Search API

A new version of the ThreatCrowd API is now available on Github, the details of the earlier version are left below.











____

In response to requests, a beta Search API for ThreatCrowd is now available.
The Search API is designed to return search results - it does not provide any detail.
For detail please review the search results, or APIs (such as VirusTotal , TotalHash and PassiveTotal).

Maltego Transforms
You can download pre-built Maltego transforms from http://threatcrowd.blogspot.co.uk/p/threatcrowd-maltego-transform.html

Example Request

 http://www.threatcrowd.org/searchApi/v1/api.php?type=domain&query=aoldaily.com

Example Response

	MD5,ec8c89aa5e521572c74e2dd02a4daf78,http://malwr.com/analysis/YzIzMjkxYWE4N2I1NGFiY2JhZGViZDEyNWJkZWViZmI/
	MD5,3e6ed3ee47bce9946e2541332cb34c69,http://malwr.com/analysis/ZTQxZDhiMDMyMmQ0NDAxYWIxMDkzNzFjM2NkNDViMTA/
	MD5,7b42b35832855ab4ff37ae9b8fa9e571,http://malwr.com/analysis/ZDAyYmQ0MTEwN2VjNDYxNDg1NmU5MjkwZGIyOGY1NjY/
	MD5,871cc547feb9dbec0285321068e392b8,http://malwr.com/analysis/MDcwMGZhMzM5YTlhNDYxNjgxYjUxNTc2NTFmZTQwNzI/
	MD5,6a0280f169d233a0bdc81ee6a70ef817,https://totalhash.com/analysis/760f859ecf7839f6a53015666b10adaae5007ddc
	MD5,86dd715a8d28788e68a575207d66df34,https://totalhash.com/analysis/351d61cb8d67f78c55149a878ef8d8197a4571f6
	MD5,ec8c89aa5e521572c74e2dd02a4daf78,http://malwr.com/analysis/YzIzMjkxYWE4N2I1NGFiY2JhZGViZDEyNWJkZWViZmI/
	MD5,3e6ed3ee47bce9946e2541332cb34c69,http://malwr.com/analysis/ZTQxZDhiMDMyMmQ0NDAxYWIxMDkzNzFjM2NkNDViMTA/
	MD5,7b42b35832855ab4ff37ae9b8fa9e571,http://malwr.com/analysis/ZDAyYmQ0MTEwN2VjNDYxNDg1NmU5MjkwZGIyOGY1NjY/
	MD5,871cc547feb9dbec0285321068e392b8,http://malwr.com/analysis/MDcwMGZhMzM5YTlhNDYxNjgxYjUxNTc2NTFmZTQwNzI/
	IP,0.0.0.0,
	IP,50.116.42.33,
	IP,50.63.202.70,
	IP,66.228.48.134,
	IP,69.195.129.72,
	IP,81.166.122.234,
	EMAIL,domains@virustracker.info,
	EMAIL,william19770319@yahoo.com,
	DOMAIN,media.aoldaily.com,
	DOMAIN,e.aoldaily.com,
	DOMAIN,finance.aoldaily.com,
	DOMAIN,game.aoldaily.com,
	DOMAIN,zone.aoldaily.com,
	DOMAIN,share.aoldaily.com,
	DOMAIN,update.aoldaily.com,
	DOMAIN,flash.aoldaily.com,
	DOMAIN,mail.aoldaily.com,

Further Examples

https://www.threatcrowd.org/searchApi/v1/api.php?type=ip&query=69.195.129.72
http://www.threatcrowd.org/searchApi/v1/api.php?type=ip&query=69.195.129. - Subnet search
https://www.threatcrowd.org/searchApi/v1/api.php?type=email&query=william19770319@yahoo.com
https://www.threatcrowd.org/searchApi/v1/api.php?type=md5&query=ec8c89aa5e521572c74e2dd02a4daf78
https://www.threatcrowd.org/searchApi/v1/api.php?type=antivirus&query=preshin
https://www.threatcrowd.org/searchApi/v1/api.php?type=domain&query=aoldaily.com&displayDates=true - Note that &displayDates=True is added here to display dates associated with DNS records

Request Description

http://www.threatcrowd.org/searchApi/v1/api.php?type=[Type]&query=[Query]

Where type is domain, ip, email, antivirus or md5.

The response is a CSV format with colums Type,Value,Result.

JSON results may be added at a later date.
Add &readOnly=true to prevent ThreatCrowd from enriching results (such as performing DNS requests). This may return less results, but may be preferable for OPSEC.

Limits

API Requests are limited to 1 request every 10 seconds per IP.

About

This is subject to change,  may be withdrawn, and is likely to be flaky.

I make no guarantees as to the availability or veracity.

All access to the server is logged.

Do you offer a private API?

No. ThreatCrowd is a non-commercial site and there is no-private API.

If you would like any extensions to the current API, please e-mail me at threatcrowd@gmail.com and I will see if I can extend it for all users.

Further Details

Please drop me a line on  threatcrowd@gmail.com , @threatcrowd or @chrisdoman