awesome-security-apis
A collective awesome list of public (JSON) APIs for use in security.
The list is supported by https://alexanderjaeger.de
Learn about REST: https://github.com/marmelab/awesome-rest
Thanks to all contributors, you're awesome and wouldn't be possible without you! The goal is to build a categorized community-driven collection of APIs relevant for security people.
Index
Online
| API | Description | Auth | HTTPS | Link | Free / Commercial |
|---|---|---|---|---|---|
| Alexa | Alexa Top Sites | apiKey |
Yes | Link! | ? |
| ANY.RUN | Interactive malware analysis service. | apiKey |
Yes | Link! | Both, API commercial only |
| BinaryEdge.io | Search Engine for internet connected devices and Honeypot Network | apiKey |
Yes | Link! | Free/Commercial |
| CriminalIP.io | Search Engine for internet connected devices | apiKey |
Yes | Link! | Free/Commercial |
| Bluecoat Site Review | URL Analysis | none |
Yes | Link! | Free |
| bgpmon.net | Bgp monitoring | ? |
Yes | Link! | ? |
| caprivacy.github.io | California Privacy Directory | None | Yes | Link! | ? |
| censys.io | Free for Researchers Threat Intel | apiKey |
Yes | Link! | ? |
| CIRCL CVE Search | CVE Search | none |
Yes | Link! | Free |
| CIRCL hashlookup | File hash lookup | none |
Yes | Link! | Free |
| CIRCL Passive SSH | Passive SSH | ApiKey |
Yes | Link! | Free for security teams |
| Cloidsploit | Vuln Scanner | apiKey |
Yes | Link! | Free |
| CrowdStrike API | TI | apiKey |
Yes | Link! | NO |
| CVEAPI | API for CVE data | none |
Yes | Link! | Free |
| Cymon.io | Open Threat Intel | apiKey |
Yes | Link! | ? |
| Cybergreen | How clean is a network | apiKey |
Yes | Link! | ? |
| CyCAT.org | The Cybersecurity Resource Catalogue public API services. | none |
Yes | Link! | Free - OpenAPI |
| Domaintools | Commercial Threat Intel | apiKey |
Yes | Link! | Commercial |
| Dragos WorldView | ICS Threat Intelligence | apiKey |
Yes | Link! | Commercial |
| DShield | Internet Storm Center API | apiKey |
Yes | Link! | Free |
| EmailRep | Free API to query email reputation and report malicious senders | none | Yes | Link! | Free |
| emergingthreats.net | Domain / IP intelligence and reputation | apiKey |
Yes | Link! | ? |
| Farsight DNSDB Passive DNS | Passive DNS and more | apiKey |
Yes | Link! | ? |
| Fireeye iSight | Commercial Threat Intel | apiKey |
Yes | Link! | Commercial |
| FIRST.org | Incident Response Teams API | none |
Yes | Link! | ? |
| Flashpoint Intel | Threat Intel | apiKey |
Yes | Link! | ? |
| Flexera | Vuln Management | apiKey |
Yes | Link! | ? |
| GreyNoise | GreyNoise is a system that collects and analyzes data on Internet-wide scanners. | apiKey |
Yes | Link! | Free/Commercial |
| HackerOne | Query HackerOne reports | apiKey |
Yes | Link! | ? |
| have i been pwned | unofficial endpoints | apiKey |
Yes | Link! | ? |
| Hybrid Analysis | Online Sandbox | none |
Yes | Link! | Free |
| IP ASN History (D4 Project - CIRCL) | IP and BGP intelligence | none |
Yes | Link! | Free |
| MAlshare | Malware Sharing | apiKey |
Yes | Link! | ? |
| Mac Vendor Lookup | Threat Intel | apiKey |
Yes | Link! | ? |
| MAC address API | Threat Intel | apiKey |
Yes | Link! | Commercial |
