Initial commit

README.md

@@ -0,0 +1,14 @@
+| Category | Description |
+| - | - |
+| Api      | Collection of curl commands |
+| Exploit  | Sorted by CVE |
+| Linux    | Command line for Linux |
+| Other    | Everything that does not belong elsewhere |
+| Snippet  | Code snippets for different languages |
+| Theorie  | Background knowledge on specific topics |
+| Url      | Resources on the Internet |
+| Windows  | Command line for Windows |
+| Wordlist | Lists with various contents |
+
+Use with caution, some links may contain malware.
+

api/avatarapi.md

@@ -0,0 +1,8 @@
+### Source
+https://docs.avatarapi.com
+
+### Get profile picture and location of email address
+```
+curl -s --location --request POST "https://avatarapi.com/v2/api.aspx" --data-raw '{"username":"<user>","password":"<password>","email":"<email>"}'
+```
+

api/bigdatacloud.md

@@ -0,0 +1,23 @@
+### Source
+https://bigdatacloud.com/docs
+
+### Validate email address and check for spam
+```
+curl -s "https://api-bdc.net/data/email-verify?emailAddress=<email>&key=<apiKey>"
+```
+
+### Check ip address for spam
+```
+curl -s "https://api-bdc.net/data/hazard-report?ip=<ip>&key=<apiKey>"
+```
+
+### Get informations about user-agent
+```
+curl -s "https://api-bdc.net/data/user-agent-info?userAgentRaw=<user+agent>&key=<apiKey>"
+```
+
+### Get informations about geolocation
+```
+curl -s https://api-bdc.net/data/reverse-geocode?latitude=<latitude>&longitude=<longitude>&key=<apiKey>"
+```
+

api/binaryedge.md

@@ -0,0 +1,28 @@
+### Source
+https://docs.binaryedge.io/api-v2
+
+### Return details about current subscription
+```
+curl -s "https://api.binaryedge.io/v2/user/subscription" -H "X-Key:<apiKey>"
+```
+
+### Return details about services running on host
+```
+curl -s "https://api.binaryedge.io/v2/query/ip/<ipAddress>" -H "X-Key:<apiKey>"
+```
+
+### List subdomains
+```
+curl -s "https://api.binaryedge.io/v2/query/domains/subdomain/<domain>" -H "X-Key:<apiKey>"
+```
+
+### Return known data breaches for email address
+```
+curl -s "https://api.binaryedge.io/v2/query/dataleaks/email/<email>" -H "X-Key:<apiKey>"
+```
+
+### List available data breaches
+```
+curl -s "https://api.binaryedge.io/v2/query/dataleaks/info" -H "X-Key:<apiKey>"
+```
+

api/bufferover.md

@@ -0,0 +1,8 @@
+### Source
+https://tls.bufferover.run
+
+### Get certificates of given domain
+```
+curl -s "https://tls.bufferover.run/dns?q=<domain>" -H "x-api-key: <apiKey>"
+```
+

api/censys.md

@@ -0,0 +1,37 @@
+### Source
+https://search.censys.io/api
+https://search.censys.io/search/definitions
+
+### Return details about current subscription
+```
+curl -s "https://search.censys.io/api/v1/account" -H "accept: application/json" -H "Authorization: Basic <apiKey>"
+```
+
+### Get subdomains, ports, vendors, asn, geolocation, etc of given domain
+```
+curl -s "https://search.censys.io/api/v2/hosts/search?per_page=100&q=dns.names:<domain>" -H "Accept: application/json" -H "Authorization: Basic <apiKey>"
+```
+
+### Get ports, vendors, asn, geolocation, etc of hosts containing a given keyword inside html title
+```
+curl -s "https://search.censys.io/api/v2/hosts/search?per_page=100&q=services.http.response.html_title:<title>" -H "Accept: application/json" -H "Authorization: Basic <apiKey>"
+```
+
+### Get ports, vendors, asn, geolocation, etc of hosts belonging to given ASN
+```
+curl -s "https://search.censys.io/api/v2/hosts/search?per_page=100&q=autonomous_system.asn:<number>" -H "Accept: application/json" -H "Authorization: Basic <apiKey>"
+```
+
+### Collect information about multiple hosts
+```
+cat cidrRanges.txt | xargs -I % sh -c 'echo %\\n; curl -s "https://search.censys.io/api/v2/hosts/search?per_page=100&q=ip:{'%'}" -H "accept: application/json" -H "Authorization: Basic <apiKey>" > $(echo %|tr "/" "_").json ; sleep 3'
+```
+
+### Definitions
+```
+services.port
+services.http.response.headers 
+services.http.response.html_title 
+services.software.product
+```
+

