3. API usage and engine names - stanfrbd/cyberbro GitHub Wiki
Cyberbro API
[!IMPORTANT] Docs are moving here: https://docs.cyberbro.net/
- The API is available at
/api/(or your custom prefix if you have changed it using the advanced options) and can be accessed via the GUI or command-line.
There are currently 3 endpoints:
/api/analyze- Analyze a text and return analysis ID (JSON)./api/is_analysis_complete/<analysis_id>- Check if the analysis is complete (JSON)./api/results/<analysis_id>- Retrieve the results of a previous analysis (JSON).
curl -X POST "http://localhost:5000/api/analyze" -H "Content-Type: application/json" -d '{"text": "20minutes.fr", "engines": ["reverse_dns", "rdap"]}'
{
"analysis_id": "e88de647-b153-4904-91e5-8f5c79174854",
"link": "/results/e88de647-b153-4904-91e5-8f5c79174854"
}
curl "http://localhost:5000/api/is_analysis_complete/e88de647-b153-4904-91e5-8f5c79174854"
{
"complete": true
}
curl "http://localhost:5000/api/results/e88de647-b153-4904-91e5-8f5c79174854"
[
{
"observable": "20minutes.fr",
"rdap": {
"abuse_contact": "",
"creation_date": "2001-07-11",
"expiration_date": "2028-01-08",
"link": "https://rdap.nic.fr/domain/20minutes.fr",
"name_servers": [
"ns-1271.awsdns-30.org",
"ns-748.awsdns-29.net",
"ns-16.awsdns-02.com",
"ns-1958.awsdns-52.co.uk"
],
"organization": "",
"registrant": "20 MINUTES FRANCE SAS",
"registrant_email": "[email protected]",
"registrar": "GANDI",
"update_date": "2024-11-18"
},
"reverse_dns": {
"reverse_dns": [
"13.249.9.82",
"13.249.9.92",
"13.249.9.83",
"13.249.9.129"
]
},
"reversed_success": true,
"type": "FQDN"
}
]
Note about caching and ignoring cache
-
The API results are cached for 24 hours by default. You can change this by modifying the
api_cache_timeoutparameter in thesecrets.jsonfile or by setting the corresponding environment variable. Refer to this document for more details: advanced options. -
You can bypass caching for a specific request by including
"ignore_cache": truein the data section of your request. Ignoring the cache will force the system to perform the analysis again. For example:
curl -X POST "http://localhost:5000/api/analyze" -H "Content-Type: application/json" -d '{"text": "20minutes.fr", "engines": ["reverse_dns", "rdap"], "ignore_cache": true}'
List of usable engines and their description (just like in the HTML page)
[!IMPORTANT] Docs are moving here: https://docs.cyberbro.net/
[!TIP] Use the property name for the API.
Reverse DNS
Name: reverse_dns
Label: Reverse DNS
Supports: default, domain, IP, abuse, free_no_key
Explaination: Performs a reverse DNS lookup for IP, domain, URL (on the Cyberbro machine)
RDAP (ex Whois)
Name: rdap
Label: RDAP (ex Whois)
Supports: default, abuse, domain, free_no_key
Explaination: Checks RDAP (ex Whois) record for domain, URL, no API key required
IPquery
Name: ipquery
Label: IPquery
Supports: default, IP, risk, VPN, proxy, free_no_key
Explaination: Checks IPquery for IP, reversed obtained IP for a given domain/URL, free, no API key
AbuseIPDB
Name: abuseipdb
Label: AbuseIPDB
Supports: risk
Explaination: Checks AbuseIPDB for IP, reversed obtained IP for a given domain/URL, free API key required
IPinfo
Name: ipinfo
Label: IPinfo
Supports: IP
Explaination: Checks IPinfo for IP, reversed obtained IP for a given domain/URL, free API key required
VirusTotal
Name: virustotal
Label: VirusTotal
Supports: hash, risk, IP, domain, URL
Explaination: Checks VirusTotal for IP, domain, URL, hash, free API key required
Spur.us
Name: spur
Label: Spur.us
