A friend of mine pitched the idea to start a blog series titled „API of the month“ based on my GitHub repository https://github.com/deralexxx/security-apis.
The idea of that series is to cover an API each month, provide some samples, talk about potential target audience and use cases for the API.
Service description
The first API to be covered is apility. The service is marketed as „Minimal and Simple Anti-Abuse API for Everyone.“ and the web page starts with a Google-like search mask.
API documentation
The API documentation is pretty comprehensive and available via web page: https://apility.io/apidocs/. The documentation also gives nice curl examples for every API endpoint that can be copy-pasted.
API pricing
The API itself is free but is limited in regards to API calls that can be done. pricing options are available on https://apility.io/pricing/
Example
As an example I tried to get ratings for IPs / domains for a recent APT OSINT report.
To get started you need to sign up and verify your account via an email that you receive shortly after signing up.
I took the tweet from the malwrhunterteam: https://twitter.com/malwrhunterteam/status/1126894905668849664 to test my scripts and also the famous trafficconverter(.)biz
Especially the trafficconverter domain was listed by the tool:
{„response“: {„domain“: {„blacklist“: [„ISC-DOMAINS-LOW“, „ISC-DOMAINS-MEDIUM“], „blacklist_mx“: [], „blacklist_ns“: [], „mx“: [], „ns“: [], „score“: -1}, „ip“: {„address“: „38.102.150.28“, „blacklist“: [], „is_quarantined“: false, „score“: 0}, „source_ip“: {„address“: „“, „blacklist“: [], „is_quarantined“: false, „score“: 0}, „score“: -1}, „type“: „baddomain“}
The scripts I used are available on github:
import requests
from configparser import ConfigParser
config = ConfigParser()
config.read("config.cfg")
APIKEy = config.get('API', 'APIKEY')
print(APIKEy)
url = "https://api.apility.net/baddomain/"
headers = {
'accept': "application/json",
'x-auth-token': APIKEy
}
f = open('./input.txt', 'r')
for line in f.readlines():
print("Will investigate "+line)
response = requests.request("GET", url+line, headers=headers, verify=False)
print(response.text)
print("finished")
It should be noted that there is also a python package available at https://github.com/Apilityio/python-cli and can be installed (but I have not tested it) via:
pip install apilityio-cli
or
easy_install apilityio-cli
Target audience
The target audience for the API as well as the service is:
- sysadmins who want to use the offered data to sharpen perimeter security tools
- Researchers to add more data points to their research
- Threat Intelligence professionals as a data source
- Incident responders to monitor if any of the ASN / domains they are responsible for is added to one of the blacklists