KitPloit - PenTest Tools!
API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
May 7^th 2025 at 12:30

API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc

By: Unknown

APIs For OSINT

This is a Collection of APIs that will be useful for automating various tasks in OSINT.

Thank you for following me! https://cybdetective.com

IOT/IP Search engines

Name	Link	Description	Price
Shodan	https://developer.shodan.io	Search engine for Internet connected host and devices	from $59/month
Netlas.io	https://netlas-api.readthedocs.io/en/latest/	Search engine for Internet connected host and devices. Read more at Netlas CookBook	Partly FREE
Fofa.so	https://fofa.so/static_pages/api_help	Search engine for Internet connected host and devices	???
Censys.io	https://censys.io/api	Search engine for Internet connected host and devices	Partly FREE
Hunter.how	https://hunter.how/search-api	Search engine for Internet connected host and devices	Partly FREE
Fullhunt.io	https://api-docs.fullhunt.io/#introduction	Search engine for Internet connected host and devices	Partly FREE
IPQuery.io	https://ipquery.io	API for ip information such as ip risk, geolocation data, and asn details	FREE

Universal OSINT APIs

Name	Link	Description	Price
Social Links	https://sociallinks.io/products/sl-api	Email info lookup, phone info lookup, individual and company profiling, social media tracking, dark web monitoring and more. Code example of using this API for face search in this repo	PAID. Price per request

Phone Number Lookup and Verification

Name	Link	Description	Price
Numverify	https://numverify.com	Global Phone Number Validation & Lookup JSON API. Supports 232 countries.	250 requests FREE
Twillo	https://www.twilio.com/docs/lookup/api	Provides a way to retrieve additional information about a phone number	Free or $0.01 per request (for caller lookup)
Plivo	https://www.plivo.com/lookup/	Determine carrier, number type, format, and country for any phone number worldwide	from $0.04 per request
GetContact	https://github.com/kovinevmv/getcontact	Find info about user by phone number	from $6,89 in months/100 requests
Veriphone	https://veriphone.io/	Phone number validation & carrier lookup	1000 requests/month FREE

Address/ZIP codes lookup

Name	Link	Description	Price
Global Address	https://rapidapi.com/adminMelissa/api/global-address/	Easily verify, check or lookup address	FREE
US Street Address	https://smartystreets.com/docs/cloud/us-street-api	Validate and append data for any US postal address	FREE
Google Maps Geocoding API	https://developers.google.com/maps/documentation/geocoding/overview	convert addresses (like "1600 Amphitheatre Parkway, Mountain View, CA") into geographic coordinates	0.005 USD per request
Postcoder	https://postcoder.com/address-lookup	Find adress by postcode	£130/5000 requests
Zipcodebase	https://zipcodebase.com	Lookup postal codes, calculate distances and much more	5000 requests FREE
Openweathermap geocoding API	https://openweathermap.org/api/geocoding-api	get geographical coordinates (lat, lon) by using name of the location (city name or area name)	60 calls/minute 1,000,000 calls/month
DistanceMatrix	https://distancematrix.ai/product	Calculate, evaluate and plan your routes	$1.25-$2 per 1000 elements
Geotagging API	https://geotagging.ai/	Predict geolocations by texts	Freemium

People and documents verification

Name	Link	Description	Price
Approuve.com	https://appruve.co	Allows you to verify the identities of individuals, businesses, and connect to financial account data across Africa	Paid
Onfido.com	https://onfido.com	Onfido Document Verification lets your users scan a photo ID from any device, before checking it's genuine. Combined with Biometric Verification, it's a seamless way to anchor an account to the real identity of a customer. India	Paid
Superpass.io	https://surepass.io/passport-id-verification-api/	Passport, Photo ID and Driver License Verification in India	Paid

Business/Entity search

Name	Link	Description	Price
Open corporates	https://api.opencorporates.com	Companies information	Paid, price upon request
Linkedin company search API	https://docs.microsoft.com/en-us/linkedin/marketing/integrations/community-management/organizations/company-search?context=linkedin%2Fcompliance%2Fcontext&tabs=http	Find companies using keywords, industry, location, and other criteria	FREE
Mattermark	https://rapidapi.com/raygorodskij/api/Mattermark/	Get companies and investor information	free 14-day trial, from $49 per month

Domain/DNS/IP lookup

Name	Link	Description	Price
API OSINT DS	https://github.com/davidonzo/apiosintDS	Collect info about IPv4/FQDN/URLs and file hashes in md5, sha1 or sha256	FREE
InfoDB API	https://www.ipinfodb.com/api	The API returns the location of an IP address (country, region, city, zipcode, latitude, longitude) and the associated timezone in XML, JSON or plain text format	FREE
Domainsdb.info	https://domainsdb.info	Registered Domain Names Search	FREE
BGPView	https://bgpview.docs.apiary.io/#	allowing consumers to view all sort of analytics data about the current state and structure of the internet	FREE
DNSCheck	https://www.dnscheck.co/api	monitor the status of both individual DNS records and groups of related DNS records	up to 10 DNS records/FREE
Cloudflare Trace	https://github.com/fawazahmed0/cloudflare-trace-api	Get IP Address, Timestamp, User Agent, Country Code, IATA, HTTP Version, TLS/SSL Version & More	FREE
Host.io	https://host.io/	Get info about domain	FREE

