{"id":13513894,"url":"https://github.com/jaegeral/security-apis","last_synced_at":"2025-05-16T05:03:20.376Z","repository":{"id":37479511,"uuid":"116864246","full_name":"jaegeral/security-apis","owner":"jaegeral","description":"A collective list of public APIs for use in security. Contributions welcome","archived":false,"fork":false,"pushed_at":"2025-04-18T11:47:57.000Z","size":125,"stargazers_count":923,"open_issues_count":0,"forks_count":137,"subscribers_count":57,"default_branch":"master","last_synced_at":"2025-05-16T05:01:56.625Z","etag":null,"topics":["awesome-list","json","json-api","security","siem"],"latest_commit_sha":null,"homepage":"https://alexanderjaeger.de","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jaegeral.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-01-09T19:58:44.000Z","updated_at":"2025-05-03T20:19:32.000Z","dependencies_parsed_at":"2024-12-18T14:10:09.778Z","dependency_job_id":"873285fd-4deb-47bb-ac76-005d185a9220","html_url":"https://github.com/jaegeral/security-apis","commit_stats":null,"previous_names":["deralexxx/security-apis"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaegeral%2Fsecurity-apis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaegeral%2Fsecurity-apis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaegeral%2Fsecurity-apis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaegeral%2Fsecurity-apis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jaegeral","download_url":"https://codeload.github.com/jaegeral/security-apis/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254471028,"owners_count":22076582,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awesome-list","json","json-api","security","siem"],"created_at":"2024-08-01T05:00:39.675Z","updated_at":"2025-05-16T05:03:20.357Z","avatar_url":"https://github.com/jaegeral.png","language":null,"funding_links":[],"categories":["Awesome Repositories","Utilities","Development","Security APIs","Others (1002)","Others","Other Lists"],"sub_categories":["API","TeX Lists"],"readme":"# awesome-security-apis\nA collective awesome list of public (JSON) APIs for use in security.\n\nThe list is supported by https://alexanderjaeger.de\n\nLearn about REST: https://github.com/marmelab/awesome-rest\n\nThanks to all [contributors](https://github.com/deralexxx/security-apis/graphs/contributors), you're awesome and wouldn't be possible without you! The goal is to build a categorized community-driven collection of APIs relevant for security people.\n\n# Index\n* [Online](#online)\n* [Tools](#tools)\n* [SIEM](#siem)\n* [Various](#various)\n\n\n## Online\nAPI | Description | Auth | HTTPS | Link | Free / Commercial|\n|---|---|---|---|---|---|\n| ANY.RUN | Interactive malware analysis service.  | `apiKey` | Yes | [Link!](https://any.run/api-documentation/) |Both, API commercial only|\n| BinaryEdge.io | Search Engine for internet connected devices and Honeypot Network | `apiKey` | Yes | [Link!](https://binaryedge.io/) |Free/Commercial|\n| CriminalIP.io | Search Engine for internet connected devices | `apiKey` | Yes | [Link!](https://www.criminalip.io/) |Free/Commercial|\n| Bluecoat Site Review | URL Analysis | `none` | Yes | [Link!](https://sitereview.bluecoat.com/sitereview.jsp) |Free|\n| caprivacy.github.io | California Privacy Directory  | None | Yes | [Link!](https://caprivacy.github.io/caprivacy/) |?|\n| censys.io | Free for Researchers Threat Intel  | `apiKey` | Yes | [Link!](https://censys.io/api) |?