes | Link! | Commercial |
VirusTotal | VirusTotal File/URL Analysis | apiKey |
Yes | Link! | ? |
vulners | vulners Vuln Database | apiKey |
Yes | Link! | ? |
whoisxmlapi.com | Whois APIs | apiKey |
Yes | Link! | Commercial |
Zoomeye | Search Engine for internet connected devices | apiKey |
Yes | Link! | Both |
API | Description | Auth | HTTPS | Link | Free / Commercial |
---|---|---|---|---|---|
Carbon Black | Endpoint Security | apiKey |
Yes | Link! | Commercial |
Cuckoo | Cuckoo Sandbox | apiKey |
Yes | Link! | OpenSource |
CRITS | TI System | apiKey |
Yes | Link! | ? |
CrowdStrike falcon-orchestrator | Orchestrator | apiKey |
Yes | Link! | yes |
emlrender | EML file rendering tool | password |
Yes | Link! | OpenSource |
FireEye | Endpoint Security | apiKey |
Yes | Link! | ? |
GRR | Endpoint Incident Response tool | apiKey |
Yes | Link! | OpenSource |
Kolide Fleet | osQuery fleet management | ? |
Yes | Link! | OpenSource |
Lastline | Lastline Enterprise | ApiKey |
Yes | Link! | Commercial |
logdissect | CLI utility and Python API for analyzing log files and other data. | ? |
Yes | Link! | OpenSource |
MISP | Open Source Threat Intelligence Platform | apiKey |
Yes | Link! | OpenSource |
Metadefender | MultiAV | apiKey |
Yes | Link! | Commercial |
Metasploit | Exploiting | apiKey |
Yes | Link! | Commercial |
Moloch | Moloch is an open source, large scale, full packet capturing, indexing, and database system. | ? |
Yes | Link! | OpenSource |
OTRS | Open Ticket Relay System | apiKey |
Yes | Link! | ? |
Plaso | Plaso Langar Að Safna Öllu | apiKey |
Yes | Link! | OpenSource |
Recorded Future | Threat Intelligence Platform | apiKey |
Yes | Link! | ? |
Request Tracker | Ticketing System | apiKey |
Yes | Link! REST2 | ? |
Scot | SCOT - Sandia Cyber Omni Tracker Ticketing System | apiKey |
Yes | Link! | Free |
TheHive | Security Incident Response Platform | apiKey |
Yes | Link! | Free |
Viper.li | Viper malware repository API | apiKey |
Yes | Link! | OpenSource |
VMRay | VMRay Sandbox | apiKey |
Yes | Link! | ? |
API | Description | Auth | HTTPS | Link | Free / Commercial |
---|---|---|---|---|---|
ArcSight | HP ArcSight API | None |
No |
Link! | Commercial |
AlienVault | AlienVault API | Yes |
Yes |
Link! | Commercial |
ELK | ELK Stack API | None |
No |
Link! | OpenSource |
Gravwell | Gravwell API | Yes |
Yes |
Link! | Community / Commercial |
Humio | Humio API | Yes |
Yes |
Link! | Community / Commercial |
QRadar | IBM QRadar API | None |
No |
Link! | Commercial |
Splunk | Splunk API | None |
No |
Link! | Commercial |
API | Description | Auth | HTTPS | Link | Free / Commercial |
---|---|---|---|---|---|
Akamai | Akamai CDN | apiKey |
Yes | Link! | Commercial |
AlienVault Open Threat Exchange (OTX) | IP/domain/URL reputation | apiKey |
Yes | Link! | ? |
Check Point APIs | Check Point APIs Homepage | apiKey |
Yes | Link! | Commercial |
Cisco ISE | ISE is an identity and access control policy platform | apiKey |
Yes | Link! | ? |
Cisco PXGrid | Cisco Platform Exchange Grid | apiKey |
Yes | Link! | ? |
Cisco Security APIs | Cisco Developer Page | `` | ? | Link! | ? |
Cisco Umbrella | Cisco Umbrella Enforcement API | apiKey |
Yes | Link! | ? |
Cyphon | Open Source INcident Management tool | apiKey |
Yes | Link! | ? |
F5 Bip IP | F5 application services products | apiKey |
Yes | Link! | Commercial |
Google Safe Browsing | Google Link/Domain Flagging | apiKey |
Yes | Link! | ? |
Metacert | Metacert Link Flagging | apiKey |
Yes | Link! | ? |
Netscaler | Citrix Netscaler application delivery controller | apiKey |
Yes | Link! | Commercial |
Windows Defender Advanced Threat Protection (Windows Defender ATP) | WDATP | apiKey |
Yes | Link! | ? |
National Software Reference Library (NSRL) | - | apiKey |
Yes | Link! | ? |
PaloAlto | PaloAlto FW API | apiKey |
Yes | Link! | Commercial |
RSA Secure ID | Metacert Link Flagging | apiKey |
Yes | Link! | ? |
ServiceNow | ServiceNow API | apiKey |
Yes | Link! | Commercial |
Web Of Trust (WOT) | Website reputation | apiKey |
Yes | Link! | ? |
Yandex Safe Browsing | Yandex Link/Domain Flagging | apiKey |
Yes | Link! | ? |