API Feature Overview

This article serves as an introductory resource for integrating Silent Push's powerful threat intelligence APIs into your security workflows. Whether you're enriching indicators, performing DNS lookups, or automating feeds, these endpoints provide actionable insights into domains, IPs, and emerging threats.

Prerequisites

• Obtain your Silent Push API key from the Silent Push dashboard.

• Replace api_key = "" in the code examples below with your actual key.

All examples use Python with the requests, json, and pandas libraries for simplicity. Adapt as needed for your environment.

We provide a large collection of APIs that customers use to access a wide wealth of cybersecurity information, and use our solutions to improve their own cyber defenses.

With our APIs, you can:

• Access an extensive data set, including information types such as domain, IPv4, IPv6, reputation, PADNS, enrichment, feeds, and scoring.

• Access threat intelligence:  Threat rankings, Indicators of Future Attacks (IOFAs), and threat feeds from Silent Push and third parties.

• Analyze DNS data: Numerous endpoints devoted to analyzing DNS data granularly.

• Capture Live Screenshots: Live screenshots of URLs.

• Perform Live Scans: Information types like HTML data, favicon data, body data, SSL data, domain risk score, and redirect chains.

• Integrate with security tools: Our APIs are specifically designed to integrate with existing security stacks.

• Monitor API usage: API usage and quotas associated with the API.

• Retrieve raw scan data: The original data we scanned.

• Use SPQL: Advanced users can use Silent Push Query Language (SPQL) to retrieve information from multiple datasets.

Top APIs and endpoints

We offer a wide range of APIs for various uses, along with numerous endpoints supporting hundreds of use cases.

To start, begin with our most popular APIs and endpoints among our customers:

Use cases

We offer a suite of APIs for our customers to enhance their cybersecurity operations with various Silent Push solutions, for example:

• Brand impersonation

• Intelligence feeds

• Proactive threat hunting

Brand impersonation

Use case: An e-commerce platform wants to safeguard its brand reputation by detecting and mitigating instances of brand impersonation that could deceive customers.
Implementation: They implement the following relevant solutions using our API's:

1. Domain impersonation detection: The e-commerce platform uses Silent Push’s Explore Recipes API to identify domains that closely resemble its own, a common tactic in phishing attacks.

2. Comprehensive asset monitoring: The API scans for more than domain impersonation; it allows customers to investigate impersonations involving email addresses, HTML titles, and favicons.

3. Automated alerts and response: After the detection of impersonation attempts, the Silent Push system triggers alerts, enabling the security team to take swift action.

Intelligence feeds

Use case: A financial institution wants to increase and support its cybersecurity defenses by integrating real-time threat intelligence into its existing security infrastructure.
Implementation: They implement the following relevant solutions using our API's:

1. Integration of early detection feeds: The financial institution uses Silent Push's API to ingest enriched data on domains, IPs, and URLs associated with malicious activities, including command and control (C2) infrastructures and phishing campaigns.

2. Real-Time monitoring: The security teams gain real-time insights into emerging threats by using early detection feeds. This enables them to adjust their defenses proactively.

3. Prioritization of threats: The enriched data provides context and risk scores, allowing the team to focus on the most critical threats and respond swiftly to potential incidents.

Proactive threat hunting

Use case: A technology company wants to identify and mitigate threats before they impact operations by uncovering the threatening infrastructure during the planning stages of an attack.
Implementation: They implement the following relevant solutions using our APIs:

1. Utilization of Indicators of Future Attack (IOFAs): The technology company leverages Silent Push's APIs to access IOFAs, which include data on domains, IPs, and URLs that are part of potential malicious infrastructures.

2. Behavioral analysis: The security analysts use this data to create behavioral fingerprints that map out adversary Tactics, Techniques, and Procedures (TTPs) before they are weaponized.

3. Preemptive defense measures: Armed with this intelligence, the technology company implements security measures to block or monitor the identified infrastructure, which effectively neutralizes threats before they materialize.

Enrich Indicator

Enriching an indicator (domain, IPv4, or IPv6) provides details on its origin, function, and risk level, including ASN data, reputation scores, and geolocation.

