API of the month – apility

A friend of mine pitched the idea to start a blog series titled „API of the month“ based on my GitHub repository https://github.com/deralexxx/security-apis.

The idea of that series is to cover an API each month, provide some samples, talk about potential target audience and use cases for the API.

Service description

The first API to be covered is apility. The service is marketed as „Minimal and Simple Anti-Abuse API for Everyone.“ and the web page starts with a Google-like search mask.

apility screenshot

API documentation

The API documentation is pretty comprehensive and available via web page: https://apility.io/apidocs/. The documentation also gives nice curl examples for every API endpoint that can be copy-pasted.

apility APi documentation

API pricing

The API itself is free but is limited in regards to API calls that can be done. pricing options are available on https://apility.io/pricing/

Example

As an example I tried to get ratings for IPs / domains for a recent APT OSINT report.

To get started you need to sign up and verify your account via an email that you receive shortly after signing up.

I took the tweet from the malwrhunterteam: https://twitter.com/malwrhunterteam/status/1126894905668849664 to test my scripts and also the famous trafficconverter(.)biz

Especially the trafficconverter domain was listed by the tool:

{„response“: {„domain“: {„blacklist“: [„ISC-DOMAINS-LOW“, „ISC-DOMAINS-MEDIUM“], „blacklist_mx“: [], „blacklist_ns“: [], „mx“: [], „ns“: [], „score“: -1}, „ip“: {„address“: „38.102.150.28“, „blacklist“: [], „is_quarantined“: false, „score“: 0}, „source_ip“: {„address“: „“, „blacklist“: [], „is_quarantined“: false, „score“: 0}, „score“: -1}, „type“: „baddomain“}

The scripts I used are available on github:

import requests
from configparser import ConfigParser

config = ConfigParser()
config.read("config.cfg")
APIKEy = config.get('API', 'APIKEY')
print(APIKEy)

url = "https://api.apility.net/baddomain/"

headers = {
'accept': "application/json",
'x-auth-token': APIKEy
}

f = open('./input.txt', 'r')
for line in f.readlines():
print("Will investigate "+line)
response = requests.request("GET", url+line, headers=headers, verify=False)

print(response.text)

print("finished")

It should be noted that there is also a python package available at https://github.com/Apilityio/python-cli and can be installed (but I have not tested it) via:

pip install apilityio-cli

or

easy_install apilityio-cli

Target audience

The target audience for the API as well as the service is:

  • sysadmins who want to use the offered data to sharpen perimeter security tools
  • Researchers to add more data points to their research
  • Threat Intelligence professionals as a data source
  • Incident responders to monitor if any of the ASN / domains they are responsible for is added to one of the blacklists