A collective list of public APIs for use in security. Contributions welcome
A collective awesome list of public (JSON) APIs for use in security.
The list is supported by https://alexanderjaeger.de
Learn about REST: https://github.com/marmelab/awesome-rest
Thanks to all contributors, you’re awesome and wouldn’t be possible without you! The goal is to build a categorized community-driven collection of APIs relevant for security people.
API | Description | Auth | HTTPS | Link | Free / Commercial|
|—|—|—|—|—|—|
| Alexa | Alexa Top Sites | apiKey | Yes | Link! |?|
| ANY.RUN | Interactive malware analysis service. | apiKey | Yes | Link! |Both, API commercial only|
| BinaryEdge.io | Search Engine for internet connected devices and Honeypot Network | apiKey | Yes | Link! |Free/Commercial|
| CriminalIP.io | Search Engine for internet connected devices | apiKey | Yes | Link! |Free/Commercial|
| Bluecoat Site Review | URL Analysis | none | Yes | Link! |Free|
| bgpmon.net | Bgp monitoring | ? | Yes | Link! |?|
| caprivacy.github.io | California Privacy Directory | None | Yes | Link! |?|
| censys.io | Free for Researchers Threat Intel | apiKey | Yes | Link! |?|
| CIRCL CVE Search | CVE Search | none | Yes | Link! |Free|
| CIRCL hashlookup | File hash lookup | none | Yes | Link! |Free|
| CIRCL Passive SSH | Passive SSH | ApiKey | Yes | Link! |Free for security teams|
| Cloidsploit | Vuln Scanner | apiKey | Yes | Link! |Free|
| CrowdStrike API | TI | apiKey | Yes | Link! |NO|
| CVEAPI | API for CVE data | none | Yes | Link! |Free|
| Cymon.io | Open Threat Intel | apiKey | Yes | Link! |?|
| Cybergreen | How clean is a network | apiKey | Yes | Link! |?|
| CyCAT.org | The Cybersecurity Resource Catalogue public API services. | none | Yes | Link! |Free - OpenAPI|
| Domaintools | Commercial Threat Intel | apiKey | Yes | Link! |Commercial|
| Dragos WorldView | ICS Threat Intelligence | apiKey | Yes | Link! |Commercial|
| DShield | Internet Storm Center API | apiKey | Yes | Link! |Free|
| EmailRep | Free API to query email reputation and report malicious senders | none | Yes | Link! | Free |
| emergingthreats.net | Domain / IP intelligence and reputation | apiKey | Yes | Link! |?|
| Farsight DNSDB Passive DNS | Passive DNS and more | apiKey | Yes | Link! |?|
| Fireeye iSight | Commercial Threat Intel | apiKey | Yes | Link! |Commercial|
| FIRST.org | Incident Response Teams API | none | Yes | Link! |?|
| Flashpoint Intel | Threat Intel | apiKey | Yes | Link! |?|
| Flexera | Vuln Management | apiKey | Yes | Link! |?|
| GreyNoise | GreyNoise is a system that collects and analyzes data on Internet-wide scanners. | apiKey | Yes | Link! |Free/Commercial|
| HackerOne | Query HackerOne reports | apiKey | Yes | Link! |?|
| have i been pwned | unofficial endpoints | apiKey | Yes | Link! |?|
| Hybrid Analysis | Online Sandbox | none | Yes | Link! |Free|
| IP ASN History (D4 Project - CIRCL) | IP and BGP intelligence | none | Yes |Link!|Free|
| MAlshare | Malware Sharing | apiKey | Yes | Link! |?|
| Mac Vendor Lookup | Threat Intel | apiKey | Yes | Link! |?|
| MAC address API | Threat Intel | apiKey | Yes | Link! |Commercial|
| Malpedia | Curated list of malware | apiKey | Yes | Link! |Free|
| MalwareBazaar | Malware Sharing Service | apiKey | Yes | Link! |Free (CCO)|
| MaxMind | GeoIP and More | apiKey | Yes | Link! |?|
| Microsoft Security Response Center API | Programmatic interfaces to engage with the Microsoft Security Response Center (MSRC) | None | Yes | Link! |Free|
| MWDB | The MWDB system (also known as the “Malware Database”) is a repository for storing malware samples and information acquired during their analysis | apiKey | Yes | Link! |Free|
| NeutrinoAPI | IP Blocklist API | apiKey | Yes | Link! |?|
| Onyphe | Search Engine for internet connected devices | apiKey | Yes | Link! |Free/Commercial|
| ORKL.eu | Search Engine for intel reports | apiKey | Yes | Link! |Free (API rate limited)|
| Passive Total | Threat Intel | apiKey | Yes | Link! |?|
| Pastebin | | apiKey | Yes | Link! |?|
| Phishtank | | ? | Yes | Link! |?|
| ProxySpace | Proxy servers, proxy judge and IP geolocation | None | Yes | Link! |Free|
| Pulsedive | Free threat intelligence platform ingesting over 50 OSINT feeds and user submissions. | apiKey | Yes | Link! |Both|
| Qualys SSLLabs | Test SSL and more | apiKey | Yes | Link! |?|
| Spamhaus | Domain / IP intelligence and reputation | ? | Yes | Link! |?|
| Shadowserver Sandbox API | Sandbox | ? | Yes | Link! |Free|
| Shadowserver Bintest API | This server provides a lookup mechanism to test an executable file against a list of known software applications.| ? | Yes | Link! |Free|
| Shadowserver IP-BGP API | Mapping IP numbers to BGP prefixes and ASNs | ? | Yes | Link! |Free|
