security-apis/README.md

# awesome-security-apis
A collective awesome list of public (JSON) APIs for use in security. 

The list ist supported by https://alexanderjaeger.de

Learn about REST: https://github.com/marmelab/awesome-rest

Thanks to all [contributors](https://github.com/deralexxx/security-apis/graphs/contributors), you're awesome and wouldn't be possible without you! The goal is to build a categorized community-driven collection of APIs relevant for security people.

# Index
* [Online](#online)
* [Tools](#tools)
* [SIEM](#siem)
* [Various](#various)


## Online
API | Description | Auth | HTTPS | Link | Free / Commercial|
|---|---|---|---|---|---|
| Apility.IO API | Threat Intelligence Anti-Abuse API  | `apiKey` | Yes | [Link!](https://apidocs.apility.io/) |Free|
| Alexa | Alexa Top Sites | `apiKey` | Yes | [Link!](https://docs.aws.amazon.com/AlexaTopSites/latest/) |?|
| Bluecoat Site Review | URL Analysis | `none` | Yes | [Link!](https://sitereview.bluecoat.com/sitereview.jsp) |Free|
| bgpmon.net | Bgp monitoring | `?` | Yes | [Link!](https://bgpmon.net/bgpmon-web-services-api/) |?|
| censys.io | Free for Researchers Threat Intel  | `apiKey` | Yes | [Link!](https://censys.io/api) |?|
| Certly | Certly Guard | `apiKey` | Yes | [Link!](https://guard.certly.io/) |?|
| CIRCL CVE Search | CVE Search | `none` | Yes | [Link!](https://cve.circl.lu/api/) |Free|
| Cloidsploit | Vuln Scanner | `apiKey` | Yes | [Link!](https://cloudsploit.com/api) |Free|
| CrowdStrike API | TI | `apiKey` | Yes | [Link!](https://www.crowdstrike.com/blog/tech-center/get-access-crowdstrike-apis/) |NO|
| Cymon.io | Open Threat Intel  | `apiKey` | Yes | [Link!](https://guard.certly.io/) |?|
| Cybergreen | How clean is a network  | `apiKey` | Yes | [Link!](http://stats.cybergreen.net/download/) |?|
| DDosMon | DDos Monitoring  | `apiKey` | Yes | [Link!](https://api.ddosmon.net/docs/) |?|
| Domaintools | Commercial Threat Intel  | `apiKey` | Yes | [Link!](https://www.domaintools.com/products/api-integration/) |Commercial|
| DShield | Internet Storm Center API  | `apiKey` | Yes | [Link!](https://www.dshield.org/api/) |Free|
| emergingthreats.net | Domain / IP intelligence and reputation | `apiKey` | Yes | [Link!](http://apidocs.emergingthreats.net/) |?|
| Farsight DNSDB Passive DNS | Passive DNS and more | `apiKey` | Yes | [Link!](https://api.dnsdb.info/) |?|
| Fireeye iSight | Commercial Threat Intel  | `apiKey` | Yes | [Link!](https://docs.fireeye.com/iSight/index.html#/) |Commercial|
| FIRST.org | Incident Response Teams API | `none` | Yes | [Link!](https://api.first.org/) |?|
| Flashpoint Intel | Threat Intel | `apiKey` | Yes | [Link!](https://www.flashpoint-intel.com/api/) |?|
| Flexera | Vuln Management | `apiKey` | Yes | [Link!](http://helpnet.flexerasoftware.com/svm/api/Default.htm) |?|