| Malpedia | Curated list of malware | apiKey |
Yes | Link! | Free |
| MalwareBazaar | Malware Sharing Service | apiKey |
Yes | Link! | Free (CCO) |
| MaxMind | GeoIP and More | apiKey |
Yes | Link! | ? |
| Microsoft Security Response Center API | Programmatic interfaces to engage with the Microsoft Security Response Center (MSRC) | None |
Yes | Link! | Free |
| MWDB | The MWDB system (also known as the “Malware Database”) is a repository for storing malware samples and information acquired during their analysis | apiKey |
Yes | Link! | Free |
| NeutrinoAPI | IP Blocklist API | apiKey |
Yes | Link! | ? |
| Onyphe | Search Engine for internet connected devices | apiKey |
Yes | Link! | Free/Commercial |
| ORKL.eu | Search Engine for intel reports | apiKey |
Yes | Link! | Free (API rate limited) |
| Passive Total | Threat Intel | apiKey |
Yes | Link! | ? |
| Pastebin | apiKey |
Yes | Link! | ? | |
| Phishtank | ? |
Yes | Link! | ? | |
| Pulsedive | Free threat intelligence platform ingesting over 50 OSINT feeds and user submissions. | apiKey |
Yes | Link! | Both |
| Qualys SSLLabs | Test SSL and more | apiKey |
Yes | Link! | ? |
| Spamhaus | Domain / IP intelligence and reputation | ? |
Yes | Link! | ? |
| Shadowserver Sandbox API | Sandbox | ? |
Yes | Link! | Free |
| Shadowserver Bintest API | This server provides a lookup mechanism to test an executable file against a list of known software applications. | ? |
Yes | Link! | Free |
| Shadowserver IP-BGP API | Mapping IP numbers to BGP prefixes and ASNs | ? |
Yes | Link! | Free |
| Shodan.io | Search Engine for internet connected devices | apiKey |
Yes | Link! | Free/Commercial |
| StalkPhish.io | Phishing/brand impersonation detection feed | apiKey |
Yes | Link! | Free/Commercial |
| Tenable | ? | ? |
Yes | Link! | ? |
| Team Cymru | Threat Intel | apiKey |
Yes | Link! | Both |
| ThreatConnect | Threat Intel / SOC platform | apiKey |
Yes | Link! | Commercial |
| URLhaus | abuse.ch API | apiKey |
Yes | Link! | Free |
| urlscan.io | Online tool to scan URLs | apiKey |
Yes | Link! | Free |
| Valhalla | Online repository of curated yara rules | apiKey |
Yes | Link! | Commercial |
| VirusTotal | VirusTotal File/URL Analysis | apiKey |
Yes | Link! | ? |
| vulners | vulners Vuln Database | apiKey |
Yes | Link! | ? |
| whoisxmlapi.com | Whois APIs | apiKey |
Yes | Link! | Commercial |
| Zoomeye | Search Engine for internet connected devices | apiKey |
Yes | Link! | Both |
Tools
| API | Description | Auth | HTTPS | Link | Free / Commercial |
|---|---|---|---|---|---|
| Carbon Black | Endpoint Security | apiKey |
Yes | Link! | Commercial |
| Cuckoo | Cuckoo Sandbox | apiKey |
Yes | Link! | OpenSource |
| CRITS | TI System | apiKey |
Yes | Link! | ? |
| CrowdStrike falcon-orchestrator | Orchestrator | apiKey |
Yes | Link! | yes |
| emlrender | EML file rendering tool | password |
Yes | Link! | OpenSource |
| FireEye | Endpoint Security | apiKey |
Yes | Link! | ? |
| GRR | Endpoint Incident Response tool | apiKey |
Yes | Link! | OpenSource |
| Kolide Fleet | osQuery fleet management | ? |
Yes | Link! | OpenSource |
| Lastline | Lastline Enterprise | ApiKey |
Yes | Link! | Commercial |
