TECHINT APIs

Contents

TECHINT APIs#

Malware-sandbox, vulnerability, and component-data APIs the TECHINT operator pulls from. Most have free tiers gated to non-commercial use; commercial use needs a license.

API

Auth + tier

Endpoint

Returns

VirusTotal API v3

API key; free + paid.

https://www.virustotal.com/api/v3/

File / URL / domain / IP intel; sample download on paid tiers.

Hybrid Analysis

API key.

https://www.hybrid-analysis.com/api/v2/

Sandbox reports, sample search.

Joe Sandbox Cloud

API key.

https://jbxcloud.joesecurity.org/api/v2/

Detonation reports.

ANY.RUN

API key; paid.

https://api.any.run/v1/

Interactive sandbox; public submissions.

MalwareBazaar (abuse.ch)

Free; API key for some endpoints.

https://mb-api.abuse.ch/api/v1/

Malware sample sharing.

URLhaus (abuse.ch)

Free.

https://urlhaus-api.abuse.ch/v1/

Malicious URL feed.

ThreatFox (abuse.ch)

Free.

https://threatfox-api.abuse.ch/api/v1/

IOC feed.

MISP

API key per instance.

<misp-instance>/events

Threat-intel platform; events, attributes, galaxies.

NVD API

API key optional.

https://services.nvd.nist.gov/rest/json/

CVE, CPE, CVSS.

CIRCL CVE Search

Free.

https://cve.circl.lu/api/

CVE lookup and matching.

ExploitDB

Public.

https://www.exploit-db.com/

Public exploit archive.

Vulners API

API key.

https://vulners.com/api/v3/

Aggregated vulnerability database.

EPSS

Free.

https://api.first.org/data/v1/epss

Exploit Prediction Scoring System.

KEV catalog

Free.

https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json

CISA Known Exploited Vulnerabilities.

References#