| GreyNoise | GreyNoise is a system that collects and analyzes data on Internet-wide scanners. | `apiKey` | Yes | [Link!](https://github.com/GreyNoise-Intelligence/api.greynoise.io) |Commercial|
| HackerOne | Query HackerOne reports | `apiKey` | Yes | [Link!](https://api.hackerone.com/docs/v1) |?|
| have i been pwned | [unofficial endpoints](apidocs/haveIBeenPwned.md) | `apiKey` | Yes | [Link!](https://haveibeenpwned.com/API/v2) |?|
| Hybrid Analysis | Online Sandbox | `none` | Yes | [Link!](https://www.hybrid-analysis.com/docs/api/v2) |Free|
| Malwr.com | Malware analysis | `apiKey` | Yes | [Link!](https://malwr.com/) |?|
| MAlshare | Malware Sharing  | `apiKey` | Yes | [Link!](https://malshare.com/doc.php) |?|
| Mac Vendor Lookup | Threat Intel  | `apiKey` | Yes | [Link!](https://macvendors.com/api) |?|
| MaxMind | GeoIP and More  | `apiKey` | Yes | [Link!](https://dev.maxmind.com/) |?|
| NeutrinoAPI | IP Blocklist API  | `apiKey` | Yes | [Link!](https://www.neutrinoapi.com/api/ip-blocklist/) |?|
| Passive Total | Threat Intel | `apiKey` | Yes | [Link!](https://api.passivetotal.org/api/docs/) |?|
| Pastebin |  | `apiKey` | Yes | [Link!](https://pastebin.com/api) |?|
| Phishtank |  | `?` | Yes | [Link!](http://www.phishtank.com/developer_info.php) |?|
| Pulsedive | Free threat intelligence platform ingesting over 50 OSINT feeds and user submissions. | `apiKey` | Yes | [Link!](https://pulsedive.com/api/) |Both|
| Qualys SSLLabs | Test SSL and more | `apiKey` | Yes | [Link!](https://www.ssllabs.com/projects/ssllabs-apis/) |?|
| Spamhaus | Domain / IP intelligence and reputation | `?` | Yes | [Link!](https://www.spamhaus.org/zen/) |?|
| Shadowserver Sandbox API | Sandbox | `?` | Yes | [Link!](http://www.shadowserver.org/wiki/pmwiki.php/Services/Sandboxapi) |Free|
| Shadowserver Bintest API | This server provides a lookup mechanism to test an executable file against a list of known software applications.| `?` | Yes | [Link!](http://bin-test.shadowserver.org/) |Free|
| Shadowserver IP-BGP API | Mapping IP numbers to BGP prefixes and ASNs | `?` | Yes | [Link!](https://www.shadowserver.org/wiki/pmwiki.php/Services/IP-BGP) |Free|
| Tenable | ? | `?` | Yes | [Link!](https://cloud.tenable.com/api#/overview) |?|
| Team Cymru | Threat Intel | `apiKey` | Yes | [Link!](http://www.team-cymru.org/services.html) |Both|
| VirusTotal | VirusTotal File/URL Analysis | `apiKey` | Yes | [Link!](https://www.virustotal.com/en/documentation/public-api/) |?|
| vulners | vulners Vuln Database | `apiKey` | Yes | [Link!](https://vulners.com/docs) |?|
| whoisxmlapi.com | Whois APIs| `apiKey` | Yes | [Link!](https://whoisapi.whoisxmlapi.com/docs) |Commercial|
| Zoomeye | CVE Search | `apiKey` | Yes | [Link!](https://www.zoomeye.org/api) |?|

