# security-apis A collective list of public JSON APIs for use in security. https://alexanderjaeger.de # Index * [Online](#online) * [Tools](#tools) * [SIEM](#siem) * [Various](#various) ## Online API | Description | Auth | HTTPS | Link | Free / Commercial| |---|---|---|---|---|---| | VirusTotal | VirusTotal File/URL Analysis | `apiKey` | Yes | [Link!](https://www.virustotal.com/en/documentation/public-api/) |?| | Malwr.com | Malware analysis | `apiKey` | Yes | [Link!](https://malwr.com/) |?| | Bluecoat Site Review | URL Analysis | `none` | Yes | [Link!](https://sitereview.bluecoat.com/sitereview.jsp) |Free| | FIRST.org | Incident Response Teams API | `none` | Yes | [Link!](https://api.first.org/) |?| | Alexa | Alexa Top Sites | `apiKey` | Yes | [Link!](https://docs.aws.amazon.com/AlexaTopSites/latest/) |?| | Certly | Certly Guard | `apiKey` | Yes | [Link!](https://guard.certly.io/) |?| | DShield | Internet Storm Center API | `apiKey` | Yes | [Link!](https://www.dshield.org/api/) |Free| | Cymon.io | Open Threat Intel | `apiKey` | Yes | [Link!](https://guard.certly.io/) |?| | Fireeye iSight | Comercial Threat Intel | `apiKey` | Yes | [Link!](https://docs.fireeye.com/iSight/index.html#/) |Commercial| | Domaintools | Comercial Threat Intel | `apiKey` | Yes | [Link!](https://www.domaintools.com/products/api-integration/) |Commercial| | censys.io | Free for Researchers Threat Intel | `apiKey` | Yes | [Link!](https://censys.io/api) |?| | MAlshare | Malware Sharing | `apiKey` | Yes | [Link!](https://malshare.com/doc.php) |?| | Mac Vendor Lookup | Threat Intel | `apiKey` | Yes | [Link!](https://macvendors.com/api) |?| | MaxMind | GeoIP and More | `apiKey` | Yes | [Link!](https://dev.maxmind.com/) |?| | Qualys SSLLabs | Test SSL and more | `apiKey` | Yes | [Link!](https://www.ssllabs.com/projects/ssllabs-apis/) |?| | Farsight DNSDB Passive DNS | Passive DNS and more | `apiKey` | Yes | [Link!](https://api.dnsdb.info/) |?| | Passive Total | Threat Intel | `apiKey` | Yes | [Link!](https://api.passivetotal.org/api/docs/) |?| | Team Cymru | Threat Intel | `apiKey` | Yes | [Link!](http://www.team-cymru.org/services.html) |Both| | emergingthreats.net | Domain / IP intelligence and reputation | `apiKey` | Yes | [Link!](http://apidocs.emergingthreats.net/) |?| | Spamhaus | Domain / IP intelligence and reputation | `?` | Yes | [Link!](https://www.spamhaus.org/zen/) |?| | CIRCL CVE Search | CVE Search | `apiKey` | Yes | [Link!](https://cve.circl.lu/api/) |Free| | Zoomeye | CVE Search | `apiKey` | Yes | [Link!](https://www.zoomeye.org/api) |?| ## Tools API | Description | Auth | HTTPS | Link | Free / Commercial| |---|---|---|---|---|---| | Viper.li | Viper malware repository API | `None` | No | [Link!](http://viper-framework.readthedocs.io/en/latest/usage/web.html) |OpenSource| | Cuckoo | Cuckoo Sandbox | `apiKey` | Yes | [Link!](https://malwr.com/) |OpenSource| | VMRay | VMRay Sandbox | `apiKey` | Yes | [Link!](https://www.vmray.com/blog/v-1-9-api-now-restjson/) |?| | Cymetria Maze Runner | - | `apiKey` | Yes | [Link!](https://community.cymmetria.com/api/sdk.pdf) |?| | Carbon Black | Endpoint Security | `apiKey` | Yes | [Link!](https://github.com/carbonblack/cbapi) |Commercial| | FireEye | Endpoint Security | `apiKey` | Yes | [Link!](https://docs.fireeye.com/) |?| | MISP | Open Source Threat Intelligence Platform | `apiKey` | Yes | [Link!](https://www.circl.lu/doc/misp/automation/) |OpenSource| | Recorded Future | Threat Intelligence Platform | `apiKey` | Yes | [Link!](https://www.circl.lu/doc/misp/automation/) |?| | OTRS | Open Ticket Relay System | `apiKey` | Yes | [Link!](https://doc.otrs.com/doc/api/otrs/6.0/Perl/index.html) |?| | CRITS | TI System | `apiKey` | Yes | [Link!](https://github.com/crits/crits/wiki/Authenticated-API) |?| | TheHive | TI System | `apiKey` | Yes | [Link!](https://blog.thehive-project.org/tag/api/) |Free| | GRR | Endpoint Incident Response tool | `apiKey` | Yes | [Link!](http://grr-doc.readthedocs.io/en/v3.2.0/investigating-with-grr/automation-with-api.html) |OpenSource| ## SIEM API | Description | Auth | HTTPS | Link | Free / Commercial| |---|---|---|---|---|---| | Splunk | Splunk API | `None` | No | [Link!](http://dev.splunk.com/restapi) |Commercial| | ArcSight | HP ArcSight API | `None` | No | [Link!](https://h41382.www4.hpe.com/gfs-shared/downloads-273.pdf) |Commercial| | QRadar | IBM QRadar API | `None` | No | [Link!](https://www.ibm.com/support/knowledgecenter/SSKMKU/com.ibm.qradar.doc_cloud/c_rest_api_getting_started.html) |Commercial| | ELK | ELK Stack API | `None` | No | [Link!](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs.html) |OpenSource| ### Various API | Description | Auth | HTTPS | Link |Free / Commercial| |---|---|---|---|---|---| | AlienVault Open Threat Exchange (OTX) | IP/domain/URL reputation | `apiKey` | Yes | [Link!](https://otx.alienvault.com/api/) |?| | Certly | Certly Link/Domain Flagging | `apiKey` | Yes | [Link!](https://guard.certly.io/) |?| | Google Safe Browsing | Google Link/Domain Flagging | `apiKey` | Yes | [Link!](https://developers.google.com/safe-browsing/) |?| | Metacert | Metacert Link Flagging | `apiKey` | Yes | [Link!](https://metacert.com/) |?| | VirusTotal | VirusTotal File/URL Analysis | `apiKey` | Yes | [Link!](https://www.virustotal.com/en/documentation/public-api/) |Both| | Web Of Trust (WOT) | Website reputation | `apiKey` | Yes | [Link!](https://www.mywot.com/wiki/API) |?|