Mobile Apps Endpoints

Name	Link	Description	Price
BeVigil OSINT API	https://bevigil.com/osint-api	provides access to millions of asset footprint data points including domain intel, cloud services, API information, and third party assets extracted from millions of mobile apps being continuously uploaded and scanned by users on bevigil.com	50 credits free/1000 credits/$50

Scraping

Name	Link	Description	Price
WebScraping.AI	https://webscraping.ai/	Web Scraping API with built-in proxies and JS rendering	FREE
ZenRows	https://www.zenrows.com/	Web Scraping API that bypasses anti-bot solutions while offering JS rendering, and rotating proxies apiKey Yes Unknown	FREE

Whois

Name	Link	Description	Price
Whois freaks	https://whoisfreaks.com/	well-parsed and structured domain WHOIS data for all domain names, registrars, countries and TLDs since the birth of internet	$19/5000 requests
WhoisXMLApi	https://whois.whoisxmlapi.com	gathers a variety of domain ownership and registration data points from a comprehensive WHOIS database	500 requests in month/FREE
IPtoWhois	https://www.ip2whois.com/developers-api	Get detailed info about a domain	500 requests/month FREE

GEO IP

Name	Link	Description	Price
Ipstack	https://ipstack.com	Detect country, region, city and zip code	FREE
Ipgeolocation.io	https://ipgeolocation.io	provides country, city, state, province, local currency, latitude and longitude, company detail, ISP lookup, language, zip code, country calling code, time zone, current time, sunset and sunrise time, moonset and moonrise	30 000 requests per month/FREE
IPInfoDB	https://ipinfodb.com/api	Free Geolocation tools and APIs for country, region, city and time zone lookup by IP address	FREE
IP API	https://ip-api.com/	Free domain/IP geolocation info	FREE

Wi-fi lookup

Name	Link	Description	Price
Mylnikov API	https://www.mylnikov.org	public API implementation of Wi-Fi Geo-Location database	FREE
Wigle	https://api.wigle.net/	get location and other information by SSID	FREE

Network

Name	Link	Description	Price
PeetingDB	https://www.peeringdb.com/apidocs/	Database of networks, and the go-to location for interconnection data	FREE
PacketTotal	https://packettotal.com/api.html	.pcap files analyze	FREE

Finance

Name	Link	Description	Price
Binlist.net	https://binlist.net/	get information about bank by BIN	FREE
FDIC Bank Data API	https://banks.data.fdic.gov/docs/	institutions, locations and history events	FREE
Amdoren	https://www.amdoren.com/currency-api/	Free currency API with over 150 currencies	FREE
VATComply.com	https://www.vatcomply.com/documentation	Exchange rates, geolocation and VAT number validation	FREE
Alpaca	https://alpaca.markets/docs/api-documentation/api-v2/market-data/alpaca-data-api-v2/	Realtime and historical market data on all US equities and ETFs	FREE
Swiftcodesapi	https://swiftcodesapi.com	Verifying the validity of a bank SWIFT code or IBAN account number	$39 per month/4000 swift lookups
IBANAPI	https://ibanapi.com	Validate IBAN number and get bank account information from it	Freemium/10$ Starter plan

Email

Name	Link	Description	Price
EVA	https://eva.pingutil.com/	Measuring email deliverability & quality	FREE
Mailboxlayer	https://mailboxlayer.com/	Simple REST API measuring email deliverability & quality	100 requests FREE, 5000 requests in month — $14.49
EmailCrawlr	https://emailcrawlr.com/	Get key information about company websites. Find all email addresses associated with a domain. Get social accounts associated with an email. Verify email address deliverability.	200 requests FREE, 5000 requets — $40
Voila Norbert	https://www.voilanorbert.com/api/	Find anyone's email address and ensure your emails reach real people	from $49 in month
Kickbox	https://open.kickbox.com/	Email verification API	FREE
FachaAPI	https://api.facha.dev/	Allows checking if an email domain is a temporary email domain	FREE

Names/Surnames

Name	Link	Description	Price
Genderize.io	https://genderize.io	Instantly answers the question of how likely a certain name is to be male or female and shows the popularity of the name.	1000 names/day free
Agify.io	https://agify.io	Predicts the age of a person given their name	1000 names/day free
Nataonalize.io	https://nationalize.io	Predicts the nationality of a person given their name	1000 names/day free

Pastebin/Leaks

Name	Link	Description	Price
HaveIBeenPwned	https://haveibeenpwned.com/API/v3	allows the list of pwned accounts (email addresses and usernames)	$3.50 per month
Psdmp.ws	https://psbdmp.ws/api	search in Pastebin	$9.95 per 10000 requests
LeakPeek	https://psbdmp.ws/api	searc in leaks databases	$9.99 per 4 weeks unlimited access
BreachDirectory.com	https://breachdirectory.com/api_documentation	search domain in data breaches databases	FREE
LeekLookup	https://leak-lookup.com/api	search domain, email_address, fullname, ip address, phone, password, username in leaks databases	10 requests FREE
BreachDirectory.org	https://rapidapi.com/rohan-patra/api/breachdirectory/pricing	search domain, email_address, fullname, ip address, phone, password, username in leaks databases (possible to view password hashes)	50 requests in month/FREE

