-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathapi_doc.html
executable file
·1091 lines (1038 loc) · 46.3 KB
/
api_doc.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="XposedOrNot: API Documentation ">
<meta name="author" content="Devanand Premkumar">
<meta content="XposedOrNot: API Documentation for Developers" property="og:title" />
<meta name="description"
content="Access XposedOrNot's API documentation for seamless integration. Explore endpoints, usage examples, and developer-friendly guides." />
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:site" content="@XposedOrNot">
<meta name="twitter:title" content="XposedOrNot API Reference">
<meta name="twitter:description"
content="Access XposedOrNot's API documentation for seamless integration. Explore endpoints, usage examples, and developer-friendly guides.">
<meta name="twitter:image" content="https://xposedornot.com/static/images/api_reference.png">
<meta property="og:image" content="https://xposedornot.com/static/images/xon.png">
<title>XposedOrNot API Documentation - Check Data Breaches & Password Security</title>
<meta name="description"
content="Comprehensive API documentation for XposedOrNot. Check email breaches, password security, and domain-level data exposure. Free, RESTful API with JSON responses.">
<meta property="og:title" content="XposedOrNot API Documentation - Data Breach & Security APIs">
<meta property="og:description"
content="Access XposedOrNot's powerful APIs to check data breaches, password security, and domain-level exposures. Developer-friendly documentation with examples.">
<meta property="og:type" content="website">
<meta property="og:url" content="https://xposedornot.com/api_doc.html">
<meta name="keywords"
content="API documentation, data breach API, password security, email breach detection, cybersecurity API, domain security, REST API, JSON API, security integration">
<link rel="canonical" href="https://xposedornot.com/api_doc.html">
<meta http-equiv="content-language" content="en">
<meta name="robots" content="index, follow">
<link rel="icon" href="favicon.ico" type="image/x-icon" />
<link rel=stylesheet
href='https://fonts.googleapis.com/css?family=Poppins%3A300%2C400%2C500%2C600%2C700%2C900&subset'
type=text/css media=all defer async>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css"
integrity="sha384-JcKb8q3iqJ61gNV9KGb8thSsNjpSL0n8PARn9HuZOnIxN0hoP+VmmDGMN5t9UJ0Z" crossorigin="anonymous">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.2/css/all.min.css"
integrity="sha256-BtbhCIbtfeVWGsqxk1vOHEYXS6qcvQvLMZqjtpWUEx8=" crossorigin="anonymous" />
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js"
integrity="sha512-bLT0Qm9VnAYZDflyKcBaQ2gg0hSYNQrJ8RilYldYQ1FxQYoCLtUjuuRuZo+fjqhx/qtq/1itJ0C2ejDxltZVFg=="
crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"
integrity="sha384-B4gt1jrGC7Jh4AgTPSdUtOBvfO8shuf57BaghqFfPlYxofvL8/KUEfYiJOMMV+rV"
crossorigin="anonymous"></script>
<link href="/static/css/style.css" type="text/css" rel="stylesheet" defer>
<script src="/static/scripts/other-libraries.js" defer></script>
<style>
:root {
--primary-color: #007BFF;
--secondary-color: #6c757d;
--background-color: #ffffff;
--text-color: #212529;
--border-color: #dee2e6;
--hover-color: #FFBF00;
--code-bg: #f6f8fa;
--panel-bg: #f8f9fa;
--code-text: #24292e;
}
[data-theme="dark"] {
--primary-color: #0d6efd;
--secondary-color: #adb5bd;
--background-color: #212529;
--text-color: #f8f9fa;
--border-color: #495057;
--hover-color: #ffd43b;
--code-bg: #1a1d20;
--panel-bg: #343a40;
--code-text: #e9ecef;
}
body {
font-family: 'Poppins', sans-serif;
line-height: 1.6;
color: var(--text-color);
background-color: var(--background-color);
transition: all 0.3s ease;
}
.container {
max-width: 1200px;
padding: 2rem;
}
.kbanner {
box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
}
.button-link {
display: inline-block;
padding: 12px 24px;
color: #fff;
background-color: var(--primary-color);
text-decoration: none;
border-radius: 8px;
transition: all 0.3s ease;
border: none;
font-weight: 500;
}
