S E C U R I T Y

Loading

API Documentation

The Security For Everyone API provides ability to use all of our tools with a simple GET request.

Introduction

This reference includes API documentation for the tools available on our website. In this way, our members can use the tools as they wish.

A simple GET request can start any tool you want. All response data is returned in JSON format.

Since we are using a queue mechanism, we create a job for you whenever you make an API request to create scan. We return an analysis ID to query status of the scan (job).

Before we get started, it's good to know:

  1. In order to continue to offer free services to everyone, our members with the basic package can make limited (10 for now) request per day. All API requests count are reset at 00:00 UTC(+0). We're working really hard to make this limit as high as posible.
  2. You can get your API Token value from your settings page after login.
  3. Use [email protected] for your questions.

Requests

To keep it simple we use only GET method. There is to type of request.

  1. Scan Request : To create new scan
  2. Result Request : Get result of a scan

Scan request example :

GET https://api.securityforeveryone.com/create/?scan={scan_name}&asset={asset}&token={your_token}

Result request example :

GET https://api.securityforeveryone.com/result/?id={analysis_id}&token={your_token}
Request Parameters Descriptions
List of Request Parameters
Param Type Required Desc
scan string True Name of the scan. See full list here.
asset string True Asset you want to use in scan. Domain, IP or URL.
token string True Token value in your profile page.
analysis_id string True ID of a scan.
output_type string False Detailed or compact output type. Default is compact.

Example: Create a 'DNS A Record' scan with API

Request:

curl https://api.securityforeveryone.com/create/ \
?scan=a-record-lookup \
&asset=securityforeveryone.com \
&token=your_token

Response:

{"analysis_id":"2ed4380b-8f66-4db3-b916-31fcc7b781e6","status_code":"ok"}
Example: Get Result Of a Scan (job) with API

Request:

curl https://api.securityforeveryone.com/result/ \
?analysis_id=2ed4380b-8f66-4db3-b916-31fcc7b781e6 \
&token=your_token

Response:

{"output":[{"a-record-lookup":"1.1.1.1"}],"asset":"securityforeveryone.com","analysis_id":"2ed4380b-8f66-4db3-b916-31fcc7b781e6"}

Responses

All actions should return HTTP 200 status code. There are two types of response. First one is the response of create job request:

{ "status_code" : "status_code",
"analysis_id": "analysis_id"
}

Second is the response of get scan result request:

{
"asset": "asset for that scan",
"analysis_id": "analysis_id",
"output": {
"scan_one_name": "scan_one_result",
"scan_one_two": "scan_two_result"
}
}

Response Parameters Descriptions
List Reponse Parameters
Param Type Desc
status_code string Status code, see full list
analysis_id string UUID for analysis, use this ID to get analysis result.
output object Scan names and scan results.
asset string Asset name for the scan.

Example: Get Result

Get result of a scan:

curl https://api.securityforeveryone.com/result/ \
?analysis_id=1af24488-2a9f-4f76-8575-a7ec5a50f804 \
&token=your_token

Response:

{ "output": [ { "a-record-lookup": "1.1.1.1" }, { "mx-record-lookup": "xx" }, { "ns-record-lookup": "xx" }, { "dns-any-query": "No result" }, { "txt-record-lookup": "xxx" }, { "aaaa-record-lookup": "No result" }, { "dns-zone-transfer": "Not vulnerable" }, { "dns-cname-record-lookup": "No result" } ], "asset": "securityforeveryone.com", "analysis_id": "1af24488-2a9f-4f76-8575-a7ec5a50f804" }

Status Codes

List of status code

List of Scan Request Status Code
Status Code Desc
ok The request was successful. No error.
not_valid_api_key The API key is not valid.
api_key_not_authorized The API key is not authorized to perform analysis. Usually need to upgrade your package.
not_valid_asset IP, Domain or URL is not valid. Please contact with us if you want to scan a TLD that is not in our white list.
too_many_request You have hit the rate limit
not_valid_scan_name The scan name is not valid.
not_valid_output_type The output type name is not valid.
internal_error Please contact with us
missing_param At least one parameter is missing
asset_type_error Asset type mismatch (Domain or IP)
not_finished At least one scan has not finished yet.
analysis_not_found Can not find any scan result for that analysis id.