Name	Link	Description	Price
Wayback Machine API (Memento API, CDX Server API, Wayback Availability JSON API)	https://archive.org/help/wayback_api.php	Retrieve information about Wayback capture data	FREE
TROVE (Australian Web Archive) API	https://trove.nla.gov.au/about/create-something/using-api	Retrieve information about TROVE capture data	FREE
Archive-it API	https://support.archive-it.org/hc/en-us/articles/115001790023-Access-Archive-It-s-Wayback-index-with-the-CDX-C-API	Retrieve information about archive-it capture data	FREE
UK Web Archive API	https://ukwa-manage.readthedocs.io/en/latest/#api-reference	Retrieve information about UK Web Archive capture data	FREE
Arquivo.pt API	https://github.com/arquivo/pwa-technologies/wiki/Arquivo.pt-API	Allows full-text search and access preserved web content and related metadata. It is also possible to search by URL, accessing all versions of preserved web content. API returns a JSON object.	FREE
Library Of Congress archive API	https://www.loc.gov/apis/	Provides structured data about Library of Congress collections	FREE
BotsArchive	https://botsarchive.com/docs.html	JSON formatted details about Telegram Bots available in database	FREE

Hashes decrypt/encrypt

Name	Link	Description	Price
MD5 Decrypt	https://md5decrypt.net/en/Api/	Search for decrypted hashes in the database	1.99 EURO/day

Crypto

Name	Link	Description	Price
BTC.com	https://btc.com/btc/adapter?type=api-doc	get information about addresses and transanctions	FREE
Blockchair	https://blockchair.com	Explore data stored on 17 blockchains (BTC, ETH, Cardano, Ripple etc)	$0.33 - $1 per 1000 calls
Bitcointabyse	https://www.bitcoinabuse.com/api-docs	Lookup bitcoin addresses that have been linked to criminal activity	FREE
Bitcoinwhoswho	https://www.bitcoinwhoswho.com/api	Scam reports on the Bitcoin Address	FREE
Etherscan	https://etherscan.io/apis	Ethereum explorer API	FREE
apilayer coinlayer	https://coinlayer.com	Real-time Crypto Currency Exchange Rates	FREE
BlockFacts	https://blockfacts.io/	Real-time crypto data from multiple exchanges via a single unified API, and much more	FREE
Brave NewCoin	https://bravenewcoin.com/developers	Real-time and historic crypto data from more than 200+ exchanges	FREE
WorldCoinIndex	https://www.worldcoinindex.com/apiservice	Cryptocurrencies Prices	FREE
WalletLabels	https://www.walletlabels.xyz/docs	Labels for 7,5 million Ethereum wallets	FREE

Malware

Name	Link	Description	Price
VirusTotal	https://developers.virustotal.com/reference	files and urls analyze	Public API is FREE
AbuseLPDB	https://docs.abuseipdb.com/#introduction	IP/domain/URL reputation	FREE
AlienVault Open Threat Exchange (OTX)	https://otx.alienvault.com/api	IP/domain/URL reputation	FREE
Phisherman	https://phisherman.gg	IP/domain/URL reputation	FREE
URLScan.io	https://urlscan.io/about-api/	Scan and Analyse URLs	FREE
Web of Thrust	https://support.mywot.com/hc/en-us/sections/360004477734-API-	IP/domain/URL reputation	FREE
Threat Jammer	https://threatjammer.com/docs/introduction-threat-jammer-user-api	IP/domain/URL reputation	???

Face Search

Name	Link	Description	Price
Search4faces	https://search4faces.com/api.html	Detect and locate human faces within an image, and returns high-precision face bounding boxes. Face⁺⁺ also allows you to store metadata of each detected face for future use.	$21 per 1000 requests

## Face Detection

Name	Link	Description	Price
Face++	https://www.faceplusplus.com/face-detection/	Search for people in social networks by facial image	from 0.03 per call
BetaFace	https://www.betafaceapi.com/wpa/	Can scan uploaded image files or image URLs, find faces and analyze them. API also provides verification (faces comparison) and identification (faces search) services, as well able to maintain multiple user-defined recognition databases (namespaces)	50 image per day FREE/from 0.15 EUR per request

## Reverse Image Search

Name	Link	Description	Price
Google Reverse images search API	https://github.com/SOME-1HING/google-reverse-image-api/	This is a simple API built using Node.js and Express.js that allows you to perform Google Reverse Image Search by providing an image URL.	FREE (UNOFFICIAL)
TinEyeAPI	https://services.tineye.com/TinEyeAPI	Verify images, Moderate user-generated content, Track images and brands, Check copyright compliance, Deploy fraud detection solutions, Identify stock photos, Confirm the uniqueness of an image	Start from $200/5000 searches
Bing Images Search API	https://www.microsoft.com/en-us/bing/apis/bing-image-search-api	With Bing Image Search API v7, help users scour the web for images. Results include thumbnails, full image URLs, publishing website info, image metadata, and more.	1,000 requests free per month FREE
MRISA	https://github.com/vivithemage/mrisa	MRISA (Meta Reverse Image Search API) is a RESTful API which takes an image URL, does a reverse Google image search, and returns a JSON array with the search results	FREE? (no official)
PicImageSearch	https://github.com/kitUIN/PicImageSearch	Aggregator for different Reverse Image Search API	FREE? (no official)