.button-link:hover {
background-color: var(--hover-color);
transform: translateY(-2px);
box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
color: #212529;
text-decoration: none;
}
.panel {
background: var(--panel-bg);
border-radius: 12px;
border: 1px solid var(--border-color);
margin-bottom: 2rem;
box-shadow: 0 4px 6px rgba(0, 0, 0, 0.05);
overflow: hidden;
}
.panel-heading {
background-color: var(--primary-color);
color: white;
padding: 1.5rem;
font-size: 1.25rem;
font-weight: 600;
border-radius: 12px 12px 0 0;
}
.panel-body {
padding: 2rem;
}
pre {
background-color: var(--code-bg);
border-radius: 8px;
padding: 1.5rem;
margin: 1rem 0;
overflow-x: auto;
border: 1px solid var(--border-color);
color: var(--code-text);
box-shadow: inset 0 1px 2px rgba(0, 0, 0, .05);
}
.alert {
border-radius: 8px;
padding: 1.5rem;
margin: 1.5rem 0;
border: none;
}
.alert-primary {
background-color: rgba(13, 110, 253, 0.1);
border-left: 4px solid var(--primary-color);
}
[data-theme="dark"] .alert-primary {
background-color: rgba(13, 110, 253, 0.2);
}
[data-theme="dark"] .alert-primary h4 {
color: #ffffff;
}
.alert-danger {
background-color: rgba(220, 53, 69, 0.1);
border-left: 4px solid #dc3545;
}
.table {
border-radius: 8px;
overflow: hidden;
margin: 1.5rem 0;
}
.table th {
background-color: var(--primary-color);
color: white;
}
.table td,
.table th {
padding: 1rem;
}
blockquote {
background-color: var(--code-bg);
border-left: 4px solid var(--primary-color);
padding: 1.5rem;
margin: 1.5rem 0;
border-radius: 0 8px 8px 0;
box-shadow: inset 0 1px 2px rgba(0, 0, 0, .05);
}
[data-theme="dark"] pre {
background-color: #1a1d20;
color: #e9ecef;
border-color: #495057;
}
[data-theme="dark"] code {
color: #e9ecef;
}
[data-theme="dark"] blockquote {
background-color: #1a1d20;
color: #e9ecef;
}
.custom-switch {
position: fixed;
bottom: 2rem;
right: 2rem;
background: none;
padding: 0.5rem;
border-radius: 8px;
z-index: 1000;
width: auto;
display: inline-flex;
align-items: center;
justify-content: flex-end;
float: right;
}
.custom-switch label {
color: var(--text-color);
margin-left: 0.5rem;
white-space: nowrap;
}
html {
scroll-behavior: smooth;
}
@media (max-width: 768px) {
.container {
padding: 1rem;
}
.panel-body {
padding: 1rem;
}
.custom-switch {
bottom: 1rem;
right: 1rem;
}
}
::-webkit-scrollbar {
width: 8px;
height: 8px;
}
::-webkit-scrollbar-track {
background: var(--background-color);
}
::-webkit-scrollbar-thumb {
background: var(--primary-color);
border-radius: 4px;
}
::-webkit-scrollbar-thumb:hover {
background: var(--hover-color);
}
#collapse1 {
background-color: var(--background-color);
color: var(--text-color);
}
.panel-default {
background-color: var(--panel-bg);
color: var(--text-color);
}
.panel-heading {
color: white !important;
}
[data-theme="dark"] #collapse1,
[data-theme="dark"] .panel-default {
background-color: var(--background-color);
color: var(--text-color);
}
[data-theme="dark"] .panel-heading {
background-color: var(--primary-color);
color: white !important;
}
</style>
</head>
<body>
<div class="kbanner">
<nav class="navbar navbar-expand-lg navbar-dark bg-primary kbanner">
<a class="navbar-brand" href="https://xposedornot.com"><span
style="font-size: 1.5em; font-weight: bold; display: block; color: white;">XposedOrNot</span>
<span style="font-size: 0.8em; display: block; color: white; opacity: 0.85; margin-top: -1px;">Community
Edition</span></a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarNavDropdown"
aria-controls="navbarNavDropdown" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarNavDropdown">
<ul class="navbar-nav navbar-right">
<li class="nav-item active">
<a class="nav-link" href="password.html">Password <span class="sr-only">(current)</span>
</a>
</li>
<li class="nav-item active">
<a class="nav-link" href="faq.html">FAQ </a>
</li>
<li class="nav-item active">
<a class="nav-link" href="https://blog.xposedornot.com/">Blog </a>
</li>
<li class="nav-item dropdown active">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdownMenuLink" data-toggle="dropdown"
aria-haspopup="true" aria-expanded="false"> More Tools </a>