## Tools

API | Description | Auth | HTTPS | Link | Free / Commercial|
|---|---|---|---|---|---|
| Carbon Black | Endpoint Security | `apiKey` | Yes | [Link!](https://github.com/carbonblack/cbapi) |Commercial|
| Cuckoo | Cuckoo Sandbox | `apiKey` | Yes | [Link!](https://malwr.com/) |OpenSource|
| CRITS | TI System | `apiKey` | Yes | [Link!](https://github.com/crits/crits/wiki/Authenticated-API) |?|
| CrowdStrike falcon-orchestrator | Orchestrator | `apiKey` | Yes | [Link!](https://github.com/CrowdStrike/falcon-orchestrator/wiki/Installation-&-Deployment) |yes|
| Cymetria Maze Runner | - | `apiKey` | Yes | [Link!](https://community.cymmetria.com/api/sdk.pdf) |?|
| emlrender | EML file rendering tool | `password` | Yes | [Link!](https://github.com/xme/emlrender) |OpenSource|
| FireEye | Endpoint Security | `apiKey` | Yes | [Link!](https://docs.fireeye.com/) |?|
| GRR | Endpoint Incident Response tool | `apiKey` | Yes | [Link!](http://grr-doc.readthedocs.io/en/v3.2.0/investigating-with-grr/automation-with-api.html) |OpenSource|
| Kolide Fleet | osQuery fleet management | `?` | Yes | [Link!](https://github.com/kolide/fleet/blob/master/docs/api/README.md) |OpenSource|
| Lastline | Lastline Enterprise | `ApiKey` | Yes | [Link!](https://user.lastline.com/papi-doc/api/html/index.html) | Commercial |
| logdissect | CLI utility and Python API for analyzing log files and other data. | `?` | Yes | [Link!](https://github.com/dogoncouch/logdissect/blob/master/docs/README-API.md) | OpenSource |
| MISP | Open Source Threat Intelligence Platform | `apiKey` | Yes | [Link!](https://www.circl.lu/doc/misp/automation/) |OpenSource|
| Metadefender | MultiAV | `apiKey` | Yes | [Link!](https://www.opswat.com/products/metadefender/developers/apis) |Commercial|
| Metasploit | Exploiting | `apiKey` | Yes | [Link!](http://rapid7.github.io/metasploit-framework/api/) |Commercial|
| Moloch | Moloch is an open source, large scale, full packet capturing, indexing, and database system. | `?` | Yes | [Link!](https://github.com/aol/moloch/wiki/API) |OpenSource|
| OTRS | Open Ticket Relay System | `apiKey` | Yes | [Link!](https://doc.otrs.com/doc/api/otrs/6.0/Perl/index.html) |?|
| Plaso | Plaso Langar Að Safna Öllu | `apiKey` | Yes | [Link!](https://readthedocs.org/projects/plaso-api/) |OpenSource|
| Recorded Future | Threat Intelligence Platform | `apiKey` | Yes | [Link!](https://api.recordedfuture.com/index.html) |?|
| Request Tracker | Ticketing System | `apiKey` | Yes | [Link!](https://rt-wiki.bestpractical.com/wiki/REST) |?|
| Scot | SCOT - Sandia Cyber Omni Tracker Ticketing System | `apiKey` | Yes | [Link!](http://scot.readthedocs.io/en/latest/devguide.html#scot-rest-api) |Free|
| TheHive | Security Incident Response Platform | `apiKey` | Yes | [Link!](https://blog.thehive-project.org/tag/api/) |Free|
| Viper.li | Viper malware repository API | `apiKey` | Yes | [Link!](https://github.com/viper-framework/viper/blob/master/docs/source/usage/web.rst) |OpenSource|
| VMRay | VMRay Sandbox | `apiKey` | Yes | [Link!](https://www.vmray.com/blog/v-1-9-api-now-restjson/) |?|