api/defastra.md

@@ -0,0 +1,26 @@
+### Source
+https://docs.defastra.com/reference/authentication
+
+### Check phone number for fraud indicators
+```
+curl --request POST \
+     --url https://api.defastra.com/deep_phone_check \
+     --header 'X-API-KEY: <apiKey>' \
+     --header 'accept: application/json' \
+     --header 'content-type: application/x-www-form-urlencoded' \
+     --data timeout=normal \
+     --data 'phone=<phoneNumber>'
+```
+
+### Check email address for fraud indicators
+```
+curl --request POST \
+     --url https://api.defastra.com/deep_email_check \
+     --header 'X-API-KEY: <apiKey>' \
+     --header 'accept: application/json' \
+     --header 'content-type: application/x-www-form-urlencoded' \
+     --data timeout=normal \
+     --data email=<email>
+```
+
+

api/greynoise.md

@@ -0,0 +1,8 @@
+### Source
+https://docs.greynoise.io
+
+### Check if ip address has been used for portscans
+```
+curl -s https://api.greynoise.io/v3/community/<ip> --header "accept: application/json"
+```
+

api/hackertarget.md

@@ -0,0 +1,33 @@
+### Source
+https://hackertarget.com/reverse-analytics-search
+
+### Get domains that use the same google analytics ID
+```
+curl -s "https://api.hackertarget.com/analyticslookup/?q=<UA-XXX>"
+```
+
+### Perform reverse IP lookup on single ip or range
+```
+curl -s "https://api.hackertarget.com/reverseiplookup/?q=<ipCidr>"
+```
+
+### Get domains that use the same DNS server 
+```
+curl -s "https://api.hackertarget.com/findshareddns/?q=<ipNameserver>"
+```
+
+### Get subdomains
+```
+curl -s "https://api.hackertarget.com/hostsearch/?q=<domain>"
+```
+
+### Get URL from website 
+```
+curl -s "https://api.hackertarget.com/pagelinks/?q=<domain>"
+```
+
+### Get HTTP header 
+```
+curl -s "https://api.hackertarget.com/httpheaders/?q=<domain>"
+```
+

api/hunter.md

@@ -0,0 +1,18 @@
+### Source
+https://hunter.io/api-keys
+
+### Get email addresses
+```
+curl -s "https://api.hunter.io/v2/domain-search?domain=<domain>&api_key=<apiKey>"
+```
+
+### Get source of specific email address 
+```
+curl -s "https://api.hunter.io/v2/email-finder?domain=<domain>&first_name=<firstname>&last_name=<lastname>&api_key=<apiKey>"
+```
+
+### Get sources of email address
+```
+curl -s "https://api.hunter.io/v2/email-verifier?email=<email>&api_key=<apiKey>"
+```
+

api/leakix.md

@@ -0,0 +1,18 @@
+### Source
+https://docs.leakix.net/docs/api/authentication
+
+### Get subdomains
+```
+curl -s -H "api-key: <apiKey>" -H "accept: application/json" "https://leakix.net/api/subdomains/<domain>" 
+```
+
+### Get ports (mostly 80,443), subdomains, HTTP header, HTML tile, geolocation, asn, etc
+```
+curl -s -H "api-key: <apiKey>" -H "accept: application/json" "https://leakix.net/domain/<domain>"
+```
+
+### Collect information about multiple hosts
+```
+cat hosts.txt | xargs -I % sh -c 'echo %\\n; curl -s -H "api-key: <apiKey>" -H "accept: application/json" "https://leakix.net/host/%" > %.json ; cat %.json; sleep 5'
+```
+

api/networksdb.md

@@ -0,0 +1,18 @@
+### Source
+https://networksdb.io/api/docs
+
+### Get ASN and organisation
+```
+curl -s -H "X-Api-Key: <apiKey>" "https://networksdb.io/api/org-search" -d search=<companyName>
+```
+
+### Get IP range from id returned by org search
+```
+curl -s -H "X-Api-Key: <apiKey>" "https://networksdb.io/api/org-networks" -d id=<id>
+```
+
+### Get geolocation of ip adress
+```
+curl -s -H "X-Api-Key: <apiKey>" https://networksdb.io/api/ip-geo -d ip=<ip>
+```
+

api/onyphe.md

@@ -0,0 +1,18 @@
+### Source
+https://www.onyphe.io/docs/getting-started
+
+### Get subdomains, asn, ports etc
+```
+curl -s -H "Content-Type: application/json" -H "Authorization: bearer <apiKey>" "https://www.onyphe.io/api/v2/search/?q=domain:<domain>"
+```
+
+### Get domains that resolve to the given IP address
+```
+curl -s -H "Content-Type: application/json" -H "Authorization: bearer <apiKey>" "https://www.onyphe.io/api/v2/search/?q=category:resolver+ip:<ip>"
+```
+
+### Get posts, services, os, certificate, hostname, asn etc
+```
+curl -s -H "Content-Type: application/json" -H "Authorization: bearer <apiKey>" "https://www.onyphe.io/api/v2/search/?q=ip:<ip>"
+```
+