## AI Geolocation

Name	Link	Description	Price
Geospy	https://api.geospy.ai/	Detecting estimation location of uploaded photo	Access by request
Picarta	https://picarta.ai/api	Detecting estimation location of uploaded photo	100 request/day FREE

Social Media and Messengers

Name	Link	Description	Price
Twitch	https://dev.twitch.tv/docs/v5/reference
YouTube Data API	https://developers.google.com/youtube/v3
Reddit	https://www.reddit.com/dev/api/
Vkontakte	https://vk.com/dev/methods
Twitter API	https://developer.twitter.com/en
Linkedin API	https://docs.microsoft.com/en-us/linkedin/
All Facebook and Instagram API	https://developers.facebook.com/docs/
Whatsapp Business API	https://www.whatsapp.com/business/api
Telegram and Telegram Bot API	https://core.telegram.org
Weibo API	https://open.weibo.com/wiki/API文档/en
XING	https://dev.xing.com/partners/job_integration/api_docs
Viber	https://developers.viber.com/docs/api/rest-bot-api/
Discord	https://discord.com/developers/docs
Odnoklassniki	https://ok.ru/apiok
Blogger	https://developers.google.com/blogger/	The Blogger APIs allows client applications to view and update Blogger content	FREE
Disqus	https://disqus.com/api/docs/auth/	Communicate with Disqus data	FREE
Foursquare	https://developer.foursquare.com/	Interact with Foursquare users and places (geolocation-based checkins, photos, tips, events, etc)	FREE
HackerNews	https://github.com/HackerNews/API	Social news for CS and entrepreneurship	FREE
Kakao	https://developers.kakao.com/	Kakao Login, Share on KakaoTalk, Social Plugins and more	FREE
Line	https://developers.line.biz/	Line Login, Share on Line, Social Plugins and more	FREE
TikTok	https://developers.tiktok.com/doc/login-kit-web	Fetches user info and user's video posts on TikTok platform	FREE
Tumblr	https://www.tumblr.com/docs/en/api/v2	Read and write Tumblr Data	FREE

UNOFFICIAL APIs

!WARNING Use with caution! Accounts may be blocked permanently for using unofficial APIs.

Name	Link	Description	Price
TikTok	https://github.com/davidteather/TikTok-Api	The Unofficial TikTok API Wrapper In Python	FREE
Google Trends	https://github.com/suryasev/unofficial-google-trends-api	Unofficial Google Trends API	FREE
YouTube Music	https://github.com/sigma67/ytmusicapi	Unofficial APi for YouTube Music	FREE
Duolingo	https://github.com/KartikTalwar/Duolingo	Duolingo unofficial API (can gather info about users)	FREE
Steam.	https://github.com/smiley/steamapi	An unofficial object-oriented Python library for accessing the Steam Web API.	FREE
Instagram	https://github.com/ping/instagram_private_api	Instagram Private API	FREE
Discord	https://github.com/discordjs/discord.js	JavaScript library for interacting with the Discord API	FREE
Zhihu	https://github.com/syaning/zhihu-api	FREE Unofficial API for Zhihu	FREE
Quora	https://github.com/csu/quora-api	Unofficial API for Quora	FREE
DnsDumbster	https://github.com/PaulSec/API-dnsdumpster.com	(Unofficial) Python API for DnsDumbster	FREE
PornHub	https://github.com/sskender/pornhub-api	Unofficial API for PornHub in Python	FREE
Skype	https://github.com/ShyykoSerhiy/skyweb	Unofficial Skype API for nodejs via 'Skype (HTTP)' protocol.	FREE
Google Search	https://github.com/aviaryan/python-gsearch	Google Search unofficial API for Python with no external dependencies	FREE
Airbnb	https://github.com/nderkach/airbnb-python	Python wrapper around the Airbnb API (unofficial)	FREE
Medium	https://github.com/enginebai/PyMedium	Unofficial Medium Python Flask API and SDK	FREE
Facebook	https://github.com/davidyen1124/Facebot	Powerful unofficial Facebook API	FREE
Linkedin	https://github.com/tomquirk/linkedin-api	Unofficial Linkedin API for Python	FREE
Y2mate	https://github.com/Simatwa/y2mate-api	Unofficial Y2mate API for Python	FREE
Livescore	https://github.com/Simatwa/livescore-api	Unofficial Livescore API for Python	FREE

