API Documentation

The Security For Everyone API provides ability to use all of our tools with a simple GET request.

Introduction

This reference includes API documentation for the tools available on our website. In this way, our members can use the tools as they wish.

A simple GET request can start any tool you want. All response data is returned in JSON format.

Since we are using a queue mechanism, we create a job for you whenever you make an API request to create scan. We return an analysis ID to query status of the scan (job).

Before we get started, it's good to know:

In order to continue to offer free services to everyone, our members with the basic package can make limited (10 for now) request per day. All API requests count are reset at 00:00 UTC(+0). We're working really hard to make this limit as high as posible.
You can get your API Token value from your settings page after login.
Use [email protected] for your questions.

Requests

To keep it simple we use only GET method. There is to type of request.

Scan Request : To create new scan
Result Request : Get result of a scan

Scan request example :

GET https://api.securityforeveryone.com/create/?scan={scan_name}&asset={asset}&token={your_token}

Result request example :

GET https://api.securityforeveryone.com/result/?id={analysis_id}&token={your_token}

Request Parameters Descriptions

List of Request Parameters
Param	Type	Required	Desc
scan	string	True	Name of the scan. See full list here.
asset	string	True	Asset you want to use in scan. Domain, IP or URL.
token	string	True	Token value in your profile page.
analysis_id	string	True	ID of a scan.
output_type	string	False	Detailed or compact output type. Default is compact.

Example: Create a 'DNS A Record' scan with API

Request:

curl https://api.securityforeveryone.com/create/ \
?scan=a-record-lookup \
&asset=securityforeveryone.com \
&token=your_token

Response:

{"analysis_id":"2ed4380b-8f66-4db3-b916-31fcc7b781e6","status_code":"ok"}

Example: Get Result Of a Scan (job) with API

Request:

curl https://api.securityforeveryone.com/result/ \
?analysis_id=2ed4380b-8f66-4db3-b916-31fcc7b781e6 \
&token=your_token

Response:

{"output":[{"a-record-lookup":"1.1.1.1"}],"asset":"securityforeveryone.com","analysis_id":"2ed4380b-8f66-4db3-b916-31fcc7b781e6"}

Responses

All actions should return HTTP 200 status code. There are two types of response. First one is the response of create job request:

{ "status_code" : "status_code",
"analysis_id": "analysis_id"
}

Second is the response of get scan result request:

{
"asset": "asset for that scan",
"analysis_id": "analysis_id",
"output": {
"scan_one_name": "scan_one_result",
"scan_one_two": "scan_two_result"
}
}

Response Parameters Descriptions

List Reponse Parameters
Param	Type	Desc
status_code	string	Status code, see full list
analysis_id	string	UUID for analysis, use this ID to get analysis result.
output	object	Scan names and scan results.
asset	string	Asset name for the scan.

Example: Get Result

Get result of a scan:

curl https://api.securityforeveryone.com/result/ \
?analysis_id=1af24488-2a9f-4f76-8575-a7ec5a50f804 \
&token=your_token

Response:

{ "output": [ { "a-record-lookup": "1.1.1.1" }, { "mx-record-lookup": "xx" }, { "ns-record-lookup": "xx" }, { "dns-any-query": "No result" }, { "txt-record-lookup": "xxx" }, { "aaaa-record-lookup": "No result" }, { "dns-zone-transfer": "Not vulnerable" }, { "dns-cname-record-lookup": "No result" } ], "asset": "securityforeveryone.com", "analysis_id": "1af24488-2a9f-4f76-8575-a7ec5a50f804" }

Status Codes

List of status code

List of Scan Request Status Code
Status Code	Desc
ok	The request was successful. No error.
not_valid_api_key	The API key is not valid.
api_key_not_authorized	The API key is not authorized to perform analysis. Usually need to upgrade your package.
not_valid_asset	IP, Domain or URL is not valid. Please contact with us if you want to scan a TLD that is not in our white list.
too_many_request	You have hit the rate limit
not_valid_scan_name	The scan name is not valid.
not_valid_output_type	The output type name is not valid.
internal_error	Please contact with us
missing_param	At least one parameter is missing
asset_type_error	Asset type mismatch (Domain or IP)
not_finished	At least one scan has not finished yet.
analysis_not_found	Can not find any scan result for that analysis id.