<div class="dropdown-menu" aria-labelledby="navbarDropdownMenuLink">
<a class="dropdown-item" href="xposed.html">Xposed Breaches</a>
<a class="dropdown-item" href="shield.html">Privacy Shield</a>
<a class="dropdown-item" href="domain.html">Domain Verification</a>
<a class="dropdown-item" href="domains.html">Domain-level Search</a>
</div>
</li>
</ul>
</div>
</nav>
</div>
<div class="container">
<div align="center">
To experiment with and test our API, we invite you to explore our API Playground.<br><br>
<h3 style="display: inline-block; margin-right: 20px;"><a href="https://api.xposedornot.com/docs"
target="_blank" class="button-link"> 📚 Swagger Documentation</a></h3>
<h3 style="display: inline-block;"><a href="https://xposedornot.docs.apiary.io" target="_blank"
class="button-link"> 🎮 API Playground</a></h3>
</div>
<br>
<div class="panel-group" id="accordion">
<div class="panel panel-default">
<div class="panel-heading"> API Quick Reference </div>
Last Updated: 05-Jun-2023
<div id="collapse1" class="panel-collapse ">
<div class="panel-body">
<br>
Thank you for your interest in <strong>XposedOrNot</strong>. The goal is to keep our API as accessible
and responsive as possible, making it a valuable tool for everyone. Hosted directly on <strong>Google
Infrastructure</strong> and robustly cached by <strong>Cloudflare</strong>, the <strong>XposedOrNot
API</strong> offers rapid responses for any queries, regardless of their origin point. <br><Br>
The <strong>XposedOrNot API</strong> adheres to the principles of <strong>REST architecture</strong>.
It returns <strong>JSON-encoded responses</strong> and utilizes <strong>standard HTTP response
codes</strong>. For the majority of our API routes, there are no authentication requirements,
ensuring easy access and simplicity of use. However, please note that our specific <strong>API route
used for querying domain-related data requires an API key authorization</strong>. This measure is
in place to ensure that only verified owners or authorities of the specified domains can access this
sensitive information.<br><br>
For experimentation and testing purposes, I warmly invite you to explore our API Playground. Here,
you'll have the opportunity to familiarize yourself with the functionality of the XposedOrNot API in a
user-friendly environment.
<br>
<hr>
<div class="alert alert-primary" role="alert">
<h4>
<strong>1. API Call: Checking for Email Address Data Breaches</strong>
</h4>
</div>
<p>
This user-friendly API quickly checks if an email address has been involved in any known data
breaches. It searches a comprehensive database of breaches and alerts you if the email is at risk.
<br><br>
This tool is invaluable for maintaining digital security and understanding the breach history of an
email. It's a step towards better digital safety and awareness.
</p>
<br><strong>API Endpoint:</strong>
<blockquote>
<pre>https://api.xposedornot.com/v1/check-email/[[email protected]]</pre>
</blockquote>
<strong> Example of Successful Breach Detection: </strong>
When a breach is detected, you'll receive a JSON response like this:
<pre>
{
"breaches": [
[
"Tesco",
"KiwiFarms",
"Vermillion",
"Verified",
"LizardSquad",
"2fast4u",
"Autotrader",
"MyRepoSpace",
"SweClockers"
]
]
}
</pre>
The response is in JSON format, making it simple to parse with any scripting language. This lets you
easily integrate the data into your applications.
<br> <strong>Response When No Breach is Found:</strong><br>
If the email address is not found in any breach database, you will get the following JSON response:
<pre>
{"Error":"Not found"}
</pre>
<hr>
<div class="alert alert-primary" role="alert">
<h4>
<strong>2. API Call: Data Breach Analytics for Email Addresses</strong>
</h4>
</div>
<p>
Our API offers an in-depth analysis of an email address's data breach history. It reveals when and
where breaches occurred, providing essential analytics to gauge the impact and severity of these
incidents. This tool is key for understanding data exposure levels and enhancing security
strategies.
