API Documentation

API Documentation

Combo - focuses on combo lists that contain plaintext credentials
Creds - focuses on 3rd party breaches that contain credentials
Darkweb - focuses on company data being leaked or sold on the darkweb
Monitor - manages monitored assets
Radar - focuses on domains that threat actors have announced as targets
Sessions - focuses on session tokens sniffed from malware infected devices
Stealer - focuses on credentials sniffed from malware infected devices

Endpoint :

Domain NamePath
api.breachsense.com/combo

Supported Parameters :

ParameterDescription
dateonly display results newer that this value. Value set in YYYYMMDD or unixtime formats
liclicense key
can be sent via a GET parameter or request header
rreturn the number of remaining monthly queries allowed
searchaccepts a domain name or email address
updatereturn the Unix timestamp the combo database was last updated
unixtimedisplay the import date in unixtime (aliases: unix,epoch)

Output* :

JSON KeyValue
fndThe date (in YYYYMMDD or unixtime format) the credentials were found
fleThe file name the credential was found in
pwdThe password used to authenticate
srcThe target URL or IP that the victim authenticated to
usrThe username used to authenticate
* Output dependant on which values were present in the original leak.

Test Data :

ParameterString
search[email protected]

Endpoint :

Domain NamePath
api.breachsense.com/creds

Supported Parameters :

ParameterDescription
attrdisplay a short description of the breach
dateonly display results newer that this value. Value set in YYYYMMDD or unixtime formats
hashreturn a 0 if the password is in hashed format and a 1 if the password has been decrypted
importdisplay the date the breach was imported into the database
jsondisplay results in JSON format (default is CSV)
liclicense key
can be sent via a GET parameter or request header
listlist the breaches and dates they were imported
limitincrease / decrease the number of records returned in the response
presults are limited to 500 credentials per request (by default)
when an HTTP 206 response status is returned, pagination is required to view the remaining results.
p is a numeric page value
rreturn the number of remaining monthly queries allowed
searchaccepts a domain name or email address
updatereturn the Unix timestamp the creds database was last updated
uniqreturn a list of all unique email addresses and plaintext passwords
unixtimedisplay the import date in unixtime (aliases: unix,epoch

Output :

JSON KeyValue
emlThe email address used to authenticate
pwdThe password used to authenticate
srcThe name of the breached website or collection
atrThe attribution data associated with the breach
impThe date (in YYYYMMDD format) the breach was found

Test Data :

ParameterString
search[email protected]

Endpoint :

Domain NamePath
api.breachsense.com/darkweb

Supported Parameters :

ParameterDescription
dateonly display results newer that this value. Value set in YYYYMMDD or unixtime formats
liclicense key
can be sent via a GET parameter or request header
rreturn the number of remaining monthly queries allowed
rangerange - accepts a date range in YYYYMMDD-YYYYMMDD format (30 day limit)
searchsearch term - accepts a domain name
updatereturn the Unix timestamp the darkweb database was last updated
unixtimedisplay the import date in unixtime (aliases: unix,epoch)

Output :

JSON KeyValue
srcA URL containing data associated with the target
siteThe name of the threat actor
dataThe domain name associated with the victim
nameThe company name of the victim
foundThe date the data was indexed (in YYYYMMDD format)

Test Data :

ParameterString
searchexample.com

Endpoint :

Domain NamePath
api.breachsense.com/monitor

Supported Parameters :

ParameterDescription
actionmanage monitored assets
must be set to add, del or list
astadd/delete the asset you wish to monitor
must be used in conjunction with the action parameter
liclicense key
can be sent via a GET parameter or request header
notifyadd/delete the email address or webhook you wish to receive alerts at
must be used in conjunction with the action parameter
credsadd/delete the basic auth credentials you wish to use when sending an alert to a webhook
must be used in conjunction with the action parameter

Output :

JSON KeyValue
notifyemail or webhook that will be notified
astasset that will be monitored

Endpoint :

Domain NamePath
api.breachsense.com/radar

Supported Parameters :

ParameterDescription
dateonly display results newer that this value. Value set in YYYYMMDD or unixtime formats
liclicense key
can be sent via a GET parameter or request header
rreturn the number of remaining monthly queries allowed
searchsearch term - accepts a domain name
updatereturn the Unix timestamp the radar database was last updated
unixtimedisplay the import date in unixtime (aliases: unix,epoch

Output :

JSON KeyValue
dataThe domain name associated with the victim
foundThe date the data was indexed (in YYYYMMDD format)
srcA URL containing data associated with the target

Test Data :

ParameterString
searchexample.com

Endpoint :

Domain NamePath
api.breachsense.com/sessions

Supported Parameters :

ParameterDescription
dateonly display results newer that this value. Value set in YYYYMMDD or unixtime formats
liclicense key
can be sent via a GET parameter or request header
rreturn the number of remaining monthly queries allowed
searchsearch term - accepts a domain name, email address or IP address
updatereturn the Unix timestamp the sessions database was last updated
unixtimedisplay the import date in unixtime (aliases: unix,epoch

Output :

JSON KeyValue
domThe domain name associated with the victim
expiresThe date (in unixtime) that the cookie is set to expire
fndThe date the data was found (in YYYYMMDD format)
nameThe name of the cookie
pathThe cookie path
valThe value of the cookie

Test Data :

ParameterString
searchexample.com

Endpoint :

Domain NamePath
api.breachsense.com/stealer

Supported Parameters :

ParameterDescription
dateonly display results newer that this value. Value set in YYYYMMDD or unixtime formats
liclicense key
can be sent via a GET parameter or request header
rreturn the number of remaining monthly queries allowed
searchsearch term - accepts a domain name, email address or IP address
updatereturn the Unix timestamp the stealer database was last updated
unixtimedisplay the import date in unixtime (aliases: unix,epoch

Output* :

JSON KeyValue
fleThe file name the credential was found in
fndThe date the credential was found
hidThe hardware ID of the infected device
iipThe IP address of the infected device
infThe date the machine was infected on (in unixtime)
malThe type of malware infected on the device
pwdThe password used to authenticate
srcThe target URL or IP that the victim authenticated to
usrThe username used to authenticate
* Output dependant on which values were present in the original leak.

Test Data :

ParameterString
search[email protected]