|\n| CIRCL CVE Search | CVE Search | `none` | Yes | [Link!](https://cve.circl.lu/api/) |Free|\n| CIRCL hashlookup | File hash lookup | `none` | Yes | [Link!](https://hashlookup.circl.lu/) |Free|\n| CIRCL Passive SSH | Passive SSH | `ApiKey` | Yes | [Link!](https://github.com/D4-project/passive-ssh#api) |Free for security teams|\n| Cloidsploit | Vuln Scanner | `apiKey` | Yes | [Link!](https://cloudsploit.com/api) |Free|\n| CrowdStrike API | TI | `apiKey` | Yes | [Link!](https://developer.crowdstrike.com/docs/openapi/) |NO|\n| CVEAPI | API for CVE data | `none` | Yes | [Link!](https://cveapi.com/) |Free|\n| Cymon.io | Open Threat Intel  | `apiKey` | Yes | [Link!](https://cymon.docs.apiary.io/) |?|\n| Cybergreen | How clean is a network  | `apiKey` | Yes | [Link!](http://stats.cybergreen.net/download/) |?|\n| CyCAT.org | The Cybersecurity Resource Catalogue public API services. | `none` | Yes | [Link!](https://api.cycat.org/) |Free - OpenAPI|\n| Domaintools | Commercial Threat Intel  | `apiKey` | Yes | [Link!](https://www.domaintools.com/products/api-integration/) |Commercial|\n| Dragos WorldView | ICS Threat Intelligence  | `apiKey` | Yes | [Link!](https://portal.dragos.com/api/v1/doc/) |Commercial|\n| DShield | Internet Storm Center API  | `apiKey` | Yes | [Link!](https://www.dshield.org/api/) |Free|\n| EmailRep | Free API to query email reputation and report malicious senders | none | Yes | [Link!](https://blog.sublimesecurity.com/emailrep-query-and-report) | Free |\n| emergingthreats.net | Domain / IP intelligence and reputation | `apiKey` | Yes | [Link!](http://apidocs.emergingthreats.net/) |?|\n| Farsight DNSDB Passive DNS | Passive DNS and more | `apiKey` | Yes | [Link!](https://api.dnsdb.info/) |?|\n| Fireeye iSight | Commercial Threat Intel  | `apiKey` | Yes | [Link!](https://docs.fireeye.com/iSight/index.html#/) |Commercial|\n| FIRST.org | Incident Response Teams API | `none` | Yes | [Link!](https://api.first.org/) |?|\n| Flashpoint Intel | Threat Intel | `apiKey` | Yes | [Link!](https://www.flashpoint-intel.com/api/) |?|\n| Flexera | Vuln Management | `apiKey` | Yes | [Link!](http://helpnet.flexerasoftware.com/svm/api/Default.htm) |?|\n| GreyNoise | GreyNoise is a system that collects and analyzes data on Internet-wide scanners. | `apiKey` | Yes | [Link!](https://github.com/GreyNoise-Intelligence/api.greynoise.io) |Free/Commercial|\n| HackerOne | Query HackerOne reports | `apiKey` | Yes | [Link!](https://api.hackerone.com/docs/v1) |?|\n| have i been pwned | [unofficial endpoints](apidocs/haveIBeenPwned.md) | `apiKey` | Yes | [Link!](https://haveibeenpwned.com/API/v2) |?|\n| Hybrid Analysis | Online Sandbox | `none` | Yes | [Link!](https://www.hybrid-analysis.com/docs/api/v2) |Free|\n| IP ASN History (D4 Project - CIRCL) | IP and BGP intelligence | `none` | Yes |[Link!](https://github.com/D4-project/IPASN-History)|Free|\n| IPinfo | IP location, ASN, VPN detection and more | `none` | Yes | [Link!](https://ipinfo.io) |Both|\n| MAlshare | Malware Sharing  | `apiKey` | Yes | [Link!](https://malshare.com/doc.php) |?|\n| Mac Vendor Lookup | Threat Intel  | `apiKey` | Yes | [Link!](https://macvendors.com/api) |?|\n| MAC address API | Threat Intel  | `apiKey` | Yes | [Link!](https://macaddress.io/api-documentation) |Commercial|\n| Malpedia | Curated list of malware  | `apiKey` | Yes | [Link!](https://malpedia.caad.fkie.fraunhofer.de/usage/api) |Free|\n| MalwareBazaar | Malware Sharing Service  | `apiKey` | Yes | [Link!](https://bazaar.abuse.ch/api/) |Free (CCO)|\n| MaxMind | GeoIP and More  | `apiKey` | Yes | [Link!](https://dev.maxmind.com/) |?