</p>
<br><strong>API Endpoint:</strong>
<blockquote>
<pre>https://api.xposedornot.com/v1/breach-analytics?email=[email-address]</pre>
</blockquote>
<p>The API responds with two possible outcomes: success or failure. Below are the key components of a
successful response:</p>
<br>
<ul>
<li><strong>BreachesSummary:</strong> Get a quick overview of all breaches tied to the email
address, including a list of affected sites. Ideal for a fast check on breach history.</li>
<br>
<li><strong>ExposedBreaches:</strong> Receive detailed information on each breach, including the
breached entity's name, description, domain, industry, risk level, references, exposed data
types, and the year and number of records exposed. This helps assess the specifics and
seriousness of each breach.</li>
<br>
<li><strong>BreachMetrics:</strong> This component offers analytics about the breaches, such as
affected industries, password strength, risk score, data types exposed, and a yearly breakdown.
This data is crucial for understanding the full impact of the breaches.</li>
<br>
<li><strong>xposed_data:</strong> Gain insight into the specific data types exposed in the
breaches, such as names, photos, nationalities, etc. This helps in understanding the nature and
extent of personal data exposure.</li>
<br>
<li><strong>PastesSummary:</strong> Provides an overview of 'paste' breaches (data exposures on
public pastebin-like services), including a count and the most recent occurrence. It's a quick
way to gauge exposure on these platforms.</li>
<br>
<li><strong>ExposedPastes & PasteMetrics:</strong> These components give detailed information and a
yearly analysis of paste breaches, allowing for a deeper understanding of exposure trends over
time.</li>
<br>
</ul>
<p>This comprehensive suite of analytics tools offers a deep dive into the data breach history of any
email, providing the insights needed for better digital security management.</p>
<br>
<strong>Sample JSON output on successfully finding a matching record: </strong>
<pre>
{
"BreachMetrics": {
"get_details": [],
"industry": [
[
[ "elec", 1 ],
[ "misc", 0 ],
[ "mini", 0 ],
[ "musi", 0 ],
[ "manu", 0 ],
[ "ener", 0 ],
[ "news", 0 ],
[ "ente", 0 ],
[ "hosp", 0 ],
[ "heal", 0 ],
[ "food", 0 ],
[ "phar", 0 ],
[ "educ", 0 ],
[ "cons", 0 ],
[ "agri", 0 ],
[ "tele", 0 ],
[ "info", 0 ],
[ "tran", 0 ],
[ "aero", 0 ],
[ "fina", 0 ],
[ "reta", 0 ],
[ "nonp", 0 ],
[ "govt", 0 ],
[ "spor", 0 ],
[ "envi", 0 ]
]
],
"passwords_strength": [
{
"EasyToCrack": 0,
"PlainText": 0,
"StrongHash": 1,
"Unknown": 0
}
],
"risk": [
{
"risk_label": "Low",
"risk_score": 3
}
],
"xposed_data": [
{
"children": [
{
"children": [
{
"colname": "level3",
"group": "A",
"name": "data_Usernames",
"value": 1
}
],
"colname": "level2",
"name": "👤 Personal Identification"
},
{
"children": [
{
"colname": "level3",
"group": "D",
"name": "data_Passwords",
"value": 1
}
],
"colname": "level2",
"name": "🔒 Security Practices"
},
{
"children": [
{
"colname": "level3",
"group": "F",
"name": "data_Email addresses",
"value": 1
}
],
"colname": "level2",
"name": "📞 Communication and Social Interactions"
}
]
}
],
"yearwise_details": [
{
"y2007": 0,
"y2008": 0,
"y2009": 0,
"y2010": 0,
"y2011": 0,
"y2012": 0,
"y2013": 0,
"y2014": 0,
"y2015": 1,
"y2016": 0,
"y2017": 0,
"y2018": 0,
"y2019": 0,
"y2020": 0,
"y2021": 0,
"y2022": 0,
"y2023": 0
}
]
},
"BreachesSummary": {
"site": "SweClockers"
},
"ExposedBreaches": {
"breaches_details": [
{
"breach": "SweClockers",
"details": "SweClockers experienced a data breach in early 2015, where 255k accounts were exposed. As a result, usernames, email addresses, and salted hashes of passwords—which were stored using a combination of MD5 and SHA512—were disclosed. Exposed data: Usernames, Email addresses, Passwords.",
"domain": "sweclockers.com",
"industry": "Electronics",
"logo": "Sweclockers.png",
"password_risk": "hardtocrack",
"references": "",
"searchable": "Yes",
"verified": "Yes",
"xposed_data": "Usernames;Email addresses;Passwords",
"xposed_date": "2015",