Supports: VPN, proxy, free_no_key, scraping
Explaination: Scraps Spur.us for IP, reversed obtained IP for a given domain/URL, free, no API key
Microsoft Defender for Endpoint
Name: mde
Label: Microsoft Defender for Endpoint
Supports: hash, IP, domain, URL
Explaination: Checks Microsoft Defender for Endpoint, paid API info on Azure required
CrowdStrike
Name: crowdstrike
Label: CrowdStrike
Supports: hash, IP, domain, URL
Explaination: Checks CrowdStrike for IP, domain, URL, hash, paid API key required with Flacon XDR and Falcon Intelligence licence
Google Safe Browsing
Name: google_safe_browsing
Label: Google Safe Browsing
Supports: risk, domain, IP
Explaination: Checks Google Safe Browsing, free API key required
Shodan
Name: shodan
Label: Shodan
Supports: ports, IP
Explaination: Checks Shodan, reversed obtained IP for a given domain/URL, free API key required
Phishtank
Name: phishtank
Label: Phishtank
Supports: risk, domain, URL, free_no_key
Explaination: Checks Phishtank for domains, URL, free, no API key
ThreatFox
Name: threatfox
Label: ThreatFox
Supports: IP, domain, URL, free_no_key
Explaination: Checks ThreatFox by Abuse.ch for IP, domains, URL, free, no API key
URLscan
Name: urlscan
Label: URLscan
Supports: domain, URL, IP, hash, free_no_key
Explaination: Checks URLscan for all types of observable, free, no API key
Name: google
Label: Google
Supports: domain, URL, IP, hash, free_no_key, scraping
Explaination: Scraps Google search results for all types of observable, free, no API key
Github
Name: github
Label: Github
Supports: domain, URL, IP, hash, free_no_key, scraping
Explaination: Get Github grep.app API search results for all types of observable, free, no API key
Ioc.One (HTML)
Name: ioc_one_html
Label: Ioc.One (HTML)
Supports: domain, URL, IP, hash, scraping
Explaination: Scraps (can be long) Ioc.One HTML search results for all types of observable, free, no API key
Ioc.One (PDF)
Name: ioc_one_pdf
Label: Ioc.One (PDF)
Supports: domain, URL, IP, hash, scraping
Explaination: Scraps (can be long) Ioc.One PDF search results for all types of observable, free, no API key
OpenCTI
Name: opencti
Label: OpenCTI
Supports: domain, URL, IP, hash
Explaination: Searches OpenCTI results for all types of observable, API key required
Abusix
Name: abusix
Label: Abusix
Supports: abuse, free_no_key
Explaination: Checks abuse contact with Abusix for IP, reversed obtained IP for a given domain/URL, free, no API key
Hudson Rock
Name: hudsonrock
Label: Hudson Rock
Supports: domain, URL, email, free_no_key
Explaination: Searches Hudson Rocks results for domains, URL, Email, free, no API key
WebScout
Name: webscout
Label: WebScout
Supports: IP, free or paid API key required
Explaination: Checks WebScout for IP, reversed obtained IP for a given domain / URL, free or paid API key required
CriminalIP
Name: criminalip
Label: CriminalIP
Supports: IP, free or paid API key required
Explaination: Checks CriminalIP for IP, reversed obtained IP for a given domain / URL, free or paid API key required
Alienvault
Name: alienvault
Label: Alienvault
Supports: IP, free API key required
Explaination: Checks Alienvault for IP, domain, URL, hash, free API key required
MISP
Name: misp
Label: MISP
Supports: IP, domain, URL, hash
Explaination: Checks MISP for IP, domain, URL, hash, free API key required
Google DNS (common records)
Name: google_dns
Label: Google DNS (common records)
Supports: IP, domain, URL
Explaination: Checks Google common DNS records (A, AAAA, CNAME, NS, MX, TXT, PTR) for IP, domain, URL, free, no API key