| logdissect | CLI utility and Python API for analyzing log files and other data. | ? |
Yes | Link! | OpenSource |
| MISP | Open Source Threat Intelligence Platform | apiKey |
Yes | Link! | OpenSource |
| Metadefender | MultiAV | apiKey |
Yes | Link! | Commercial |
| Metasploit | Exploiting | apiKey |
Yes | Link! | Commercial |
| Moloch | Moloch is an open source, large scale, full packet capturing, indexing, and database system. | ? |
Yes | Link! | OpenSource |
| OTRS | Open Ticket Relay System | apiKey |
Yes | Link! | ? |
| Plaso | Plaso Langar Að Safna Öllu | apiKey |
Yes | Link! | OpenSource |
| Recorded Future | Threat Intelligence Platform | apiKey |
Yes | Link! | ? |
| Request Tracker | Ticketing System | apiKey |
Yes | Link! REST2 | ? |
| Scot | SCOT - Sandia Cyber Omni Tracker Ticketing System | apiKey |
Yes | Link! | Free |
| TheHive | Security Incident Response Platform | apiKey |
Yes | Link! | Free |
| Viper.li | Viper malware repository API | apiKey |
Yes | Link! | OpenSource |
| VMRay | VMRay Sandbox | apiKey |
Yes | Link! | ? |
SIEM
| API | Description | Auth | HTTPS | Link | Free / Commercial |
|---|---|---|---|---|---|
| ArcSight | HP ArcSight API | None |
No |
Link! | Commercial |
| AlienVault | AlienVault API | Yes |
Yes |
Link! | Commercial |
| ELK | ELK Stack API | None |
No |
Link! | OpenSource |
| Gravwell | Gravwell API | Yes |
Yes |
Link! | Community / Commercial |
| Humio | Humio API | Yes |
Yes |
Link! | Community / Commercial |
| QRadar | IBM QRadar API | None |
No |
Link! | Commercial |
| Splunk | Splunk API | None |
No |
Link! | Commercial |
Various
| API | Description | Auth | HTTPS | Link | Free / Commercial |
|---|---|---|---|---|---|
| Akamai | Akamai CDN | apiKey |
Yes | Link! | Commercial |
| AlienVault Open Threat Exchange (OTX) | IP/domain/URL reputation | apiKey |
Yes | Link! | ? |
| Check Point APIs | Check Point APIs Homepage | apiKey |
Yes | Link! | Commercial |
| Cisco ISE | ISE is an identity and access control policy platform | apiKey |
Yes | Link! | ? |
| Cisco PXGrid | Cisco Platform Exchange Grid | apiKey |
Yes | Link! | ? |
| Cisco Security APIs | Cisco Developer Page | `` | ? | Link! | ? |
| Cisco Umbrella | Cisco Umbrella Enforcement API | apiKey |
Yes | Link! | ? |
| Cyphon | Open Source INcident Management tool | apiKey |
Yes | Link! | ? |
| F5 Bip IP | F5 application services products | apiKey |
Yes | Link! | Commercial |
| Google Safe Browsing | Google Link/Domain Flagging | apiKey |
Yes | Link! | ? |
| Metacert | Metacert Link Flagging | apiKey |
Yes | Link! | ? |
| Netscaler | Citrix Netscaler application delivery controller | apiKey |
Yes | Link! | Commercial |
| Windows Defender Advanced Threat Protection (Windows Defender ATP) | WDATP | apiKey |
Yes | Link! | ? |
| National Software Reference Library (NSRL) | - | apiKey |
Yes | Link! | ? |
| PaloAlto | PaloAlto FW API | apiKey |
Yes | Link! | Commercial |
| RSA Secure ID | Metacert Link Flagging | apiKey |
Yes | Link! | ? |
| ServiceNow | ServiceNow API | apiKey |
Yes | Link! | Commercial |
| Web Of Trust (WOT) | Website reputation | apiKey |
Yes | Link! | ? |
| Yandex Safe Browsing | Yandex Link/Domain Flagging | apiKey |
Yes | Link! | ? |