api/robtex.md

@@ -0,0 +1,20 @@
+### Source
+https://www.robtex.com/api
+
+### Get domains that resolve to the given IP address and geolocation
+```
+curl -s "https://freeapi.robtex.com/ipquery/<ip>"
+curl -s "https://freeapi.robtex.com/pdns/reverse/<ip>"
+curl -s "https://freeapi.robtex.com/ipquery/<ip>?key=<apiKey>"
+```
+
+### Get ip range of given ASN
+```
+curl -s "https://freeapi.robtex.com/asquery/<1234>"
+```
+
+### Get name- and mailserver
+```
+curl -s "https://freeapi.robtex.com/pdns/forward/<domain>"
+```
+

api/securitytrails.md

@@ -0,0 +1,28 @@
+### Source
+https://docs.securitytrails.com/reference/history-whois
+
+### Return details about current subscription
+```
+curl -s --request GET --url "https://api.securitytrails.com/v1/account/usage" --header "accept: application/json" --header "APIKEY: <apiKey>"
+```
+
+### Get historical whois information
+```
+curl -s --request GET --url "https://api.securitytrails.com/v1/history/<domain>/whois" --header "accept: application/json" --header "APIKEY: <apiKey>"
+```
+
+### Get mail-, nameserver and dns records
+```
+curl -s --request GET --url "https://api.securitytrails.com/v1/domain/<domain>" --header "accept: application/json" --header "APIKEY: <apiKey>"
+```
+
+### Get subdomains
+```
+curl -s --request GET --url "https://api.securitytrails.com/v1/domain/<domain>/subdomains" --header "accept: application/json" --header "APIKEY: <apiKey>"
+```
+
+### Get open ports of closeby IP addresses
+```
+curl -s --request GET --url "https://api.securitytrails.com/v1/ips/nearby/<ip>" --header "accept: application/json" --header "APIKEY: <apiKey>"
+```
+

api/shodan.md

@@ -0,0 +1,40 @@
+### Source
+https://developer.shodan.io/api
+
+### Return details about current subscription
+```
+curl -s "https://api.shodan.io/account/profile?key=<apiKey>"
+```
+
+### Get rootdomains and subdomains of given company
+```
+curl -s "https://api.shodan.io/shodan/host/search?key=<apiKey>&query=org:<company>" | jq ".matches[] | .domains, .hostnames" | grep -v "\[" | awk -F '"' '{print $2}' | sort -u
+```
+
+### Get information about hosts that contains the given html title
+```
+curl -s "https://api.shodan.io/shodan/host/search?key=<apiKey>&query=http.title:<title>" | jq ".matches[] | .domains, .hostnames" /tmp/test | grep -v "\[" | awk -F '"' '{print $2}' | sort -u
+```
+
+### Get open ports, certificates, asn, html title and source code, geolocation, etc
+```
+curl -s "https://api.shodan.io/shodan/host/<ip>?key=<apiKey>"
+```
+
+### Collect information about multiple hosts
+```
+cat cidrRanges.txt | xargs -I % sh -c 'echo %\\n; curl -s "https://api.shodan.io/shodan/host/search?key=<apiKey>&query=net:%" > $(echo %|tr "/" "_").json ; sleep 3'
+```
+
+### Filters
+```
+country:<country>
+http.title:<title>
+http.html:<keyword>
+net:<networkCidr>
+org:<company>
+port:<port>
+product:<software>
+isp:<internetServiceProvider>
+```
+

api/spyonweb.md

@@ -0,0 +1,23 @@
+### Source
+https://api.spyonweb.com/v1/docs
+
+### Get domains that share the same G-Adsense, G-Analytics, IP address and nameserver
+```
+curl -s 'https://api.spyonweb.com/v1/domain/<domain>?access_token=<apiKey>'
+```
+
+### Get domains that use the same Google Adsense ID
+```
+curl -s 'https://api.spyonweb.com/v1/adsense/<pub-1234567891234567>?access_token=<apiKey>'
+```
+
+### Get domains that use the same G-Analytics ID
+```
+curl -s 'https://api.spyonweb.com/v1/analytics/<ua-12345678>?access_token=<apiKey>'
+```
+
+### Get domains that use the same nameserver
+```
+curl -s 'https://api.spyonweb.com/v1/ip_dns/<nameserverIp>?access_token=<apiKey>'
+```
+

api/sslmate.md

@@ -0,0 +1,8 @@
+### Source
+https://sslmate.com/ct_search_api
+
+### Get nameserver, subdomains and tls certificates
+```
+curl -s "https://api.certspotter.com/v1/issuances?domain=<domain>&include_subdomains=true&expand=dns_names&expand=issuer&expand=revocation&expand=problem_reporting&expand=cert_der"
+```
+