## SIEM
API | Description | Auth | HTTPS | Link | Free / Commercial|
|---|---|---|---|---|---|
| ArcSight | HP ArcSight API | `None` | `No` | [Link!](https://h41382.www4.hpe.com/gfs-shared/downloads-273.pdf) | Commercial |
| AlienVault | AlienVault API | `Yes` | `Yes` | [Link!](https://www.alienvault.com/documentation/api/av-apis.htm) | Commercial |
| ELK | ELK Stack API | `None` | `No` | [Link!](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs.html) | OpenSource |
| Gravwell | Gravwell API | `Yes` | `Yes` | [Link!](https://dev.gravwell.io/docs/#!api/api.md) | Community / Commercial |
| Humio | Humio API | `Yes` | `Yes` | [Link!](https://docs.humio.com/api/)| Community / Commercial |
| QRadar | IBM QRadar API | `None` | `No` | [Link!](https://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc_cloud/c_rest_api_getting_started.html) |Commercial|
| Splunk | Splunk API | `None` | `No` | [Link!](http://dev.splunk.com/restapi) |Commercial|

### Various
API | Description | Auth | HTTPS | Link |Free / Commercial|
|---|---|---|---|---|---|
| AlienVault Open Threat Exchange (OTX) | IP/domain/URL reputation | `apiKey` | Yes | [Link!](https://otx.alienvault.com/api/) |?|
| Certly | Certly Link/Domain Flagging | `apiKey` | Yes | [Link!](https://guard.certly.io/) |?|
| Cisco ISE | ISE is an identity and access control policy platform | `apiKey` | Yes | [Link!](https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-command-reference-list.html) |?|
| Cisco PXGrid | Cisco Platform Exchange Grid | `apiKey` | Yes | [Link!](https://developer.cisco.com/site/pxgrid/) |?|
| Cisco Security APIs | Cisco Developer Page | `` | ? | [Link!](https://developer.cisco.com/site/security/) |?|
| Cisco Umbrella | Cisco Umbrella Enforcement API | `apiKey` | Yes | [Link!](https://docs.umbrella.com/developer/enforcement-api/) |?|
| Cyphon | Open Source INcident Management tool | `apiKey` | Yes | [Link!](http://cyphon.readthedocs.io/en/latest/api.html) |?|
| Google Safe Browsing | Google Link/Domain Flagging | `apiKey` | Yes | [Link!](https://developers.google.com/safe-browsing/) |?|
| Metacert | Metacert Link Flagging | `apiKey` | Yes | [Link!](https://metacert.com/) |?|
| National Software Reference Library (NSRL) | - | `apiKey` | Yes | [Link!](https://github.com/bsi-group/nsrls) |?|
| PaloAlto | PaloAlto FW API | `Yes` | `Yes` | [Link!](https://www.paloaltonetworks.com/documentation/71/pan-os/xml-api/get-started-with-the-pan-os-xml-api/explore-the-api) | Commercial |
| RSA Secure ID | Metacert Link Flagging | `apiKey` | Yes | [Link!]( https://community.rsa.com/docs/DOC-75741) |?|
| ServiceNow | ServiceNow API | `apiKey` | `Yes` | [Link!](https://developer.servicenow.com/app.do) | Commercial |
| Web Of Trust (WOT) | Website reputation | `apiKey` | Yes | [Link!](https://www.mywot.com/wiki/API) |?|
Update README.md 2018-09-18 07:35:52 -04:00			`# awesome-security-apis`
Update README.md 2018-09-18 07:39:26 -04:00			`A collective awesome list of public (JSON) APIs for use in security.`