Search Engines

Name	Link	Description	Price
Google Custom Search JSON API	https://developers.google.com/custom-search/v1/overview	Search in Google	100 requests FREE
Serpstack	https://serpstack.com/	Google search results to JSON	FREE
Serpapi	https://serpapi.com	Google, Baidu, Yandex, Yahoo, DuckDuckGo, Bint and many others search results	$50/5000 searches/month
Bing Web Search API	https://www.microsoft.com/en-us/bing/apis/bing-web-search-api	Search in Bing (+instant answers and location)	1000 transactions per month FREE
WolframAlpha API	https://products.wolframalpha.com/api/pricing/	Short answers, conversations, calculators and many more	from $25 per 1000 queries
DuckDuckgo Instant Answers API	https://duckduckgo.com/api	An API for some of our Instant Answers, not for full search results.	FREE

News analyze

Name	Link	Description	Price
MediaStack	https://mediastack.com/	News articles search results in JSON	500 requests/month FREE

Darknet

Name	Link	Description	Price
Darksearch.io	https://darksearch.io/apidoc	search by websites in .onion zone	FREE
Onion Lookup	https://onion.ail-project.org/	onion-lookup is a service for checking the existence of Tor hidden services and retrieving their associated metadata. onion-lookup relies on an private AIL instance to obtain the metadata	FREE

Torrents/file sharing

Name	Link	Description	Price
Jackett	https://github.com/Jackett/Jackett	API for automate searching in different torrent trackers	FREE
Torrents API PY	https://github.com/Jackett/Jackett	Unofficial API for 1337x, Piratebay, Nyaasi, Torlock, Torrent Galaxy, Zooqle, Kickass, Bitsearch, MagnetDL,Libgen, YTS, Limetorrent, TorrentFunk, Glodls, Torre	FREE
Torrent Search API	https://github.com/Jackett/Jackett	API for Torrent Search Engine with Extratorrents, Piratebay, and ISOhunt	500 queries/day FREE
Torrent search api	https://github.com/JimmyLaurent/torrent-search-api	Yet another node torrent scraper (supports iptorrents, torrentleech, torrent9, torrentz2, 1337x, thepiratebay, Yggtorrent, TorrentProject, Eztv, Yts, LimeTorrents)	FREE
Torrentinim	https://github.com/sergiotapia/torrentinim	Very low memory-footprint, self hosted API-only torrent search engine. Sonarr + Radarr Compatible, native support for Linux, Mac and Windows.	FREE

Vulnerabilities

Name	Link	Description	Price
National Vulnerability Database CVE Search API	https://nvd.nist.gov/developers/vulnerabilities	Get basic information about CVE and CVE history	FREE
OpenCVE API	https://docs.opencve.io/api/cve/	Get basic information about CVE	FREE
CVEDetails API	https://www.cvedetails.com/documentation/apis	Get basic information about CVE	partly FREE (?)
CVESearch API	https://docs.cvesearch.com/	Get basic information about CVE	by request
KEVin API	https://kevin.gtfkd.com/	API for accessing CISA's Known Exploited Vulnerabilities Catalog (KEV) and CVE Data	FREE
Vulners.com API	https://vulners.com	Get basic information about CVE	FREE for personal use

Flights

Name	Link	Description	Price
Aviation Stack	https://aviationstack.com	get information about flights, aircrafts and airlines	FREE
OpenSky Network	https://opensky-network.org/apidoc/index.html	Free real-time ADS-B aviation data	FREE
AviationAPI	https://docs.aviationapi.com/	FAA Aeronautical Charts and Publications, Airport Information, and Airport Weather	FREE
FachaAPI	https://api.facha.dev	Aircraft details and live positioning API	FREE

Webcams

Name	Link	Description	Price
Windy Webcams API	https://api.windy.com/webcams/docs	Get a list of available webcams for a country, city or geographical coordinates	FREE with limits or 9990 euro without limits

## Regex

Name	Link	Description	Price
Autoregex	https://autoregex.notion.site/AutoRegex-API-Documentation-97256bad2c114a6db0c5822860214d3a	Convert English phrase to regular expression	from $3.49/month

API testing tools

Name	Link
API Guessr (detect API by auth key or by token)	https://api-guesser.netlify.app/
REQBIN Online REST & SOAP API Testing Tool	https://reqbin.com
ExtendClass Online REST Client	https://extendsclass.com/rest-client-online.html
Codebeatify.org Online API Test	https://codebeautify.org/api-test
SyncWith Google Sheet add-on. Link more than 1000 APIs with Spreadsheet	https://workspace.google.com/u/0/marketplace/app/syncwith_crypto_binance_coingecko_airbox/449644239211?hl=ru&pann=sheets_addon_widget
Talend API Tester Google Chrome Extension	https://workspace.google.com/u/0/marketplace/app/syncwith_crypto_binance_coingecko_airbox/449644239211?hl=ru&pann=sheets_addon_widget
Michael Bazzel APIs search tools	https://inteltechniques.com/tools/API.html

Curl converters (tools that help to write code using API queries)

Name	Link
Convert curl commands to Python, JavaScript, PHP, R, Go, C#, Ruby, Rust, Elixir, Java, MATLAB, Dart, CFML, Ansible URI or JSON	https://curlconverter.com
Curl-to-PHP. Instantly convert curl commands to PHP code	https://incarnate.github.io/curl-to-php/
Curl to PHP online (Codebeatify)	https://codebeautify.org/curl-to-php-online
Curl to JavaScript fetch	https://kigiri.github.io/fetch/
Curl to JavaScript fetch (Scrapingbee)	https://www.scrapingbee.com/curl-converter/javascript-fetch/
Curl to C# converter	https://curl.olsh.me

