preloader

API Documentation

Creds - focuses on 3rd party breaches that contain credentials
Darkweb - focuses on company data being leaked or sold on the darkweb
Sessions - focuses on credentials sniffed from malware infected computers
Stealer - focuses on credentials sniffed from malware infected computers

Endpoint :

Domain Name Path
api.breachsense.io /creds

Supported Parameters :

Parameter Description
action manage monitored domains
must be set to add, del or list
attr display a short description of the breach
date only display results newer that this value. Value set in YYYYMMDD or unixtime formats
dom add/delete the domain you wish to monitor
must be used in conjunction with the action parameter
hash return a 0 if the password is in hashed format and a 1 if the password has been decrypted
import display the date the breach was imported into the database
json display results in JSON format (default is CSV)
lic license key
can be sent via a GET parameter or request header
list list the breaches and dates they were imported
notify add/delete the email address you wish to receive alerts on
must be used in conjunction with the action parameter
p results are limited to 500 credentials per request
when an HTTP 206 response status is returned, pagination is required to view the remaining results.
p is a numeric page value
r return the number of remaining monthly queries allowed
search accepts a domain name or email address
update return the Unix timestamp the creds database was last updated
uniq return a list of all unique email addresses and plaintext passwords
unixtime display the import date in unixtime (aliases: unix,epoch

Output :

JSON Key Value
eml The email address used to authenticate
pwd The password used to authenticate
src The name of the breached website or collection
atr The attribution data associated with the breach
imp The date (in YYYYMMDD format) the breach was found

Endpoint :

Domain Name Path
api.breachsense.io /darkweb

Supported Parameters :

Parameter Description
date only display results newer that this value. Value set in YYYYMMDD or unixtime formats
lic license key
can be sent via a GET parameter or request header
notify add/delete the email address you wish to receive alerts on
must be used in conjunction with the action parameter
r return the number of remaining monthly queries allowed
search search term - accepts a domain name
update return the Unix timestamp the darkweb database was last updated
unixtime display the import date in unixtime (aliases: unix,epoch

Output :

JSON Key Value
src A URL containing data associated with the target
site The name of the threat actor
data The domain name associated with the victim
found The date the data was indexed (in YYYYMMDD format)

Endpoint :

Domain Name Path
api.breachsense.io /sessions

Supported Parameters :

Parameter Description
date only display results newer that this value. Value set in YYYYMMDD or unixtime formats
lic license key
can be sent via a GET parameter or request header
notify add/delete the email address you wish to receive alerts on
must be used in conjunction with the action parameter
r return the number of remaining monthly queries allowed
search search term - accepts a domain name, email address or IP address
update return the Unix timestamp the stealer database was last updated
unixtime display the import date in unixtime (aliases: unix,epoch

Output :

JSON Key Value
dom The domain name associated with the victim
name The name of the cookie
val The value of the cookie
path The cookie path
expires The date (in unixtime) that the cookie is set to expire
fnd The date the data was found (in YYYYMMDD format)

Endpoint :

Domain Name Path
api.breachsense.io /stealer

Supported Parameters :

Parameter Description
date only display results newer that this value. Value set in YYYYMMDD or unixtime formats
lic license key
can be sent via a GET parameter or request header
notify add/delete the email address you wish to receive alerts on
must be used in conjunction with the action parameter
r return the number of remaining monthly queries allowed
search search term - accepts a domain name, email address or IP address
update return the Unix timestamp the stealer database was last updated
unixtime display the import date in unixtime (aliases: unix,epoch

Output :

JSON Key Value
usr The username used to authenticate
pwd The password used to authenticate
src The target URL or IP that the victim authenticated to
hid The hardware ID of the infected device
iip The IP address of the infected device
inf The date the machine was infected on (in unixtime)
mal The type of malware infected on the device
fnd The date the credential was found