"xposed_records": 254967
}
]
},
"ExposedPastes": null,
"PasteMetrics": null,
"PastesSummary": {
"cnt": 0,
"domain": "",
"tmpstmp": ""
}
}
</pre>
A few of the data points used in the BreachMetrics are as follows:
<ol>
<li>Industry wise classification</li>
This gives you the count of the breaches exposed in top-19 industries. <br>
<li>Password strength</li>
This gives you the count of breaches that had passwords that are 1. Easy to Crack, 2. Plain Text
passwords & 3. Strong and safe password hashes used. <br>
<li>Year-wise details</li>
This gives you the historical data of data breaches starting from the year 2010 until now. <br>
</ol>
<br>
<strong>Sample output on not finding the matching email address:</strong>
<pre>
{ "Error": "Not found"}
</pre>
<p> This also means that the email searched is not found in any of the data breaches loaded in
XposedOrNot. </p>
<hr>
<div class="alert alert-primary" role="alert">
<h4>
<strong>3. API call to check for exposed passwords anonymously</strong>
</h4>
</div>
<p>If you're interested in checking for exposed passwords, this API is perfect for you. It provides
results in two forms: successful or unsuccessful. Imagine you want to check the widely used
password "123456" - this API can help.</p>
<br>
<blockquote>
<pre>https://passwords.xposedornot.com/v1/pass/anon/[first 10 characters of SHA3-keccak-512 hash]</pre>
</blockquote>
<strong>Sample JSON output on successfully finding a matching password hash: </strong>
<pre>
{
"SearchPassAnon": {
"anon": "808d63ba47",
"char": "D:6;A:0;S:0;L:6",
"count": "11999477",
"wordlist": 0
}
}
</pre>
<p>The API delivers results in a JSON format, which is more informative than a simple yes/no. This
detailed output enables further analysis and enhancement of the extensive list of real-time exposed
passwords.</p>
<br>
<h4>Output Structure Guide:</h4>
<br>
<ul>
<li><strong>"anon" Element:</strong> Every password hash in our database includes the "anon"
element. This is to ensure privacy for users who want to search while remaining anonymous.</li>
<li><strong>"char" Element:</strong> This element provides a breakdown of the password's
characteristics, like length, use of letters, numbers, and special characters. This is
especially useful for understanding password strength and whether it meets various website
requirements.</li>
</ul>
<p>This API is not only useful for identifying exposed passwords but also helps in developing
stronger, more secure password policies.</p>
<br> The following table explains a bit more about the characteristics in simple terms : <br>
<br>
<table class="table table-condensed table-striped table-bordered table-hover">
<tr>
<td> Digits </td>
<td> Count of numbers </td>
</tr>
<tr>
<td> Alphabets </td>
<td> Count of alphabets </td>
</tr>
<tr>
<td> Special chars </td>
<td> Count of special chars </td>
</tr>
<tr>
<td> Length </td>
<td> Length of the password </td>
</tr>
</table>
The last one <strong>"count"</strong> denotes the number of times, this password was observed in the
collected exposed data breaches. For a comprehensive list of all exposed websites, please visit <a
href="xposed.html">
<strong>Xposed websites in XON</strong>
</a>. <br>
<br> Also, one other point to note is the use of <a href="https://en.wikipedia.org/wiki/SHA-3"
target="_blank" rel="noopener">
<strong>SHA3 Keccak-512</strong>
</a> hashing for searching and storing data in XON. Traditional hashing algorithms like MD5 and SHA1
are currently deprecated and also considering the enormous number of records exposed, I have gone
ahead with <strong>SHA3 Keccak-512</strong> algorithm. Keccak-512 hashes are 128 characters long. <br>
<br> Please check the simple and easy-to-use <a href="/samples/index.html" target="_blank">
<strong>sample login screen, </strong>
</a>making use of this API. <br>
<br> Two sample Keccak-512 hashes given for easy reference: <br>
<br> Keccak-512("test")
<strong>
<pre>1e2e9fc2002b002d75198b7503210c05a1baac4560916a3c6d93bcce3a50d7f00fd395bf1647b9abb8d1afcc9c76c289b0c9383ba386a956da4b38934417789e</pre>
