Introduction

Welcome to the FullHunt API documentation. FullHunt holds one of the largest Databases for external attack surfaces of the entire Internet. You can use the FullHunt API to access attack surface data.

Authentication

To authenticate:

# With shell, you can just pass the correct header with each request
curl "https://fullhunt.io/api/v1/auth/status" \
  -H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx"

Make sure to replace xxxx-xxxx-xxxx-xxxxxx with your API key.

FullHunt uses API keys to allow access to the API. You can sign up for a new FullHunt account to have an API key and will find it on your profile settings.

Some APIs do not require to be authenticated, however, data will be limited for non-authenticated users.

Domain APIs

Get Domain Details

Get domain details, subdomains, associated hosts, DNS records, exposed ports, and more.

Rate limiting: requests are limited to 60 requests per minute.

curl "https://fullhunt.io/api/v1/domain/kaspersky.com/details" \
  -H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx"

The above command returns JSON structured like this:

{
  "domain": "kaspersky.com",
  "hosts": [
    {
      "cdn": "",
      "cloud": {
        "provider": "GCP",
        "region": "global"
      },
      "dns": {
        "a": [
          "35.186.208.154"
        ],
        "aaaa": null,
        "cname": [
          "kpcpt.cname.nexway.com."
        ],
        "mx": null,
        "ns": null,
        "ptr": [
          "154.208.186.35.bc.googleusercontent.com."
        ],
        "txt": null
      },
      "domain": "kaspersky.com",
      "has_ipv6": false,
      "has_private_ip": false,
      "host": "loja.center.kaspersky.com",
      "http_status_code": 0,
      "http_title": "",
      "ip_address": "35.186.208.154",
      "ip_metadata": {
        "asn": 15169,
        "city_name": "",
        "country_code": "US",
        "country_name": "United States",
        "isp": "Google Cloud",
        "location_latitude": 37.751,
        "location_longitude": -97.822,
        "organization": "Google Cloud",
        "postal_code": "",
        "region": ""
      },
      "is_cdn": false,
      "is_cloud": true,
      "is_cloudflare": false,
      "is_live": true,
      "is_resolvable": true,
      "network_ports": [
        1935,
        30000,
        3389,
        5672,
        5901,
        5999,
        80,
        83,
        85,
        87
      ],
      "tags": [
        "cname",
        "cloud",
        "gcp",
        "rdp",
        "amqp"
      ],
      "tld": "com"
    }
  ],
  "status": 200,
  "message": "",
  "metadata": {
    "all_results_count": 349,
    "available_results_for_user": 300,
    "domain": "kaspersky.com",
    "last_scanned": 1626577921,
    "max_results_for_user": 300,
    "timestamp": 1634004417,
    "user_plan": "advanced"
  }
}

HTTP Request

GET https://fullhunt.io/api/v1/domain/<domain>/details

URL Parameters

Parameter	Description
domain	The searched domain.

Get Subdomains of a domain

List all discovered subdomains/hosts for a given domain.

Rate limiting: requests are limited to 60 requests per minute.

curl "https://fullhunt.io/api/v1/domain/kaspersky.com/subdomains" \
  -H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx"

The above command returns JSON structured like this:

{
  "domain": "kaspersky.com",
  "hosts": [
    "kaspersky.com",
    "www.kaspersky.com",
    "xxx.kaspersky.com"
  ],
  "status": 200,
  "message": "",
  "metadata": {
    "all_results_count": 349,
    "available_results_for_user": 300,
    "domain": "kaspersky.com",
    "last_scanned": 1626577921,
    "max_results_for_user": 300,
    "timestamp": 1634004387,
    "user_plan": "advanced"
  }
}

HTTP Request

GET https://fullhunt.io/api/v1/domain/<domain>/subdomains

URL Parameters

Parameter	Description
domain	The searched domain.

Get details of a specific host

This endpoint retrieves details for a given host.

curl "https://fullhunt.io/api/v1/host/loja.center.kaspersky.com" \
  -H "X-API-KEY: xxxx-xxxx-xxxx-xxxxxx"

The above command returns JSON structured like this:

{
  "cdn": "",
  "cloud": {
    "provider": "GCP",
    "region": "global"
  },
  "dns": {
    "a": [
      "35.186.208.154"
    ],
    "aaaa": null,
    "cname": [
      "kpcpt.cname.nexway.com."
    ],
    "mx": null,
    "ns": null,
    "ptr": [
      "154.208.186.35.bc.googleusercontent.com."
    ],
    "txt": null
  },
  "domain": "kaspersky.com",
  "has_ipv6": false,
  "has_private_ip": false,
  "host": "loja.center.kaspersky.com",
  "http_status_code": 0,
  "http_title": "",
  "ip_address": "35.186.208.154",
  "ip_metadata": {
    "asn": 15169,
    "city_name": "",
    "country_code": "US",
    "country_name": "United States",
    "isp": "Google Cloud",
    "location_latitude": 37.751,
    "location_longitude": -97.822,
    "organization": "Google Cloud",
    "postal_code": "",
    "region": ""
  },
  "is_cdn": false,
  "is_cloud": true,
  "is_cloudflare": false,
  "is_live": true,
  "is_resolvable": true,
  "network_ports": [
    1935,
    30000,
    3389,
    5672,
    5901,
    5999,
    80,
    83,
    85,
    87
  ],
  "tags": [
    "cname",
    "cloud",
    "gcp",
    "rdp",
    "amqp"
  ],
  "tld": "com"
}

HTTP Request

GET https://fullhunt.io/api/v1/host/<host>

URL Parameters

Parameter	Description
host	The searched host.

Rate Limiting

Rate limiting applies based on different factors:

Users Credits
API requests rate

Errors

The FullHunt API uses the following error codes:

Error Code	Meaning
400	Bad Request -- Your request is invalid.
401	Unauthorized -- Your API key is wrong.
403	Forbidden -- The requested resource is forbidden.
404	Not Found -- The requested resource could not be found.
429	Too Many Requests -- You are sending too many requests.