FullHunt API Documentation
Welcome to the FullHunt API documentation. FullHunt holds one of the largest databases for external attack surfaces of the entire Internet. You can use the FullHunt API to access attack surface data.
API Endpoints
FullHunt API can be accessed from two hosts:
https://fullhunt.io/apihttps://enterprise-api.fullhunt.io/api(Dedicated to Enterprise usage)
Getting Started
- Get API key from FullHunt.io profile settings
- Verify authentication using the
/auth/statusendpoint - Start querying the API endpoints
Quick Start
# Test your API key
curl "https://fullhunt.io/api/v1/auth/status" \
-H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx"
API Categories
Attack Surface APIs
- Domain APIs: Get domain details with subdomains, hosts, DNS records, and ports
- Host APIs: Detailed information about specific hosts and their services
- Global Search APIs: Advanced search across the FullHunt database, filter by country, products, technologies, and more
- Data Intelligence APIs: Query the FullHunt database for various intelligence use cases, host lookups, tag searches, product searches
Enterprise APIs
- Organization Management: Manage and monitor your organization's assets
- Alerts: Set up and manage security alerts for your domains
- Vulnerabilities: Monitor and track security vulnerabilities
- Entities: Manage entity relationships and asset discovery
- Dark Web Monitoring: Monitor for compromised credentials and data breaches
- Certificates: SSL/TLS certificate monitoring and management
- On-Demand Scans: Trigger and manage custom security scans
- Suggested Domains: Discover related domains and subdomains
Nexus APIs
- Threat Intelligence: Access to threat intelligence research data
- Tor Lookup: Identify Tor exit nodes and hidden services
- Cloud Certificates: Monitor cloud-based SSL/TLS certificates
- Passive DNS: Historical DNS resolution data
- Domain Collection: Bulk domain data collection and analysis
- IP Lookup: Comprehensive IP address intelligence
OEM APIs
- Dark Web Search: Search dark web marketplaces and forums
- Attack Surface Search: Comprehensive attack surface discovery
- Organizations Search: Search and discover organization-related assets
Additional Resources
- Rate Limiting: Understanding API rate limits and usage quotas
- Error Handling: Common error codes and troubleshooting
Rate Limiting
Rate limiting is applied based on:
- User credits
- API request rates
- Most endpoints are limited to 60 requests per minute
Authentication
All API requests require authentication using the X-API-KEY header. Get your API key from your FullHunt profile settings.
Need Help?
- Sign up for a FullHunt API Key
- Browse the detailed API documentation in the sidebar
- Check the FullHunt website for more information