			`The list ist supported by https://alexanderjaeger.de`
Update README.md 2018-09-18 07:38:48 -04:00
Update README.md 2018-03-19 06:27:10 -04:00			`Learn about REST: https://github.com/marmelab/awesome-rest`
Update README.md 2018-01-09 15:05:48 -05:00
Update README.md 2018-09-18 07:37:47 -04:00			`Thanks to all [contributors](https://github.com/deralexxx/security-apis/graphs/contributors), you're awesome and wouldn't be possible without you! The goal is to build a categorized community-driven collection of APIs relevant for security people.`

Update README.md 2018-01-09 15:25:28 -05:00			`# Index`
			`* [Online](#online)`
Update README.md 2018-01-09 15:25:51 -05:00			`* [Tools](#tools)`
Update README.md 2018-01-09 16:05:50 -05:00			`* [SIEM](#siem)`
Update README.md 2018-01-09 15:05:48 -05:00			`* [Various](#various)`

Update README.md 2018-01-09 15:25:28 -05:00
			`## Online`
Update README.md 2018-01-09 15:49:07 -05:00			`API \| Description \| Auth \| HTTPS \| Link \| Free / Commercial\|`
			`\|---\|---\|---\|---\|---\|---\|`
various additions added to the document 2018-01-14 10:55:41 -05:00			\| Apility.IO API \| Threat Intelligence Anti-Abuse API \| `apiKey` \| Yes \| [Link!](https://apidocs.apility.io/) \|Free\|
Update README.md 2018-01-09 15:49:07 -05:00			\| Alexa \| Alexa Top Sites \| `apiKey` \| Yes \| [Link!](https://docs.aws.amazon.com/AlexaTopSites/latest/) \|?\|
Sorted alphabetically A-Z 2018-01-12 09:40:38 -05:00			\| Bluecoat Site Review \| URL Analysis \| `none` \| Yes \| [Link!](https://sitereview.bluecoat.com/sitereview.jsp) \|Free\|
various additions added to the document 2018-01-14 10:55:41 -05:00			\| bgpmon.net \| Bgp monitoring \| `?` \| Yes \| [Link!](https://bgpmon.net/bgpmon-web-services-api/) \|?\|
Sorted alphabetically A-Z 2018-01-12 09:40:38 -05:00			\| censys.io \| Free for Researchers Threat Intel \| `apiKey` \| Yes \| [Link!](https://censys.io/api) \|?\|
Update README.md 2018-01-09 15:49:07 -05:00			\| Certly \| Certly Guard \| `apiKey` \| Yes \| [Link!](https://guard.certly.io/) \|?\|
fix: the CIRCL cve.circl.lu API is free and doesn't require any API key 2018-01-14 11:48:22 -05:00			\| CIRCL CVE Search \| CVE Search \| `none` \| Yes \| [Link!](https://cve.circl.lu/api/) \|Free\|
various additions added to the document 2018-01-14 10:55:41 -05:00			\| Cloidsploit \| Vuln Scanner \| `apiKey` \| Yes \| [Link!](https://cloudsploit.com/api) \|Free\|
format form check 2018-01-14 10:56:30 -05:00			\| CrowdStrike API \| TI \| `apiKey` \| Yes \| [Link!](https://www.crowdstrike.com/blog/tech-center/get-access-crowdstrike-apis/) \|NO\|
Update README.md 2018-01-09 15:49:07 -05:00			\| Cymon.io \| Open Threat Intel \| `apiKey` \| Yes \| [Link!](https://guard.certly.io/) \|?\|
various additions added to the document 2018-01-14 10:55:41 -05:00			\| Cybergreen \| How clean is a network \| `apiKey` \| Yes \| [Link!](http://stats.cybergreen.net/download/) \|?\|
			\| DDosMon \| DDos Monitoring \| `apiKey` \| Yes \| [Link!](https://api.ddosmon.net/docs/) \|?\|
fix: typo in the word "Commercial" 2018-01-14 10:59:41 -05:00			\| Domaintools \| Commercial Threat Intel \| `apiKey` \| Yes \| [Link!](https://www.domaintools.com/products/api-integration/) \|Commercial\|
Sorted alphabetically A-Z 2018-01-12 09:40:38 -05:00			\| DShield \| Internet Storm Center API \| `apiKey` \| Yes \| [Link!](https://www.dshield.org/api/) \|Free\|
			\| emergingthreats.net \| Domain / IP intelligence and reputation \| `apiKey` \| Yes \| [Link!](http://apidocs.emergingthreats.net/) \|?\|
			\| Farsight DNSDB Passive DNS \| Passive DNS and more \| `apiKey` \| Yes \| [Link!](https://api.dnsdb.info/) \|?\|
fix: typo in the word "Commercial" 2018-01-14 10:59:41 -05:00			\| Fireeye iSight \| Commercial Threat Intel \| `apiKey` \| Yes \| [Link!](https://docs.fireeye.com/iSight/index.html#/) \|Commercial\|
Sorted alphabetically A-Z 2018-01-12 09:40:38 -05:00			\| FIRST.org \| Incident Response Teams API \| `none` \| Yes \| [Link!](https://api.first.org/) \|?\|
various additions added to the document 2018-01-14 10:55:41 -05:00			\| Flashpoint Intel \| Threat Intel \| `apiKey` \| Yes \| [Link!](https://www.flashpoint-intel.com/api/) \|?\|
			\| Flexera \| Vuln Management \| `apiKey` \| Yes \| [Link!](http://helpnet.flexerasoftware.com/svm/api/Default.htm) \|?\|
