Darkweb Search API
Search dark web sources to detect compromised employee credentials and sensitive data breaches.
warning
OEM API requires special partner access. Contact FullHunt sales to enable OEM capabilities on your account.
Search Dark Web Sources
Search for compromised credentials and sensitive data across dark web sources.
HTTP Request
POST https://fullhunt.io/api/v1/oem/darkweb/search
Request Body Parameters
| Parameter | Required | Type | Description |
|---|---|---|---|
| type | Yes | string | Type of search to perform (see supported types below) |
| query | Yes | string | Value to search for |
| query_tags | No | object | Key-value pairs for client-specific tracking |
Supported Query Types
| Type | Description | Example |
|---|---|---|
username | Search by username | "john.smith" |
name | Search by full name | "John Smith" |
email | Search by email address | "john.smith@acme.com" |
hostname | Search by hostname | "ACME-LAPTOP-001" |
mac_address | Search by MAC address | "00:1B:44:11:3A:B8" |
ip_address | Search by IP address | "192.168.1.100" |
org_alias | Search by organization alias | "acme" |
bin | Search by bank identification number | "401288" |
cve | Search by CVE identifier | "CVE-2021-44228" |
domain | Search by domain name | "acme.com" |
password | Search by password | "password123" |
hashed_password | Search by hashed password | "$2a$12$..." |
vin | Search by vehicle identification number | "1HGCM82633A123456" |
address | Search by physical address | "123 Main St" |
phone | Search by phone number | "+1-555-123-4567" |
Example Request
curl -X POST "https://fullhunt.io/api/v1/oem/darkweb/search" \
-H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx" \
-H "Content-Type: application/json" \
-d '{
"type": "domain",
"query": "acme.com",
"query_tags": {
"client_name": "ACMECorp",
"workspace": "production"
}
}'
Example Response
{
"response": [
{
"email": "cfo@acme.com",
"ip_address": "10.0.42.50",
"username": "sarah.williams",
"password": "AcmeFinance2024!",
"hashed_password": "$2a$12$LQv3c1yqBWVHxkd0LHAkCOYz6TtxMQJqhN8/LewvfbrgSP3nXnm3m",
"hash_type": "bcrypt",
"name": "Sarah Williams",
"vin": "5UXWX7C5*BA",
"address": "888 Executive Suite, Phoenix, AZ 85012",
"phone": "+1-602-555-0177",
"database_name": "FinanceTeam_Breach_2024",
"source": "darkweb_marketplace_alpha",
"hostname": "ACME-FIN-LAPTOP-042",
"mac_addresses": "00:1B:44:11:3A:B8",
"bin": "377601******8431",
"salt": "kJ8#mP2$"
},
{
"email": "admin@dev.acme.com",
"ip_address": "192.168.10.100",
"username": "devops_admin",
"password": "Kub3rn3tes2024#",
"hashed_password": "$2a$12$9K4eD8VpqHX8Kl/9J7tGh.zK9x2N5VL8jKy3Z9XgK8Q9L2Q5tNm3b",
"hash_type": "bcrypt",
"name": "Michael Chen",
"vin": null,
"address": "742 Technology Drive, Phoenix, AZ 85007",
"phone": "+1-602-555-0133",
"database_name": "DevOps_Credentials_Leak",
"source": "paste_site_delta",
"hostname": "ACME-K8S-ADMIN-01",
"mac_addresses": "00:1A:2B:3C:4D:5E",
"bins": null,
"salt": "Xp9#qR5$"
}
]
}
Response Fields
| Field | Type | Description |
|---|---|---|
email | string | Email address found in breach |
ip_address | string | IP address associated with the credential |
username | string | Username associated with the credential |
password | string | Plain text password (if available) |
hashed_password | string | Hashed password value |
hash_type | string | Type of hash used (bcrypt, SHA256, MD5, etc.) |
name | string | Full name associated with the credential |
vin | string | Vehicle identification number |
address | string | Physical address |
phone | string | Phone number |
database_name | string | Name of the breach database |
source | string | Source where the data was found |
hostname | string | Hostname of the compromised system |
mac_addresses | string | MAC addresses associated with the system |
bin | string | Bank identification number (masked) |
salt | string | Salt used for hashing |
Use Cases
Security Monitoring
- Monitor for compromised employee credentials
- Detect data breaches affecting your organization
- Track credential exposure across multiple sources
Threat Intelligence
- Identify attack patterns and threat actors
- Correlate breaches with security incidents
- Assess organizational security posture
Partner Integration
- Integrate dark web monitoring into security platforms
- Provide credential monitoring services to clients
- Build comprehensive threat intelligence solutions
Query Tags for Tracking
Use the query_tags parameter to track searches by client or context:
{
"query_tags": {
"client_id": "client_123",
"client_name": "ACME Corporation",
"workspace": "production",
"user_id": "user456",
"scan_id": "scan_789"
}
}
Rate Limiting
OEM Darkweb Search API has custom rate limits based on your partner agreement:
- Negotiated limits based on usage requirements
- Burst capacity for high-volume periods
- Priority processing for partner requests
Error Handling
The API returns standard HTTP status codes:
| Status Code | Description |
|---|---|
| 200 | Success |
| 400 | Bad Request - Invalid parameters |
| 401 | Unauthorized - Invalid API key |
| 403 | Forbidden - OEM access not enabled |
| 429 | Rate limit exceeded |
| 500 | Internal server error |
Security Considerations
- All data is transmitted over HTTPS
- API keys should be kept secure and rotated regularly
- Results may contain sensitive information and should be handled appropriately
- Consider implementing additional access controls in your platform