API Documentation
Creds - focuses on 3rd party breaches that contain credentials
Darkweb - focuses on company data being leaked or sold on the darkweb
Sessions - focuses on credentials sniffed from malware infected computers
Stealer - focuses on credentials sniffed from malware infected computers
Endpoint :
Domain Name | Path | ||
---|---|---|---|
api.breachsense.io | /creds |
Supported Parameters :
Parameter | Description | |
---|---|---|
action | manage monitored domains must be set to add, del or list |
|
attr | display a short description of the breach | |
date | only display results newer that this value. Value set in YYYYMMDD or unixtime formats | |
dom | add/delete the domain you wish to monitor must be used in conjunction with the action parameter |
|
hash | return a 0 if the password is in hashed format and a 1 if the password has been decrypted | |
import | display the date the breach was imported into the database | |
json | display results in JSON format (default is CSV) | |
lic | license key can be sent via a GET parameter or request header |
|
list | list the breaches and dates they were imported | |
notify | add/delete the email address you wish to receive alerts on must be used in conjunction with the action parameter |
|
p | results are limited to 500 credentials per request when an HTTP 206 response status is returned, pagination is required to view the remaining results. p is a numeric page value |
|
r | return the number of remaining monthly queries allowed | |
search | accepts a domain name or email address | |
update | return the Unix timestamp the creds database was last updated | |
uniq | return a list of all unique email addresses and plaintext passwords | |
unixtime | display the import date in unixtime (aliases: unix,epoch |
Output :
JSON Key | Value | ||
---|---|---|---|
eml | The email address used to authenticate | ||
pwd | The password used to authenticate | ||
src | The name of the breached website or collection | ||
atr | The attribution data associated with the breach | ||
imp | The date (in YYYYMMDD format) the breach was found |
Endpoint :
Domain Name | Path | ||
---|---|---|---|
api.breachsense.io | /darkweb |
Supported Parameters :
Parameter | Description | |
---|---|---|
date | only display results newer that this value. Value set in YYYYMMDD or unixtime formats | |
lic | license key can be sent via a GET parameter or request header |
|
notify | add/delete the email address you wish to receive alerts on must be used in conjunction with the action parameter |
|
r | return the number of remaining monthly queries allowed | |
search | search term - accepts a domain name | |
update | return the Unix timestamp the darkweb database was last updated | |
unixtime | display the import date in unixtime (aliases: unix,epoch |
Output :
JSON Key | Value | ||
---|---|---|---|
src | A URL containing data associated with the target | ||
site | The name of the threat actor | ||
data | The domain name associated with the victim | ||
found | The date the data was indexed (in YYYYMMDD format) |
Endpoint :
Domain Name | Path | ||
---|---|---|---|
api.breachsense.io | /sessions |
Supported Parameters :
Parameter | Description | |
---|---|---|
date | only display results newer that this value. Value set in YYYYMMDD or unixtime formats | |
lic | license key can be sent via a GET parameter or request header |
|
notify | add/delete the email address you wish to receive alerts on must be used in conjunction with the action parameter |
|
r | return the number of remaining monthly queries allowed | |
search | search term - accepts a domain name, email address or IP address | |
update | return the Unix timestamp the stealer database was last updated | |
unixtime | display the import date in unixtime (aliases: unix,epoch |
Output :
JSON Key | Value | ||
---|---|---|---|
dom | The domain name associated with the victim | ||
name | The name of the cookie | ||
val | The value of the cookie | ||
path | The cookie path | ||
expires | The date (in unixtime) that the cookie is set to expire | ||
fnd | The date the data was found (in YYYYMMDD format) |
Endpoint :
Domain Name | Path | ||
---|---|---|---|
api.breachsense.io | /stealer |
Supported Parameters :
Parameter | Description | |
---|---|---|
date | only display results newer that this value. Value set in YYYYMMDD or unixtime formats | |
lic | license key can be sent via a GET parameter or request header |
|
notify | add/delete the email address you wish to receive alerts on must be used in conjunction with the action parameter |
|
r | return the number of remaining monthly queries allowed | |
search | search term - accepts a domain name, email address or IP address | |
update | return the Unix timestamp the stealer database was last updated | |
unixtime | display the import date in unixtime (aliases: unix,epoch |
Output :
JSON Key | Value | ||
---|---|---|---|
usr | The username used to authenticate | ||
pwd | The password used to authenticate | ||
src | The target URL or IP that the victim authenticated to | ||
hid | The hardware ID of the infected device | ||
iip | The IP address of the infected device | ||
inf | The date the machine was infected on (in unixtime) | ||
mal | The type of malware infected on the device | ||
fnd | The date the credential was found |