|\n| Microsoft Security Response Center API | Programmatic interfaces to engage with the Microsoft Security Response Center (MSRC)  | `None` | Yes | [Link!](https://msrc.microsoft.com/report/developer) |Free|\n| MWDB | The MWDB system (also known as the “Malware Database”) is a repository for storing malware samples and information acquired during their analysis  | `apiKey` | Yes | [Link!](https://mwdb.readthedocs.io/en/latest/user-guide/8-REST-and-mwdblib.html) |Free|\n| NeutrinoAPI | IP Blocklist API  | `apiKey` | Yes | [Link!](https://www.neutrinoapi.com/api/ip-blocklist/) |?|\n| Onyphe | Search Engine for internet connected devices   | `apiKey` | Yes | [Link!](https://www.onyphe.io/) |Free/Commercial|\n| ORKL.eu | Search Engine for intel reports   | `apiKey` | Yes | [Link!](https://orkl.eu) |Free (API rate limited)|\n| Passive Total | Threat Intel | `apiKey` | Yes | [Link!](https://api.passivetotal.org/api/docs/) |?|\n| Pastebin |  | `apiKey` | Yes | [Link!](https://pastebin.com/doc_api) |?|\n| Pentestnet | Vuln Scanner  | `apiKey` | Yes | [Link!](https://pentestnet.com/api-docs) |Commercial|\n| Phishtank |  | `?` | Yes | [Link!](http://www.phishtank.com/developer_info.php) |?|\n| ProxySpace | Proxy servers, proxy judge and IP geolocation | None | Yes | [Link!](https://proxyspace.pro) |Free|\n| Pulsedive | Free threat intelligence platform ingesting over 50 OSINT feeds and user submissions. | `apiKey` | Yes | [Link!](https://pulsedive.com/api/) |Both|\n| Qualys SSLLabs | Test SSL and more | `apiKey` | Yes | [Link!](https://www.ssllabs.com/projects/ssllabs-apis/) |?|\n| Spamhaus | Domain / IP intelligence and reputation | `?` | Yes | [Link!](https://www.spamhaus.org/zen/) |?|\n| Shadowserver Sandbox API | Sandbox | `?` | Yes | [Link!](http://www.shadowserver.org/wiki/pmwiki.php/Services/Sandboxapi) |Free|\n| Shadowserver Bintest API | This server provides a lookup mechanism to test an executable file against a list of known software applications.| `?` | Yes | [Link!](http://bin-test.shadowserver.org/) |Free|\n| Shadowserver IP-BGP API | Mapping IP numbers to BGP prefixes and ASNs | `?` | Yes | [Link!](https://www.shadowserver.org/wiki/pmwiki.php/Services/IP-BGP) |Free|\n| Shodan.io | Search Engine for internet connected devices | `apiKey` | Yes | [Link!](https://developer.shodan.io/) |Free/Commercial|\n| StalkPhish.io | Phishing/brand impersonation detection feed | `apiKey` | Yes | [Link!](https://www.stalkphish.io/) |Free/Commercial|\n| Tenable | ? | `?` | Yes | [Link!](https://cloud.tenable.com/api#/overview) |?|\n| Team Cymru | Threat Intel | `apiKey` | Yes | [Link!](http://www.team-cymru.org/services.html) |Both|\n| ThreatConnect | Threat Intel / SOC platform  | `apiKey` | Yes | [Link!](https://docs.threatconnect.com/en/latest/) |Commercial|\n| URLhaus | abuse.ch API | `apiKey` | Yes | [Link!](https://urlhaus-api.abuse.ch/) |Free|\n| urlscan.io | Online tool to scan URLs | `apiKey` | Yes | [Link!](https://urlscan.io/about-api/) |Free|\n| Valhalla | Online repository of curated yara rules | `apiKey` | Yes | [Link!](https://valhalla.nextron-systems.com/) |Commercial|\n| VirusTotal | VirusTotal File/URL Analysis | `apiKey` | Yes | [Link!](https://www.virustotal.com/en/documentation/public-api/) |?|\n| vulners | vulners Vuln Database | `apiKey` | Yes | [Link!](https://vulners.com/docs) |?