Create your own API

Name	Link
Sheety. Create API frome GOOGLE SHEET	https://sheety.co/
Postman. Platform for creating your own API	https://www.postman.com
Reetoo. Rest API Generator	https://retool.com/api-generator/
Beeceptor. Rest API mocking and intercepting in seconds (no coding).	https://beeceptor.com

Distribute your own API

Name	Link
RapidAPI. Market your API for millions of developers	https://rapidapi.com/solution/api-provider/
Apilayer. API Marketplace	https://apilayer.com

API Keys Info

Name	Link	Description
Keyhacks	https://github.com/streaak/keyhacks	Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
All about APIKey	https://github.com/daffainfo/all-about-apikey	Detailed information about API key / OAuth token for different services (Description, Request, Response, Regex, Example)
API Guessr	https://api-guesser.netlify.app/	Enter API Key and and find out which service they belong to

API directories

If you don't find what you need, try searching these directories.

Name	Link	Description
APIDOG ApiHub	https://apidog.com/apihub/
Rapid APIs collection	https://rapidapi.com/collections
API Ninjas	https://api-ninjas.com/api
APIs Guru	https://apis.guru/
APIs List	https://apislist.com/
API Context Directory	https://apicontext.com/api-directory/
Any API	https://any-api.com/
Public APIs Github repo	https://github.com/public-apis/public-apis

How to learn how to work with REST API?

If you don't know how to work with the REST API, I recommend you check out the Netlas API guide I wrote for Netlas.io.

Netlas Cookbook

There it is very brief and accessible to write how to automate requests in different programming languages (focus on Python and Bash) and process the resulting JSON data.

Thank you for following me! https://cybdetective.com

Download API-s-for-OSINT

KitPloit - PenTest Tools!
PIP-INTEL - OSINT and Cyber Intelligence Tool
June 7^th 2024 at 12:30

PIP-INTEL - OSINT and Cyber Intelligence Tool

By: Unknown

Pip-Intel is a powerful tool designed for OSINT (Open Source Intelligence) and cyber intelligence gathering activities. It consolidates various open-source tools into a single user-friendly interface simplifying the data collection and analysis processes for researchers and cybersecurity professionals.

Pip-Intel utilizes Python-written pip packages to gather information from various data points. This tool is equipped with the capability to collect detailed information through email addresses, phone numbers, IP addresses, and social media accounts. It offers a wide range of functionalities including email-based OSINT operations, phone number-based inquiries, geolocating IP addresses, social media and user analyses, and even dark web searches.

Download Pip-Intel

The Hacker News
Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies
January 6^th 2024 at 08:19

Sea Turtle Cyber Espionage Campaign Targets Dutch IT and Telecom Companies

By: Newsroom

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the Netherlands have been targeted as part of a new cyber espionage campaign undertaken by a Türkiye-nexus threat actor known as Sea Turtle. "The infrastructure of the targets was susceptible to supply chain and island-hopping attacks, which the attack group

KitPloit - PenTest Tools!
Chaos - Origin IP Scanning Utility Developed With ChatGPT
August 10^th 2023 at 12:30

Chaos - Origin IP Scanning Utility Developed With ChatGPT

By: Zion3R

chaos is an 'origin' IP scanner developed by RST in collaboration with ChatGPT. It is a niche utility with an intended audience of mostly penetration testers and bug hunters.

An origin-IP is a term-of-art expression describing the final public IP destination for websites that are publicly served via 3rd parties. If you'd like to understand more about why anyone might be interested in Origin-IPs, please check out our blog post.

chaos was rapidly prototyped from idea to functional proof-of-concept in less than 24 hours using our principles of DevOps with ChatGPT.

usage: chaos.py [-h] -f FQDN -i IP [-a AGENT] [-C] [-D] [-j JITTER] [-o OUTPUT] [-p PORTS] [-P] [-r] [-s SLEEP] [-t TIMEOUT] [-T] [-v] [-x] 
         _..._
     .-'`     `'-.
   __|___________|__ 
   \               /
    `._  CHAOS _.'
       `-------`
         /   \\
        /     \\
       /       \\
      /         \\
     /           \\
    /             \\
   /               \\
  /                 \\
 /                   \\
/_____________________\\
CHAtgpt Origin-ip Scanner
 _______ _______ _______ _______ _______
|\\     /|\\     /|\\     /|\\     /|\\/|
| +---+ | +---+ | +---+ | +---+ | +---+ |
| |H  | | |U  | | |M  | | |A  | | |N  | |
| |U  | | |S  | | |A  | | |N  | | |C  | |
| |M  | | |E  | | |N  | | |D  | | |O  | |
| |A  | | |R  | | |C  | | |   | | |L  | |
| +---+ | +---+ | +---+ | +---+ | +---+ |
|/_____|\\_____|\\_____|\\_____|\\_____\\

 Origin    IP Scanner developed with ChatGPT
 cha*os (n): complete disorder and confusion
 (ver: 0.9.4)