</strong>
<br> Keccak-512("pass")
<strong>
<pre>adf34f3e63a8e0bd2938f3e09ddc161125a031c3c86d06ec59574a5c723e7fdbe04c2c15d9171e05e90a9c822936185f12b9d7384b2bedb02e75c4c5fe89e4d4</pre>
</strong>
<br>
<strong>Sample output on not finding the matching password hash:</strong>
<pre>
{ "Error": "Not found"}
</pre>
<hr>
<hr>
<div class="alert alert-primary" role="alert">
<h4>
<strong>4. API call to check for all data breaches loaded in XposedOrNot</strong>
</h4>
</div>
<blockquote>
<pre>https://api.xposedornot.com/v1/breaches</pre>
</blockquote>
The API returns a successful response in the format of JSON only.<br>
<br>This JSON can be easily parsed by all scripting languages for easy interpretation and to extract
data elements to be used in your respective applications. <br>
<pre>
{
"exposedBreaches": [
{
"breachID": "APK.TW",
"breachedDate": "2022-09-01T00:00:00+00:00",
"domain": "apk.tw",
"exposedData": [
"Email addresses",
"Usernames",
"Passwords",
"IP addresses"
],
"exposedRecords": 2457094,
"exposureDescription": "APK.TW, a Taiwanese Android forum, experienced a data breach in September 2022, affecting 3.7 million members. This incident exposed usernames, email addresses, IP addresses, and passwords encrypted with salted MD5 hashes.",
"industry": "Information Technology",
"logo": "https://xposedornot.com/static/logos/APKTW.png",
"passwordRisk": "easytocrack",
"referenceURL": "",
"searchable": true,
"sensitive": false,
"verified": true
},
{
"breachID": "Habibs",
"breachedDate": "2021-08-01T00:00:00+00:00",
"domain": "habibs.com.br",
"exposedData": [
"Email addresses",
"Names",
"Phone numbers",
"Dates of birth",
"IP addresses"
],
"exposedRecords": 3519666,
"exposureDescription": "Habib's, a Brazilian fast food restaurant, experienced a significant data breach in August 2021, that impacted 3.5 million users, revealing personal information like email addresses, IP addresses, names, phone numbers, and dates of birth, along with CPF numbers and social media profile links. ",
"industry": "Food",
"logo": "https://xposedornot.com/static/logos/Habibs.png",
"passwordRisk": "unknown",
"referenceURL": "",
"searchable": true,
"sensitive": false,
"verified": true
},
{
"breachID": "GreenGaming",
"breachedDate": "2024-03-01T00:00:00+00:00",
"domain": "mrgreengaming.com",
"exposedData": [
"Email addresses",
"IP addresses",
"Geographic locations",
"Usernames",
"Dates of birth"
],
"exposedRecords": 27142,
"exposureDescription": "MrGreenGaming announced on their community forum reported a security breach due to unauthorized access via an inactive administrator account leading to a data breach on 01-Mar-2024. The intrusion led to vandalism and the potential exposure of user data, including usernames, email addresses, IP addresses at account creation, and birthdays.",
"industry": "Entertainment",
"logo": "https://xposedornot.com/static/logos/GreenGaming.png",
"passwordRisk": "unknown",
"referenceURL": "https://forums.mrgreengaming.com/topic/30151-%E2%9A%A0%EF%B8%8Fdata-breach%E2%9A%A0%EF%B8%8F/#comment-536079",
"searchable": true,
"sensitive": false,
"verified": true
},
{
"breachID": "CutoutPro",
"breachedDate": "2024-02-01T00:00:00+00:00",
"domain": "cutout.pro",
"exposedData": [
"Names",
"Passwords",
"Email addresses",
"IP addresses"
],
"exposedRecords": 20021813,
"exposureDescription": "Cutout.Pro, an AI-powered photo editing platform, experienced a data breach affecting 20 million users. Information exposed includes email addresses, hashed passwords, IP addresses, and names. A cybercriminal posted 5.93 GB of data on hacker forum, including a 41.4 million record database dump with unique email addresses.",
"industry": "Information Technology",
"logo": "https://xposedornot.com/static/logos/Cutout.pro.png",
"passwordRisk": "easytocrack",
"referenceURL": "https://www.bleepingcomputer.com/news/security/20-million-cutoutpro-user-records-leaked-on-data-breach-forum/",
"searchable": true,
"sensitive": false,
"verified": true
},
and so on...