|\n| whoisxmlapi.com | Whois APIs| `apiKey` | Yes | [Link!](https://whoisapi.whoisxmlapi.com/docs) |Commercial|\n| Zoomeye | Search Engine for internet connected devices | `apiKey` | Yes | [Link!](https://www.zoomeye.org/doc) |Both|\n\n## Tools\n\nAPI | Description | Auth | HTTPS | Link | Free / Commercial|\n|---|---|---|---|---|---|\n| Carbon Black | Endpoint Security | `apiKey` | Yes | [Link!](https://github.com/carbonblack/cbapi) |Commercial|\n| CRITS | TI System | `apiKey` | Yes | [Link!](https://github.com/crits/crits/wiki/Authenticated-API) |?|\n| CrowdStrike falcon-orchestrator | Orchestrator | `apiKey` | Yes | [Link!](https://github.com/CrowdStrike/falcon-orchestrator/wiki/Installation-\u0026-Deployment) |yes|\n| emlrender | EML file rendering tool | `password` | Yes | [Link!](https://github.com/xme/emlrender) |OpenSource|\n| FireEye | Endpoint Security | `apiKey` | Yes | [Link!](https://docs.fireeye.com/) |?|\n| GRR | Endpoint Incident Response tool | `apiKey` | Yes | [Link!](http://grr-doc.readthedocs.io/en/v3.2.0/investigating-with-grr/automation-with-api.html) |OpenSource|\n| Kolide Fleet | osQuery fleet management | `?` | Yes | [Link!](https://github.com/kolide/fleet/blob/master/docs/api/README.md) |OpenSource|\n| Lastline | Lastline Enterprise | `ApiKey` | Yes | [Link!](https://user.lastline.com/papi-doc/api/html/index.html) | Commercial |\n| logdissect | CLI utility and Python API for analyzing log files and other data. | `?` | Yes | [Link!](https://github.com/dogoncouch/logdissect/blob/master/docs/README-MODULE.md) | OpenSource |\n| MISP | Open Source Threat Intelligence Platform | `apiKey` | Yes | [Link!](https://www.circl.lu/doc/misp/automation/) |OpenSource|\n| Metadefender | MultiAV | `apiKey` | Yes | [Link!](https://docs.opswat.com/mdcore/metadefender-core/ref) |Commercial|\n| Metasploit | Exploiting | `apiKey` | Yes | [Link!](http://rapid7.github.io/metasploit-framework/api/) |Commercial|\n| Moloch | Moloch is an open source, large scale, full packet capturing, indexing, and database system. | `?` | Yes | [Link!](https://github.com/aol/moloch/wiki/API) |OpenSource|\n| OTRS | Open Ticket Relay System | `apiKey` | Yes | [Link!](https://doc.otrs.com/doc/api/otrs/8.0/Perl/) |?|\n| Plaso | Plaso Langar Að Safna Öllu | `apiKey` | Yes | [Link!](https://readthedocs.org/projects/plaso-api/) |OpenSource|\n| Recorded Future | Threat Intelligence Platform | `apiKey` | Yes | [Link!](https://api.recordedfuture.com/index.html) |?|\n| Request Tracker | Ticketing System | `apiKey` | Yes | [Link!](https://rt-wiki.bestpractical.com/wiki/REST) [REST2](https://metacpan.org/pod/RT::Extension::REST2) |?|\n| Scot | SCOT - Sandia Cyber Omni Tracker Ticketing System | `apiKey` | Yes | [Link!](http://scot.readthedocs.io/en/latest/devguide.html#scot-rest-api) |Free|\n| TheHive | Security Incident Response Platform | `apiKey` | Yes | [Link!](https://blog.thehive-project.org/tag/api/) |Free|\n| Viper.li | Viper malware repository API | `apiKey` | Yes | [Link!](https://github.com/viper-framework/viper/blob/master/docs/source/usage/web.rst) |OpenSource|\n| VMRay | VMRay Sandbox | `apiKey` | Yes | [Link!](https://www.vmray.com/blog/v-1-9-api-now-restjson/) |?