Features

Threaded for performance gains
Real-time status updates and progress bars, nice for large scans ;)
Flexible user options for various scenarios & constraints
Dataset reduction for improved scan times
Easy to use CSV output

Installation

Download / clone / unzip / whatever
cd path/to/chaos
pip3 install -U pip setuptools virtualenv
virtualenv env
source env/bin/activate
(env) pip3 install -U -r ./requirements.txt
(env) ./chaos.py -h

Options

-h, --help            show this help message and exit
-f FQDN, --fqdn FQDN  Path to FQDN file (one FQDN per line)
-i IP, --ip IP        IP address(es) for HTTP requests (Comma-separated IPs, IP networks, and/or files with IP/network per line)
-a AGENT, --agent AGENT
                      User-Agent header value for requests
-C, --csv             Append CSV output to OUTPUT_FILE.csv
-D, --dns             Perform fwd/rev DNS lookups on FQDN/IP values prior to request; no impact to testing queue
-j JITTER, --jitter JITTER
                      Add a 0-N second randomized delay to the sleep value
-o OUTPUT, --output OUTPUT
                      Append console output to FILE
-p PORTS, --ports PORTS
                      Comma-separated list of TCP ports to use (default: "80,443")
-P, --no-prep         Do not pre-scan each IP/port w   ith `GET /` using `Host: {IP:Port}` header to eliminate unresponsive hosts
-r, --randomize       Randomize(ish) the order IPs/ports are tested
-s SLEEP, --sleep SLEEP
                      Add N seconds before thread completes
-t TIMEOUT, --timeout TIMEOUT
                      Wait N seconds for an unresponsive host
-T, --test            Test-mode; don't send requests
-v, --verbose         Enable verbose output
-x, --singlethread    Single threaded execution; for 1-2 core systems; default threads=(cores-1) if cores>2

Examples

Localhost Testing

Launch python HTTP server

% python3 -u -m http.server 8001
Serving HTTP on :: port 8001 (http://[::]:8001/) ...

Launch ncat as HTTP on a port detected as SSL; use a loop because --keep-open can hang

% while true; do ncat -lvp 8443 -c 'printf "HTTP/1.0 204 Plaintext OK\n\n<html></html>\n"'; done
Ncat: Version 7.94 ( https://nmap.org/ncat )
Ncat: Listening on [::]:8443
Ncat: Listening on 0.0.0.0:8443

Also launch ncat as SSL on a port that will default to HTTP detection

% while true; do ncat --ssl -lvp 8444 -c 'printf "HTTP/1.0 202 OK\n\n<html></html>\n"'; done    
Ncat: Version 7.94 ( https://nmap.org/ncat )
Ncat: Generating a temporary 2048-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one.
Ncat: SHA-1 fingerprint: 0208 1991 FA0D 65F0 608A 9DAB A793 78CB A6EC 27B8
Ncat: Listening on [::]:8444
Ncat: Listening on 0.0.0.0:8444

Prepare an FQDN file:

% cat ../test_localhost_fqdn.txt 
www.example.com
localhost.example.com
localhost.local
localhost
notreally.arealdomain

Prepare an IP file / list:

% cat ../test_localhost_ips.txt 
127.0.0.1
127.0.0.0/29
not_an_ip_addr
-6.a
=4.2
::1

Run the scan

Note an IPv6 network added to IPs on the CLI
-p to specify the ports we are listening on
-x for single threaded run to give our ncat servers time to restart
-s0.2 short sleep for our ncat servers to restart
-t1 to timeout after 1 second