| Shodan.io | Search Engine for internet connected devices | apiKey | Yes | Link! |Free/Commercial|
| StalkPhish.io | Phishing/brand impersonation detection feed | apiKey | Yes | Link! |Free/Commercial|
| Tenable | ? | ? | Yes | Link! |?|
| Team Cymru | Threat Intel | apiKey | Yes | Link! |Both|
| ThreatConnect | Threat Intel / SOC platform | apiKey | Yes | Link! |Commercial|
| URLhaus | abuse.ch API | apiKey | Yes | Link! |Free|
| urlscan.io | Online tool to scan URLs | apiKey | Yes | Link! |Free|
| Valhalla | Online repository of curated yara rules | apiKey | Yes | Link! |Commercial|
| VirusTotal | VirusTotal File/URL Analysis | apiKey | Yes | Link! |?|
| vulners | vulners Vuln Database | apiKey | Yes | Link! |?|
| whoisxmlapi.com | Whois APIs| apiKey | Yes | Link! |Commercial|
| Zoomeye | Search Engine for internet connected devices | apiKey | Yes | Link! |Both|
| API | Description | Auth | HTTPS | Link | Free / Commercial | |
|---|---|---|---|---|---|---|
| Carbon Black | Endpoint Security | apiKey |
Yes | Link! | Commercial | |
| Cuckoo | Cuckoo Sandbox | apiKey |
Yes | Link! | OpenSource | |
| CRITS | TI System | apiKey |
Yes | Link! | ? | |
| CrowdStrike falcon-orchestrator | Orchestrator | apiKey |
Yes | Link! | yes | |
| emlrender | EML file rendering tool | password |
Yes | Link! | OpenSource | |
| FireEye | Endpoint Security | apiKey |
Yes | Link! | ? | |
| GRR | Endpoint Incident Response tool | apiKey |
Yes | Link! | OpenSource | |
| Kolide Fleet | osQuery fleet management | ? |
Yes | Link! | OpenSource | |
| Lastline | Lastline Enterprise | ApiKey |
Yes | Link! | Commercial | |
| logdissect | CLI utility and Python API for analyzing log files and other data. | ? |
Yes | Link! | OpenSource | |
| MISP | Open Source Threat Intelligence Platform | apiKey |
Yes | Link! | OpenSource | |
| Metadefender | MultiAV | apiKey |
Yes | Link! | Commercial | |
| Metasploit | Exploiting | apiKey |
Yes | Link! | Commercial | |
| Moloch | Moloch is an open source, large scale, full packet capturing, indexing, and database system. | ? |
Yes | Link! | OpenSource | |
| OTRS | Open Ticket Relay System | apiKey |
Yes | Link! | ? | |
| Plaso | Plaso Langar Að Safna Öllu | apiKey |
Yes | Link! | OpenSource | |
| Recorded Future | Threat Intelligence Platform | apiKey |
Yes | Link! | ? | |
| Request Tracker | Ticketing System | apiKey |
Yes | Link! REST2 | ? | |
| Scot | SCOT - Sandia Cyber Omni Tracker Ticketing System | apiKey |
Yes | Link! | Free | |
| TheHive | Security Incident Response Platform | apiKey |
Yes | Link! | Free | |
| Viper.li | Viper malware repository API | apiKey |
Yes | Link! | OpenSource | |
| VMRay | VMRay Sandbox | apiKey |
Yes | Link! | ? |
API | Description | Auth | HTTPS | Link | Free / Commercial|
|—|—|—|—|—|—|
| ArcSight | HP ArcSight API | None | No | Link! | Commercial |
| AlienVault | AlienVault API | Yes | Yes | Link! | Commercial |
| ELK | ELK Stack API | None | No | Link! | OpenSource |
| Gravwell | Gravwell API | Yes | Yes | Link! | Community / Commercial |
| Humio | Humio API | Yes | Yes | Link!| Community / Commercial |
| QRadar | IBM QRadar API | None | No | Link! |Commercial|
| Splunk | Splunk API | None | No | Link! |Commercial|
API | Description | Auth | HTTPS | Link |Free / Commercial|
|—|—|—|—|—|—|
| Akamai | Akamai CDN | apiKey | Yes | Link! | Commercial |
| AlienVault Open Threat Exchange (OTX) | IP/domain/URL reputation | apiKey | Yes | Link! |?|
| Check Point APIs | Check Point APIs Homepage | apiKey | Yes | Link! | Commercial |
| Cisco ISE | ISE is an identity and access control policy platform | apiKey | Yes | Link! |?|
| Cisco PXGrid | Cisco Platform Exchange Grid | apiKey | Yes | Link! |?|
| Cisco Security APIs | Cisco Developer Page | `` | ? | Link! |?|
| Cisco Umbrella | Cisco Umbrella Enforcement API | apiKey | Yes | Link! |?|
| Cyphon | Open Source INcident Management tool | apiKey | Yes | Link! |?|
| F5 Bip IP | F5 application services products | apiKey | Yes | Link! | Commercial |
| Google Safe Browsing | Google Link/Domain Flagging | apiKey | Yes | Link! |?|
| Metacert | Metacert Link Flagging | apiKey | Yes | Link! |?|
| Netscaler | Citrix Netscaler application delivery controller | apiKey | Yes | Link! | Commercial |
| Windows Defender Advanced Threat Protection (Windows Defender ATP) | WDATP | apiKey | Yes | Link! |?|
| National Software Reference Library (NSRL) | - | apiKey | Yes | Link! |?|
| PaloAlto | PaloAlto FW API | apiKey | Yes | Link! | Commercial |
| RSA Secure ID | Metacert Link Flagging | apiKey | Yes | Link! |?|
| ServiceNow | ServiceNow API | apiKey | Yes | Link! | Commercial |
| Web Of Trust (WOT) | Website reputation | apiKey | Yes | Link! |?|
| Yandex Safe Browsing | Yandex Link/Domain Flagging | apiKey | Yes | Link! |?|