2018-01-09 19:58:44 +00:00
# security-apis
A collective list of public JSON APIs for use in security. https://alexanderjaeger.de
2018-01-09 20:05:48 +00:00
2018-01-09 20:25:28 +00:00
# Index
* [Online ](#online )
2018-01-09 20:25:51 +00:00
* [Tools ](#tools )
2018-01-09 21:00:48 +00:00
** [SIEM ](#siem )
2018-01-09 20:05:48 +00:00
* [Various ](#various )
2018-01-09 20:25:28 +00:00
## Online
2018-01-09 20:49:07 +00:00
API | Description | Auth | HTTPS | Link | Free / Commercial|
|---|---|---|---|---|---|
| VirusTotal | VirusTotal File/URL Analysis | `apiKey` | Yes | [Link! ](https://www.virustotal.com/en/documentation/public-api/ ) |?|
| Malwr.com | Malware analysis | `apiKey` | Yes | [Link! ](https://malwr.com/ ) |?|
| Bluecoat Site Review | URL Analysis | `none` | Yes | [Link! ](https://sitereview.bluecoat.com/sitereview.jsp ) |Free|
| FIRST.org | Incident Response Teams API | `none` | Yes | [Link! ](https://api.first.org/ ) |?|
| Alexa | Alexa Top Sites | `apiKey` | Yes | [Link! ](https://docs.aws.amazon.com/AlexaTopSites/latest/ ) |?|
| Certly | Certly Guard | `apiKey` | Yes | [Link! ](https://guard.certly.io/ ) |?|
| DShield | Internet Storm Center API | `apiKey` | Yes | [Link! ](https://www.dshield.org/api/ ) |Free|
| Cymon.io | Open Threat Intel | `apiKey` | Yes | [Link! ](https://guard.certly.io/ ) |?|
| Fireeye iSight | Comercial Threat Intel | `apiKey` | Yes | [Link! ](https://docs.fireeye.com/iSight/index.html#/ ) |Commercial|
| Domaintools | Comercial Threat Intel | `apiKey` | Yes | [Link! ](https://www.domaintools.com/products/api-integration/ ) |Commercial|
| censys.io | Free for Researchers Threat Intel | `apiKey` | Yes | [Link! ](https://censys.io/api ) |?|
| MAlshare | Malware Sharing | `apiKey` | Yes | [Link! ](https://malshare.com/doc.php ) |?|
| Mac Vendor Lookup | Threat Intel | `apiKey` | Yes | [Link! ](https://macvendors.com/api ) |?|
| MaxMind | GeoIP and More | `apiKey` | Yes | [Link! ](https://dev.maxmind.com/ ) |?|
| Qualys SSLLabs | Test SSL and more | `apiKey` | Yes | [Link! ](https://www.ssllabs.com/projects/ssllabs-apis/ ) |?|
| Farsight DNSDB Passive DNS | Passive DNS and more | `apiKey` | Yes | [Link! ](https://api.dnsdb.info/ ) |?|
2018-01-09 20:54:24 +00:00
| Passive Total | Threat Intel | `apiKey` | Yes | [Link! ](https://api.passivetotal.org/api/docs/ ) |?|
2018-01-09 20:31:12 +00:00
2018-01-09 20:25:28 +00:00
## Tools
2018-01-09 20:49:07 +00:00
API | Description | Auth | HTTPS | Link | Free / Commercial|
|---|---|---|---|---|---|
| Viper.li | Viper malware repository API | `None` | No | [Link! ](http://viper-framework.readthedocs.io/en/latest/usage/web.html ) |?|
| Cuckoo | Cuckoo Sandbox | `apiKey` | Yes | [Link! ](https://malwr.com/ ) |?|
| VMRay | VMRay Sandbox | `apiKey` | Yes | [Link! ](https://www.vmray.com/blog/v-1-9-api-now-restjson/ ) |?|
| Cymetria Maze Runner | - | `apiKey` | Yes | [Link! ](https://community.cymmetria.com/api/sdk.pdf ) |?|
2018-01-09 20:54:24 +00:00
| Carbon Black | Endpoint Security | `apiKey` | Yes | [Link! ](https://github.com/carbonblack/cbapi ) |Commercial|
| FireEye | Endpoint Security | `apiKey` | Yes | [Link! ](https://docs.fireeye.com/ ) |?|
2018-01-09 20:49:07 +00:00
| MISP | Open Source Threat Intelligence Platform | `apiKey` | Yes | [Link! ](https://www.circl.lu/doc/misp/automation/ ) |?|
| Recorded Future | Threat Intelligence Platform | `apiKey` | Yes | [Link! ](https://www.circl.lu/doc/misp/automation/ ) |?|
2018-01-09 20:51:24 +00:00
| OTRS | Open Ticket Relay System | `apiKey` | Yes | [Link! ](https://doc.otrs.com/doc/api/otrs/6.0/Perl/index.html ) |?|
2018-01-09 21:00:48 +00:00
| CRITS | TI System | `apiKey` | Yes | [Link! ](https://github.com/crits/crits/wiki/Authenticated-API ) |?|
| TheHive | TI System | `apiKey` | Yes | [Link! ](https://blog.thehive-project.org/tag/api/ ) |Free|
2018-01-09 20:51:24 +00:00
2018-01-09 20:59:08 +00:00
### SIEM
API | Description | Auth | HTTPS | Link | Free / Commercial|
|---|---|---|---|---|---|
| Splunk | Splunk API | `None` | No | [Link! ](http://dev.splunk.com/restapi ) |Commercial|
| ArcSight | HP ArcSight API | `None` | No | [Link! ](https://h41382.www4.hpe.com/gfs-shared/downloads-273.pdf ) |Commercial|
| QRadar | IBM QRadar API | `None` | No | [Link! ](https://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc_cloud/c_rest_api_getting_started.html ) |Commercial|
| ELK | ELK Stack API | `None` | No | [Link! ](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs.html ) |Free|
2018-01-09 20:51:24 +00:00
2018-01-09 20:25:28 +00:00
2018-01-09 20:05:48 +00:00
### Various
2018-01-09 20:49:07 +00:00
API | Description | Auth | HTTPS | Link |Free / Commercial|
|---|---|---|---|---|---|
| AlienVault Open Threat Exchange (OTX) | IP/domain/URL reputation | `apiKey` | Yes | [Link! ](https://otx.alienvault.com/api/ ) |?|
| Certly | Certly Link/Domain Flagging | `apiKey` | Yes | [Link! ](https://guard.certly.io/ ) |?|
| Google Safe Browsing | Google Link/Domain Flagging | `apiKey` | Yes | [Link! ](https://developers.google.com/safe-browsing/ ) |?|
| Metacert | Metacert Link Flagging | `apiKey` | Yes | [Link! ](https://metacert.com/ ) |?|
| VirusTotal | VirusTotal File/URL Analysis | `apiKey` | Yes | [Link! ](https://www.virustotal.com/en/documentation/public-api/ ) |?|
| Web Of Trust (WOT) | Website reputation | `apiKey` | Yes | [Link! ](https://www.mywot.com/wiki/API ) |?|