|\n\n## SIEM\nAPI | Description | Auth | HTTPS | Link | Free / Commercial|\n|---|---|---|---|---|---|\n| ArcSight | HP ArcSight API | `None` | `No` | [Link!](https://h41382.www4.hpe.com/gfs-shared/downloads-273.pdf) | Commercial |\n| AlienVault | AlienVault API | `Yes` | `Yes` | [Link!](https://www.alienvault.com/documentation/api/av-apis.htm) | Commercial |\n| Datadog | Datadog API | `Yes` | `Yes` | [Link](https://docs.datadoghq.com/api/latest/) | Commercial |\n| ELK | ELK Stack API | `None` | `No` | [Link!](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs.html) | OpenSource |\n| Gravwell | Gravwell API | `Yes` | `Yes` | [Link!](https://dev.gravwell.io/docs/#!api/api.md) | Community / Commercial |\n| Humio | Humio API | `Yes` | `Yes` | [Link!](https://docs.humio.com/api/)| Community / Commercial |\n| QRadar | IBM QRadar API | `None` | `No` | [Link!](https://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc_cloud/c_rest_api_getting_started.html) |Commercial|\n| Splunk | Splunk API | `None` | `No` | [Link!](http://dev.splunk.com/restapi) |Commercial|\n\n### Various\nAPI | Description | Auth | HTTPS | Link |Free / Commercial|\n|---|---|---|---|---|---|\n| Akamai | Akamai CDN | `apiKey` | Yes | [Link!](https://developer.akamai.com/api/) | Commercial |\n| AlienVault Open Threat Exchange (OTX) | IP/domain/URL reputation | `apiKey` | Yes | [Link!](https://otx.alienvault.com/api/) |?|\n| Check Point APIs | Check Point APIs Homepage | `apiKey` | Yes | [Link!](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk121360) | Commercial |\n| Cisco ISE | ISE is an identity and access control policy platform | `apiKey` | Yes | [Link!](https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-command-reference-list.html) |?|\n| Cisco PXGrid | Cisco Platform Exchange Grid | `apiKey` | Yes | [Link!](https://developer.cisco.com/site/pxgrid/) |?|\n| Cisco Security APIs | Cisco Developer Page | `` | ? | [Link!](https://developer.cisco.com/site/security/) |?|\n| Cisco Umbrella | Cisco Umbrella Enforcement API | `apiKey` | Yes | [Link!](https://docs.umbrella.com/developer/enforcement-api/) |?|\n| Cyphon | Open Source INcident Management tool | `apiKey` | Yes | [Link!](http://cyphon.readthedocs.io/en/latest/api.html) |?|\n| F5 Bip IP | F5 application services products | `apiKey` | Yes | [Link!](https://devcentral.f5.com/wiki/iControlREST.HomePage.ashx?lc=1) | Commercial |\n| Google Safe Browsing | Google Link/Domain Flagging | `apiKey` | Yes | [Link!](https://developers.google.com/safe-browsing/) |?|\n| Metacert | Metacert Link Flagging | `apiKey` | Yes | [Link!](https://metacert.com/) |?|\n| Netscaler | Citrix Netscaler application delivery controller | `apiKey` | Yes | [Link!](https://developer-docs.citrix.com/projects/netscaler-nitro-api/en/12.0/api-reference/) | Commercial |\n| Windows Defender Advanced Threat Protection (Windows Defender ATP) | WDATP | `apiKey` | Yes | [Link!](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/management-apis) |?|\n| National Software Reference Library (NSRL) | - | `apiKey` | Yes | [Link!](https://github.com/bsi-group/nsrls) |?|\n| PaloAlto | PaloAlto FW API | `apiKey` | Yes | [Link!](https://www.paloaltonetworks.com/documentation/71/pan-os/xml-api/get-started-with-the-pan-os-xml-api/explore-the-api) | Commercial |\n| RSA Secure ID | Metacert Link Flagging | `apiKey` | Yes | [Link!]( https://community.rsa.com/docs/DOC-75741) |?|\n| ServiceNow | ServiceNow API | `apiKey` | Yes | [Link!](https://developer.servicenow.com/app.do) | Commercial |\n| Yandex Safe Browsing | Yandex Link/Domain Flagging | `apiKey` | Yes | [Link!](https://yandex.com/dev/safebrowsing/) |?|\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaegeral%2Fsecurity-apis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjaegeral%2Fsecurity-apis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaegeral%2Fsecurity-apis/lists"}