</pre>
<br>Furthermore you can also send a parameter like a domain and filter the results to dispay content
specific to that breach. <br>
<blockquote>
<pre>https://api.xposedornot.com/v1/breaches?domain=[twitter.com]</pre>
</blockquote>
<pre>
{
"Exposed Breaches": [
{
"Breach ID": "Twitter-Scraped",
"Breached Date": "2021-01-01T00:00:00+00:00",
"Domain": "twitter.com",
"Exposed Data": "Usernames;Email addresses;Names;Geographic locations;Profile photos;Phone numbers",
"Exposed Records": 208918735,
"Exposure Description": "\"The \"\"Twitter Email Addresses Leak\"\" involves a data leak of over 200 million Twitter user profiles around 2021. The leak includes email addresses, names, screen names, follow counts, and account creation dates. The data was obtained through a Twitter API vulnerability that allowed the input of email addresses and phone numbers to confirm their association with Twitter IDs.\"",
"Industry": "Information Technology",
"Logo": "Twitter.png",
"Password Risk": "unknown",
"Searchable": "Yes",
"Sensitive": "No",
"Verified": "Yes"
}
],
"status": "success"
}
</pre>
The API returns a successful response in the format of JSON only.<br>
<hr>
<div class="alert alert-primary" role="alert">
<h4>
<strong>5. API call to check for all data breaches for verfied domains</strong>
</h4>
</div>
<blockquote>
<pre>https://api.xposedornot.com/v1/domain-breaches/</pre>
</blockquote>
This is a POST request and requires the valid API key to be included in the header with the key
'x-api-key'. This endpoint does not accept any request body, hence, the content length header should
be set to '0'.
<br>
** For validated domains, API key is available in the <a href="dashboard.html">dashboard</a>.
<br><br>
Sample API request using curl:
<blockquote>
<pre>
curl -L -X POST -H "x-api-key: 2a447449965fe2b3f1729b65ee94197d" -H "Content-Length: 0" https://api.xposedornot.com/v1/domain-breaches/
</pre>
</blockquote>
The response of the API is in JSON format. The main key 'metrics' contains details about the breach.
