API Documentation

API Documentation

Combo - focuses on combo lists that contain plaintext credentials
Creds - focuses on 3rd party breaches that contain credentials
Darkweb - focuses on company data being leaked or sold on the darkweb
Monitor - manages monitored assets
Radar - focuses on domains that threat actors have announced as targets
Sessions - focuses on session tokens sniffed from malware infected devices
Stealer - focuses on credentials sniffed from malware infected devices

    Endpoint :

    Domain NamePath
    api.breachsense.com/combo

    Supported Parameters :

    ParameterDescription
    dateonly display results newer that this value. Value set in YYYYMMDD or unixtime formats
    liclicense key
    can be sent via a GET parameter or request header
    rreturn the number of remaining monthly queries allowed
    searchaccepts a domain name or email address
    updatereturn the Unix timestamp the combo database was last updated
    unixtimedisplay the import date in unixtime (aliases: unix,epoch)

    Output* :

    JSON KeyValue
    fndThe date (in YYYYMMDD or unixtime format) the credentials were found
    fleThe file name the credential was found in
    pwdThe password used to authenticate
    srcThe target URL or IP that the victim authenticated to
    usrThe username used to authenticate
    * Output dependant on which values were present in the original leak.

    Test Data :

    ParameterString
    search[email protected]

    Endpoint :

    Domain NamePath
    api.breachsense.com/creds

    Supported Parameters :

    ParameterDescription
    attrdisplay a short description of the breach
    dateonly display results newer that this value. Value set in YYYYMMDD or unixtime formats
    hashreturn a 0 if the password is in hashed format and a 1 if the password has been decrypted
    importdisplay the date the breach was imported into the database
    jsondisplay results in JSON format (default is CSV)
    liclicense key
    can be sent via a GET parameter or request header
    listlist the breaches and dates they were imported
    limitincrease / decrease the number of records returned in the response
    presults are limited to 500 credentials per request (by default)
    when an HTTP 206 response status is returned, pagination is required to view the remaining results.
    p is a numeric page value
    rreturn the number of remaining monthly queries allowed
    searchaccepts a domain name or email address
    updatereturn the Unix timestamp the creds database was last updated
    uniqreturn a list of all unique email addresses and plaintext passwords
    unixtimedisplay the import date in unixtime (aliases: unix,epoch

    Output :

    JSON KeyValue
    emlThe email address used to authenticate
    pwdThe password used to authenticate
    srcThe name of the breached website or collection
    atrThe attribution data associated with the breach
    impThe date (in YYYYMMDD format) the breach was found

    Test Data :

    ParameterString
    search[email protected]

    Endpoint :

    Domain NamePath
    api.breachsense.com/darkweb

    Supported Parameters :

    ParameterDescription
    dateonly display results newer that this value. Value set in YYYYMMDD or unixtime formats
    liclicense key
    can be sent via a GET parameter or request header
    rreturn the number of remaining monthly queries allowed
    rangerange - accepts a date range in YYYYMMDD-YYYYMMDD format (30 day limit)
    searchsearch term - accepts a domain name
    updatereturn the Unix timestamp the darkweb database was last updated
    unixtimedisplay the import date in unixtime (aliases: unix,epoch)

    Output :

    JSON KeyValue
    srcA URL containing data associated with the target
    siteThe name of the threat actor
    dataThe domain name associated with the victim
    nameThe company name of the victim
    foundThe date the data was indexed (in YYYYMMDD format)

    Test Data :

    ParameterString
    searchexample.com

    Endpoint :

    Domain NamePath
    api.breachsense.com/monitor

    Supported Parameters :

    ParameterDescription
    actionmanage monitored assets
    must be set to add, del or list
    astadd/delete the asset you wish to monitor
    must be used in conjunction with the action parameter
    liclicense key
    can be sent via a GET parameter or request header
    notifyadd/delete the email address or webhook you wish to receive alerts at
    must be used in conjunction with the action parameter
    credsadd/delete the basic auth credentials you wish to use when sending an alert to a webhook
    must be used in conjunction with the action parameter

    Output :

    JSON KeyValue
    notifyemail or webhook that will be notified
    astasset that will be monitored

    Endpoint :

    Domain NamePath
    api.breachsense.com/radar

    Supported Parameters :

    ParameterDescription
    dateonly display results newer that this value. Value set in YYYYMMDD or unixtime formats
    liclicense key
    can be sent via a GET parameter or request header
    rreturn the number of remaining monthly queries allowed
    searchsearch term - accepts a domain name
    updatereturn the Unix timestamp the radar database was last updated
    unixtimedisplay the import date in unixtime (aliases: unix,epoch

    Output :

    JSON KeyValue
    dataThe domain name associated with the victim
    foundThe date the data was indexed (in YYYYMMDD format)
    srcA URL containing data associated with the target

    Test Data :

    ParameterString
    searchexample.com

    Endpoint :

    Domain NamePath
    api.breachsense.com/sessions

    Supported Parameters :

    ParameterDescription
    dateonly display results newer that this value. Value set in YYYYMMDD or unixtime formats
    liclicense key
    can be sent via a GET parameter or request header
    rreturn the number of remaining monthly queries allowed
    searchsearch term - accepts a domain name, email address or IP address
    updatereturn the Unix timestamp the sessions database was last updated
    unixtimedisplay the import date in unixtime (aliases: unix,epoch

    Output :

    JSON KeyValue
    domThe domain name associated with the victim
    expiresThe date (in unixtime) that the cookie is set to expire
    fndThe date the data was found (in YYYYMMDD format)
    nameThe name of the cookie
    pathThe cookie path
    valThe value of the cookie

    Test Data :

    ParameterString
    searchexample.com

    Endpoint :

    Domain NamePath
    api.breachsense.com/stealer

    Supported Parameters :

    ParameterDescription
    dateonly display results newer that this value. Value set in YYYYMMDD or unixtime formats
    liclicense key
    can be sent via a GET parameter or request header
    rreturn the number of remaining monthly queries allowed
    searchsearch term - accepts a domain name, email address or IP address
    updatereturn the Unix timestamp the stealer database was last updated
    unixtimedisplay the import date in unixtime (aliases: unix,epoch

    Output* :

    JSON KeyValue
    bidThe malware’s build ID
    fleThe file name the credential was found in
    fndThe date the credential was found
    hidThe hardware ID of the infected device
    iipThe IP address of the infected device
    infThe date the machine was infected on (in unixtime)
    macThe infected machine’s name
    malThe type of malware infected on the device
    nmeThe username on the infected device
    osThe operating system on the infected device
    pthThe full path to the malware executable file
    pwdThe password used to authenticate
    srcThe target URL or IP that the victim authenticated to
    usrThe username used to authenticate
    * Output dependant on which values were present in the original leak.

    Test Data :

    ParameterString
    search[email protected]

    ©2024 Breachsense - All Rights Reserved