Update README.md 2018-10-22 09:02:26 -04:00			\| GreyNoise \| GreyNoise is a system that collects and analyzes data on Internet-wide scanners. \| `apiKey` \| Yes \| [Link!](https://github.com/GreyNoise-Intelligence/api.greynoise.io) \|Commercial\|
various additions added to the document 2018-01-14 10:55:41 -05:00			\| HackerOne \| Query HackerOne reports \| `apiKey` \| Yes \| [Link!](https://api.hackerone.com/docs/v1) \|?\|
add link to new md to overview table 2018-05-19 06:56:00 -04:00			\| have i been pwned \| [unofficial endpoints](apidocs/haveIBeenPwned.md) \| `apiKey` \| Yes \| [Link!](https://haveibeenpwned.com/API/v2) \|?\|
https://www.hybrid-analysis.com/docs/api/v2 2018-05-19 14:37:47 -04:00			\| Hybrid Analysis \| Online Sandbox \| `none` \| Yes \| [Link!](https://www.hybrid-analysis.com/docs/api/v2) \|Free\|
Sorted alphabetically A-Z 2018-01-12 09:40:38 -05:00			\| Malwr.com \| Malware analysis \| `apiKey` \| Yes \| [Link!](https://malwr.com/) \|?\|
Update README.md 2018-01-09 15:49:07 -05:00			\| MAlshare \| Malware Sharing \| `apiKey` \| Yes \| [Link!](https://malshare.com/doc.php) \|?\|
			\| Mac Vendor Lookup \| Threat Intel \| `apiKey` \| Yes \| [Link!](https://macvendors.com/api) \|?\|
			\| MaxMind \| GeoIP and More \| `apiKey` \| Yes \| [Link!](https://dev.maxmind.com/) \|?\|
various additions added to the document 2018-01-14 10:55:41 -05:00			\| NeutrinoAPI \| IP Blocklist API \| `apiKey` \| Yes \| [Link!](https://www.neutrinoapi.com/api/ip-blocklist/) \|?\|
Update README.md 2018-01-09 15:54:24 -05:00			\| Passive Total \| Threat Intel \| `apiKey` \| Yes \| [Link!](https://api.passivetotal.org/api/docs/) \|?\|
Update README.md 2018-01-13 13:01:49 -05:00			\| Pastebin \| \| `apiKey` \| Yes \| [Link!](https://pastebin.com/api) \|?\|
Phishtank Phishtank 2018-09-18 07:17:41 -04:00			\| Phishtank \| \| `?` \| Yes \| [Link!](http://www.phishtank.com/developer_info.php) \|?\|
Add Pulsedive API Add the Pulsedive API. Pulsedive is a free threat intelligence platform with a ton of data on millions of IOCs from over 50 open source threat intelligence feeds. Search across WHOIS data, SSL cert info, DNS records, HTTP headers, meta tags, web technologies, and much more. 2018-10-23 12:59:14 -04:00			\| Pulsedive \| Free threat intelligence platform ingesting over 50 OSINT feeds and user submissions. \| `apiKey` \| Yes \| [Link!](https://pulsedive.com/api/) \|Both\|
Sorted alphabetically A-Z 2018-01-12 09:40:38 -05:00			\| Qualys SSLLabs \| Test SSL and more \| `apiKey` \| Yes \| [Link!](https://www.ssllabs.com/projects/ssllabs-apis/) \|?\|
Update README.md 2018-01-09 16:11:49 -05:00			\| Spamhaus \| Domain / IP intelligence and reputation \| `?` \| Yes \| [Link!](https://www.spamhaus.org/zen/) \|?\|
Shadowserver APIs https://github.com/deralexxx/security-apis/issues/16 2018-09-18 07:07:07 -04:00			\| Shadowserver Sandbox API \| Sandbox \| `?` \| Yes \| [Link!](http://www.shadowserver.org/wiki/pmwiki.php/Services/Sandboxapi) \|Free\|
			\| Shadowserver Bintest API \| This server provides a lookup mechanism to test an executable file against a list of known software applications.\| `?` \| Yes \| [Link!](http://bin-test.shadowserver.org/) \|Free\|
			\| Shadowserver IP-BGP API \| Mapping IP numbers to BGP prefixes and ASNs \| `?` \| Yes \| [Link!](https://www.shadowserver.org/wiki/pmwiki.php/Services/IP-BGP) \|Free\|
various additions added to the document 2018-01-14 10:55:41 -05:00			\| Tenable \| ? \| `?` \| Yes \| [Link!](https://cloud.tenable.com/api#/overview) \|?\|
Sorted alphabetically A-Z 2018-01-12 09:40:38 -05:00			\| Team Cymru \| Threat Intel \| `apiKey` \| Yes \| [Link!](http://www.team-cymru.org/services.html) \|Both\|
			\| VirusTotal \| VirusTotal File/URL Analysis \| `apiKey` \| Yes \| [Link!](https://www.virustotal.com/en/documentation/public-api/) \|?\|
Update README.md 2018-04-10 10:09:41 -04:00			\| vulners \| vulners Vuln Database \| `apiKey` \| Yes \| [Link!](https://vulners.com/docs) \|?\|
whoisxmlapi whoisxmlapi 2018-05-19 14:36:46 -04:00			\| whoisxmlapi.com \| Whois APIs\| `apiKey` \| Yes \| [Link!](https://whoisapi.whoisxmlapi.com/docs) \|Commercial\|
Update README.md 2018-01-12 09:35:50 -05:00			\| Zoomeye \| CVE Search \| `apiKey` \| Yes \| [Link!](https://www.zoomeye.org/api) \|?\|
Circl CVE Search thx to @adulau 2018-01-11 15:12:25 -05:00
Update README.md 2018-01-09 15:25:28 -05:00			`## Tools`