Below are the description of each sub-key in 'metrics':<br><br>
1.<strong>Breach_Summary</strong>: This field provides a summary of the number of breaches per
organization.<br>
2.<strong>Breaches_Details</strong>: This is an array containing detailed information about each
individual breach, including the name of the breached organization, the domain, and the email address
associated with the breach.<br>
3.<strong>Detailed_Breach_Info</strong>: This field contains a detailed summary of the breaches,
including the date of the breach, the logo of the organization, whether or not the password was at
risk, whether the breach is searchable, the type of data exposed, the total number of records exposed,
and a description of the breach.<br>
4.<strong>Domain_Summary</strong>: This provides a summary of the number of breaches per domain.<br>
5.<strong>Top10_Breaches</strong>: This field provides a list of the top 10 breaches.<br>
6.<strong>Yearly_Metrics</strong>: This field provides a yearly breakdown of the number of breaches
from 2010 to the present year.<br>
<br>Sample output is given for easy reference.<br>
<pre>
{
"metrics": {
"Breach_Summary": {
"AerServ": 1
},
"Breaches_Details": [
{
"breach": "AerServ",
"domain": "xposedornot.com",
"email": "[email protected]"
}
],
"Detailed_Breach_Info": {
"AerServ": {
"breached_date": "Tue, 01 Apr 2014 00:00:00 GMT",
"logo": "Aerserv.png",
"password_risk": "plaintext",
"searchable": "Yes",
"xposed_data": "Email Addresses",
"xposed_records": 64777,
"xposure_desc": "AerServ, an ad management platform, experienced a data breach in April 2018. This incident occurred after its acquisition by InMobi and affected more than 64,000 unique email addresses. The exposed data included contact information and passwords, which were stored as salted SHA-512 hashes. Later in 2018, the breached data was publicly posted on Twitter, prompting InMobi to acknowledge the incident "
}
},
"Domain_Summary": {
"xposedornot.com": 1
},
"Top10_Breaches": {
"AerServ": 1
},
"Yearly_Metrics": {
"2010": 0,
"2011": 0,
"2012": 0,
"2013": 0,
"2014": 1,
"2015": 0,
"2016": 0,
"2017": 0,
"2018": 0,
"2019": 0,
"2020": 0,
"2021": 0,
"2022": 0,
"2023": 0
}
},
"status": "success"
}
</pre>
<strong> Error Handling</strong>: In case of an invalid or missing API key, the response would be as
follows:
<pre>
{
"message":"Invalid or missing API key",
"status":"error"
}
</pre>
The <strong>message</strong> field will contain a description of the error, and the
<strong>status</strong> field will contain the string "error" to indicate that an error has occurred.
<br><Br>
Remember to replace "YOUR_API_KEY" with your actual API key when making a request to the endpoint.
<hr>
<div class="alert alert-primary" role="alert">
<h4>
<strong>6. API response codes</strong>
</h4>
<br>
</div>
XposedOrNot API uses conventional HTTP response codes to indicate the success or failure of an API
request. In general: Codes in the 2xx range indicate success. Codes in the 4xx range indicate an error
that failed given the information provided (e.g., wrong parameters, insufficient query options, wrong
url etc). Codes in the 5xx range indicate an error with XposedOrNot's server. <br>
<br> In other words, codes in the 4xx range indicate an user error(You) and 5xx indicates a server
error(Me). <br>
<br>
<table class="table table-hover table-bordered ">
<thead class="thead-light">
<tr>
<th scope="col">Code</th>
<th scope="col">Description</th>
</tr>
</thead>
<tbody>
<tr>
<th scope="row">200</th>
<td>Success will output JSON response</td>
</tr>
<tr>
<th scope="row">401</th>
<td>Invalid/un-authorised API key</td>
</tr>
<tr>
<th scope="row">404</th>
<td>Error in input ( no data found )</td>
</tr>
<tr>
<th scope="row">429</th>
<td>Speed throttle hit - time to slow down</td>
</tr>
<tr>
<th scope="row">502/503</th>
<td>Server fault - Totally my problem to fix. Please shout across, if you see this ;)</td>
</tr>
</tbody>
</table>
<div class="alert alert-danger" role="alert">
<strong>Note: </strong>Search queries for Passwords are not restricted by time or count. <br>
<br>
<em class="fas fa-exclamation-triangle" style="font-size:28px;color:red"></em> There will be a
threshold of 1 query per second for each and every API request. Request you to be kindly cognizant
of that and then re-try with a slow mode or sleep model. <br>
<br> Folks who regularly try to misuse or abuse this API for their own nefarious purposes will be
kicked into deep dark dungeons by the not-so-famous <a onclick="jsfunction()"
href="javascript:void(0);">xGuardian</a>. You are warned. <br>
<br>
<em class="fa fa-bug" aria-hidden="true" style="font-size:28px;color:red"></em> If you came across
a bug in the API, feel free to message me at Twitter or email me. I would be more than happy to
acknowledge and remediate the same for the benefit of all users.
</div>
</div>
</div>
</div>
<div class="container text-center">
<footer>
<aside>
<br>
<a style="color:#3c5fec" href="https://twitter.com/xposedornot" aria-hidden="true" target="_blank"
rel="noopener">  <em class="fab fa-twitter fa-3x"></em>
</a>
<a style="color:#3c5fec" href="https://facebook.com/xposedornot" aria-hidden="true" target="_blank"