% ./chaos.py -f ../test_localhost_fqdn.txt -i ../test_localhost_ips.txt,::1/126 -p 8001,8443,8444 -x -s0.2 -t1   
2023-06-21 12:48:33 [WARN] Ignoring invalid FQDN value: localhost.local
2023-06-21 12:48:33 [WARN] Ignoring invalid FQDN value: localhost
2023-06-21 12:48:33 [WARN] Ignoring invalid FQDN value: notreally.arealdomain
2023-06-21 12:48:33 [WARN] Error: invalid IP address or CIDR block =4.2
2023-06-21 12:48:33 [WARN] Error: invalid IP address or CIDR block -6.a
2023-06-21 12:48:33 [WARN] Error: invalid IP address or CIDR block not_an_ip_addr
2023-06-21 12:48:33 [INFO] * ---- <META> ---- *
2023-06-21 12:48:33 [INFO] * Version: 0.9.4
2023-06-21 12:48:33 [INFO] * FQDN file: ../test_localhost_fqdn.txt
2023-06-21 12:48:33 [INFO] * FQDNs loaded: ['www.example.com', 'localhost.example.com']
2023-06-21 12:48:33 [INFO] * IP input value(s): ../test_localhost_ips.txt,::1/126
2023-06-21 12:48:33 [INFO] * Addresses pars   ed from IP inputs: 12
2023-06-21 12:48:33 [INFO] * Port(s): 8001,8443,8444
2023-06-21 12:48:33 [INFO] * Thread(s): 1
2023-06-21 12:48:33 [INFO] * Sleep value: 0.2
2023-06-21 12:48:33 [INFO] * Timeout: 1.0
2023-06-21 12:48:33 [INFO] * User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36 ch4*0s/0.9.4
2023-06-21 12:48:33 [INFO] * ---- </META> ---- *
2023-06-21 12:48:33 [INFO] 36 unique address/port addresses for testing
Prep Tests: 100%|█████████████████████████████████████████████████████████████████&#   9608;██████████████████████████████████████████████████████████████████████████████| 36/36 [00:29<00:00,  1.20it/s]
2023-06-21 12:49:03 [INFO] 9 IP/ports verified, reducing test dataset from 72 entries
2023-06-21 12:49:03 [INFO] 18 pending tests remain after pre-testing
2023-06-21 12:49:03 [INFO] Queuing 18 threads
  ++RCVD++ (200 OK) www.example.com @ :::8001                                                                                                                                                       
  ++RCVD++ (204 Plaintext OK) www.example.com @ :::8443                                                                                                                                          
  ++RCVD++ (202 OK) www.example.com @ :::8444                                                                                                                                                    
  ++RCVD++ (200 OK) www.example.com @ ::1:8001                                                                                                                                                   
  ++RCVD++ (204 Plaintext OK) www.example.com @ ::1:8443                                                                                                                                         
  ++RCVD++ (202 OK) www.example.com @ ::1:8444                                                                                                                                                   
     ++RCVD++ (200 OK) www.example.com @ 127.0.0.1:8001                                                                                                                                             
  ++RCVD++ (204 Plaintext OK) www.example.com @ 127.0.0.1:8443                                                                                                                                   
  ++RCVD++ (202 OK) www.example.com @ 127.0.0.1:8444                                                                                                                                             
  ++RCVD++ (200 OK) localhost.example.com @ :::8001                                                                                                                                              
  ++RCVD++ (204 Plaintext OK) localhost.example.com @ :::8443                                                                                                                                    
  ++RCVD+   + (202 OK) localhost.example.com @ :::8444                                                                                                                                              
  ++RCVD++ (200 OK) localhost.example.com @ ::1:8001                                                                                                                                             
  ++RCVD++ (204 Plaintext OK) localhost.example.com @ ::1:8443                                                                                                                                   
  ++RCVD++ (202 OK) localhost.example.com @ ::1:8444                                                                                                                                             
  ++RCVD++ (200 OK) localhost.example.com @ 127.0.0.1:8001                                                                                                                                       
  ++RCVD++ (204    Plaintext OK) localhost.example.com @ 127.0.0.1:8443                                                                                                                             
  ++RCVD++ (202 OK) localhost.example.com @ 127.0.0.1:8444                                                                                                                                       
Origin Scan: 100%|█████████████████████████████████████████████████████████████████████████████████████&#96   08;█████████████████████████████████████████████████████████| 18/18 [00:06<00:00,  2.76it/s]
2023-06-21 12:49:09 [RSLT] Results from 5 FQDNs:
  ::1
    ::1:8444 => (202 / OK)
    ::1:8443 => (204 / Plaintext OK)
    ::1:8001 => (200 / OK)

  127.0.0.1
    127.0.0.1:8001 => (200 / OK)
    127.0.0.1:8443 => (204 / Plaintext OK)
    127.0.0.1:8444 => (202 / OK)

  ::
    :::8001 => (200 / OK)
    :::8443 => (204 / Plaintext OK)
    :::8444 => (202 / OK)

  www.example.com
    :::8001 => (200 / OK)
    :::8443 => (204 / Plaintext OK)
       :::8444 => (202 / OK)
    ::1:8001 => (200 / OK)
    ::1:8443 => (204 / Plaintext OK)
    ::1:8444 => (202 / OK)
    127.0.0.1:8001 => (200 / OK)
    127.0.0.1:8443 => (204 / Plaintext OK)
    127.0.0.1:8444 => (202 / OK)

  localhost.example.com
    :::8001 => (200 / OK)
    :::8443 => (204 / Plaintext OK)
    :::8444 => (202 / OK)
    ::1:8001 => (200 / OK)
    ::1:8443 => (204 / Plaintext OK)
    ::1:8444 => (202 / OK)
    127.0.0.1:8001 => (200 / OK)
    127.0.0.1:8443 => (204 / Plaintext OK)
    127.0.0.1:8444 => (202 / OK)


rst@r57 chaos %

Test & Verbose localhost

-T runs in test mode (do everything except send requests)

-v verbose option provides additional output

Known Defects

HTTP/HTTPS detection is not ideal
Need option to adjust CSV newline delimiter
Need options to adjust where long strings / many lines are truncated
Try to figure out why we marked requests v2.x as required ;)
Options for very-verbose / quiet
Stagger thread launch when we're using sleep / jitter
Search for meta-refresh in 200 responses
Content-Location header for 201s ?
Improve thread name generation so we have the right number of unique names
Sanity check on IPv6 netmasks to prevent scans that outlive the sun?
TBD?

Disclaimers

This software is distributed on an "AS IS" basis, without express or implied warranties of any kind
This software is intended for research and/or authorized testing; it is your responsibility to ensure you are authorized to use this software in any way
By using this software you acknowledge that you are responsible for your actions and assume all liability for any direct, indirect, or other damages

Download Chaos

FreshRSS