Update README.md 2018-01-09 15:49:07 -05:00			`API \| Description \| Auth \| HTTPS \| Link \| Free / Commercial\|`
			`\|---\|---\|---\|---\|---\|---\|`
Sorted alphabetically A-Z 2018-01-12 09:40:38 -05:00			\| Carbon Black \| Endpoint Security \| `apiKey` \| Yes \| [Link!](https://github.com/carbonblack/cbapi) \|Commercial\|
Update README.md 2018-01-09 16:05:50 -05:00			\| Cuckoo \| Cuckoo Sandbox \| `apiKey` \| Yes \| [Link!](https://malwr.com/) \|OpenSource\|
Sorted alphabetically A-Z 2018-01-12 09:40:38 -05:00			\| CRITS \| TI System \| `apiKey` \| Yes \| [Link!](https://github.com/crits/crits/wiki/Authenticated-API) \|?\|
some additions Cisco, Crowdstrike 2018-01-13 12:32:08 -05:00			\| CrowdStrike falcon-orchestrator \| Orchestrator \| `apiKey` \| Yes \| [Link!](https://github.com/CrowdStrike/falcon-orchestrator/wiki/Installation-&-Deployment) \|yes\|
Update README.md 2018-01-09 15:49:07 -05:00			\| Cymetria Maze Runner \| - \| `apiKey` \| Yes \| [Link!](https://community.cymmetria.com/api/sdk.pdf) \|?\|
mention emlrender 2018-05-18 13:10:40 -04:00			\| emlrender \| EML file rendering tool \| `password` \| Yes \| [Link!](https://github.com/xme/emlrender) \|OpenSource\|
Update README.md 2018-01-09 15:54:24 -05:00			\| FireEye \| Endpoint Security \| `apiKey` \| Yes \| [Link!](https://docs.fireeye.com/) \|?\|
Sorted alphabetically A-Z 2018-01-12 09:40:38 -05:00			\| GRR \| Endpoint Incident Response tool \| `apiKey` \| Yes \| [Link!](http://grr-doc.readthedocs.io/en/v3.2.0/investigating-with-grr/automation-with-api.html) \|OpenSource\|
adding Kolide Fleet https://github.com/kolide/fleet 2018-02-18 13:47:53 -05:00			\| Kolide Fleet \| osQuery fleet management \| `?` \| Yes \| [Link!](https://github.com/kolide/fleet/blob/master/docs/api/README.md) \|OpenSource\|
logdissect logdissect 2018-09-18 07:16:21 -04:00			\| Lastline \| Lastline Enterprise \| `ApiKey` \| Yes \| [Link!](https://user.lastline.com/papi-doc/api/html/index.html) \| Commercial \|
			\| logdissect \| CLI utility and Python API for analyzing log files and other data. \| `?` \| Yes \| [Link!](https://github.com/dogoncouch/logdissect/blob/master/docs/README-API.md) \| OpenSource \|
Update README.md 2018-01-09 16:05:50 -05:00			\| MISP \| Open Source Threat Intelligence Platform \| `apiKey` \| Yes \| [Link!](https://www.circl.lu/doc/misp/automation/) \|OpenSource\|
Update README.md 2018-01-13 12:34:32 -05:00			\| Metadefender \| MultiAV \| `apiKey` \| Yes \| [Link!](https://www.opswat.com/products/metadefender/developers/apis) \|Commercial\|
various additions added to the document 2018-01-14 10:55:41 -05:00			\| Metasploit \| Exploiting \| `apiKey` \| Yes \| [Link!](http://rapid7.github.io/metasploit-framework/api/) \|Commercial\|
Moloch API 2018-09-18 07:14:28 -04:00			\| Moloch \| Moloch is an open source, large scale, full packet capturing, indexing, and database system. \| `?` \| Yes \| [Link!](https://github.com/aol/moloch/wiki/API) \|OpenSource\|
Update README.md 2018-01-09 15:51:24 -05:00			\| OTRS \| Open Ticket Relay System \| `apiKey` \| Yes \| [Link!](https://doc.otrs.com/doc/api/otrs/6.0/Perl/index.html) \|?\|
Update README.md 2018-01-13 13:01:49 -05:00			\| Plaso \| Plaso Langar Að Safna Öllu \| `apiKey` \| Yes \| [Link!](https://readthedocs.org/projects/plaso-api/) \|OpenSource\|
fix recorded future API link, had pointed to CIRCL MISP 2018-09-26 14:10:29 -04:00			\| Recorded Future \| Threat Intelligence Platform \| `apiKey` \| Yes \| [Link!](https://api.recordedfuture.com/index.html) \|?\|
Update README.md 2018-01-13 12:50:55 -05:00			\| Request Tracker \| Ticketing System \| `apiKey` \| Yes \| [Link!](https://rt-wiki.bestpractical.com/wiki/REST) \|?\|
			\| Scot \| SCOT - Sandia Cyber Omni Tracker Ticketing System \| `apiKey` \| Yes \| [Link!](http://scot.readthedocs.io/en/latest/devguide.html#scot-rest-api) \|Free\|
Update TheHive's desciption 2018-01-15 05:52:15 -05:00			\| TheHive \| Security Incident Response Platform \| `apiKey` \| Yes \| [Link!](https://blog.thehive-project.org/tag/api/) \|Free\|
Update README.md 2018-05-02 09:41:34 -04:00			\| Viper.li \| Viper malware repository API \| `apiKey` \| Yes \| [Link!](https://github.com/viper-framework/viper/blob/master/docs/source/usage/web.rst) \|OpenSource\|
Sorted alphabetically A-Z 2018-01-12 09:40:38 -05:00			\| VMRay \| VMRay Sandbox \| `apiKey` \| Yes \| [Link!](https://www.vmray.com/blog/v-1-9-api-now-restjson/) \|?\|

Update README.md 2018-01-09 16:05:50 -05:00			`## SIEM`
Update README.md 2018-01-09 15:59:08 -05:00			`API \| Description \| Auth \| HTTPS \| Link \| Free / Commercial\|`
			`\|---\|---\|---\|---\|---\|---\|`
Additional SIEM Solutions 2018-08-09 19:48:00 -04:00			\| ArcSight \| HP ArcSight API \| `None` \| `No` \| [Link!](https://h41382.www4.hpe.com/gfs-shared/downloads-273.pdf) \| Commercial \|
			\| AlienVault \| AlienVault API \| `Yes` \| `Yes` \| [Link!](https://www.alienvault.com/documentation/api/av-apis.htm) \| Commercial \|
			\| ELK \| ELK Stack API \| `None` \| `No` \| [Link!](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs.html) \| OpenSource \|
			\| Gravwell \| Gravwell API \| `Yes` \| `Yes` \| [Link!](https://dev.gravwell.io/docs/#!api/api.md) \| Community / Commercial \|
			\| Humio \| Humio API \| `Yes` \| `Yes` \| [Link!](https://docs.humio.com/api/)\| Community / Commercial \|
			\| QRadar \| IBM QRadar API \| `None` \| `No` \| [Link!](https://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc_cloud/c_rest_api_getting_started.html) \|Commercial\|
			\| Splunk \| Splunk API \| `None` \| `No` \| [Link!](http://dev.splunk.com/restapi) \|Commercial\|
Update README.md 2018-01-09 15:59:08 -05:00
Update README.md 2018-01-09 15:05:48 -05:00			`### Various`
Update README.md 2018-01-09 15:49:07 -05:00			`API \| Description \| Auth \| HTTPS \| Link \|Free / Commercial\|`
			`\|---\|---\|---\|---\|---\|---\|`
			\| AlienVault Open Threat Exchange (OTX) \| IP/domain/URL reputation \| `apiKey` \| Yes \| [Link!](https://otx.alienvault.com/api/) \|?\|
			\| Certly \| Certly Link/Domain Flagging \| `apiKey` \| Yes \| [Link!](https://guard.certly.io/) \|?\|
some additions Cisco, Crowdstrike 2018-01-13 12:32:08 -05:00			\| Cisco ISE \| ISE is an identity and access control policy platform \| `apiKey` \| Yes \| [Link!](https://www.cisco.com/c/en/us/support/security/identity-services-engine/products-command-reference-list.html) \|?\|
			\| Cisco PXGrid \| Cisco Platform Exchange Grid \| `apiKey` \| Yes \| [Link!](https://developer.cisco.com/site/pxgrid/) \|?\|
			\| Cisco Security APIs \| Cisco Developer Page \| `` \| ? \| [Link!](https://developer.cisco.com/site/security/) \|?\|
			\| Cisco Umbrella \| Cisco Umbrella Enforcement API \| `apiKey` \| Yes \| [Link!](https://docs.umbrella.com/developer/enforcement-api/) \|?\|
Update README.md 2018-01-13 12:39:12 -05:00			\| Cyphon \| Open Source INcident Management tool \| `apiKey` \| Yes \| [Link!](http://cyphon.readthedocs.io/en/latest/api.html) \|?\|
Update README.md 2018-01-09 15:49:07 -05:00			\| Google Safe Browsing \| Google Link/Domain Flagging \| `apiKey` \| Yes \| [Link!](https://developers.google.com/safe-browsing/) \|?\|
			\| Metacert \| Metacert Link Flagging \| `apiKey` \| Yes \| [Link!](https://metacert.com/) \|?\|
Update README.md 2018-01-13 13:01:49 -05:00			\| National Software Reference Library (NSRL) \| - \| `apiKey` \| Yes \| [Link!](https://github.com/bsi-group/nsrls) \|?\|
couple of random additions 2018-08-09 19:53:06 -04:00			\| PaloAlto \| PaloAlto FW API \| `Yes` \| `Yes` \| [Link!](https://www.paloaltonetworks.com/documentation/71/pan-os/xml-api/get-started-with-the-pan-os-xml-api/explore-the-api) \| Commercial \|
some additions Cisco, Crowdstrike 2018-01-13 12:32:08 -05:00			\| RSA Secure ID \| Metacert Link Flagging \| `apiKey` \| Yes \| [Link!]( https://community.rsa.com/docs/DOC-75741) \|?\|
couple of random additions 2018-08-09 19:53:06 -04:00			\| ServiceNow \| ServiceNow API \| `apiKey` \| `Yes` \| [Link!](https://developer.servicenow.com/app.do) \| Commercial \|
Update README.md 2018-01-09 15:49:07 -05:00			\| Web Of Trust (WOT) \| Website reputation \| `apiKey` \| Yes \| [Link!](https://www.mywot.com/wiki/API) \|?\|