Endpoint: GET /api/v1/merge-api/explore/enrich/{indicator_type}/{indicator}?explain=1

Example Code:

import requests
import json

indicator = "157.119.237.12"
indicator_type = "ipv4"

url = f"https://api.silentpush.com/api/v1/merge-api/explore/enrich/{indicator_type}/{indicator}?explain=1"
data = requests.get(url, headers={'x-api-key': api_key})
json_data = json.loads(data.content)
print(json_data)

Sample Response (Excerpt):

{
  "status_code": 200,
  "error": None,
  "response": {
    "ip2asn": [
      {
        "asn": 134990,
        "asname": "CITYCOMNETWORK-AS-AP CiTYCOM Network, BD",
        "ip_reputation": 0,
        "ip_reputation_score": 0,
        "ip_flags": {
          "is_proxy": True,
          "proxy_tags": ["residential_proxy", "922proxy", "711proxy"]
        },
        "ip_location": {
          "continent_code": "AS",
          "country_code": "BD",
          "country_name": "Bangladesh"
        },
        "sp_risk_score": 0,
        "sp_risk_score_explain": {"sp_risk_score_decider": "ip_reputation"}
      }
    ]
  }
}

This response highlights the IP's proxy status and low risk score, aiding in triage.

Bulk Enrich Indicators

Bulk enrichment supports up to 100 indicators at once for efficient processing. Separate examples for domains, IPv4, and IPv6.

Domains

Endpoint: POST /api/v1/merge-api/explore/bulk/summary/domain?

Example Code:

import requests
import json
import pandas as pd

domains = ["google.com", "facebook.com", "twitter.com"]
api_url = "https://app.silentpush.com/api/v1/merge-api/explore/bulk/summary/domain?"
headers = {'X-API-KEY': api_key}
params = {"explain": 1, "scan_data": 0}
body = {'domains': domains}
bulk_response_data = requests.post(api_url, headers=headers, json=body, params=params)
bulk_response_json = json.loads(bulk_response_data.content)
bulk_response_df = pd.DataFrame(bulk_response_json)['response']
df = pd.json_normalize(bulk_response_df)
print(df)

Sample Output: A normalized DataFrame with enrichment details like reputation and listings for each domain.

IPv4

Endpoint: POST /api/v1/merge-api/explore/bulk/ip2asn/ipv4?

Example Code: Similar to domains, but with ips in the body and IPv4 list (e.g., ["172.67.70.13", "104.26.10.149", "104.26.11.149"]).

Sample Output: DataFrame showing ASN, reputation, and geolocation for each IP.

IPv6

Endpoint: POST /api/v1/merge-api/explore/bulk/ip2asn/ipv6?

Example Code: Analogous to IPv4, using IPv6 addresses (e.g., ["2a02:4780:37:b262:f807:71a8:e3ee:9b64", ...]).

Sample Output: Similar DataFrame structure, adapted for IPv6.

Forward DNS Lookup

Query forward DNS records for a domain, supporting types like A, AAAA, CNAME, MX, NS, PTR4, PTR6, ANY, SOA, and TXT.

Endpoint: GET /api/v1/merge-api/explore/padns/lookup/query/{record}/{domain}?limit=1000

Example Code:

import requests
import json
import pandas as pd

domain = "silentpush.com"
record = "any"

url = f"https://app.silentpush.com/api/v1/merge-api/explore/padns/lookup/query/{record}/{domain}?limit=1000"
data = requests.get(url, headers={'x-api-key': api_key})
json_data = json.loads(data.content)['response']['records']
response = pd.DataFrame(json_data)
print(response)

Sample Output: DataFrame with columns like type, value, first_seen, and last_seen for matching records.

Reverse DNS Lookup

Reverse lookups on passive DNS data, supporting similar record types plus MXHASH, NSHASH, SOAHASH, and TXTHASH.

Endpoint: GET /api/v1/merge-api/explore/padns/lookup/answer/{record}/{ip}?limit=1000

Example Code:

import requests
import json
import pandas as pd

ip = "104.26.10.149"
record = "a"

url = f"https://app.silentpush.com/api/v1/merge-api/explore/padns/lookup/answer/{record}/{ip}?limit=1000"
data = requests.get(url, headers={'x-api-key': api_key})
json_data = json.loads(data.content)['response']['records']
response = pd.DataFrame(json_data)
print(response)

Sample Output: DataFrame detailing resolved domains, timestamps, and counts.

Domain Search

Search domains with filters for name servers, Whois, networks, and patterns. Supports parameters like domain, asnum, registrar, and whois_date_after.

Endpoint: GET /api/v1/merge-api/explore/domain/search?...

Example Code:

import requests
import json
import pandas as pd

domain = "*.ru"
asnum = "207713"
registrar = "REGRU-RU"
whois_date_after = "2020-01-01"

url = f"https://api.silentpush.com/api/v1/merge-api/explore/domain/search?domain={domain}&first_seen_min_mode=strict&first_seen_max_mode=strict&last_seen_min_mode=any&last_seen_max_mode=strict&asnum={asnum}&asn=in&asn_match=any&registrar={registrar}&whois_date_after={whois_date_after}&limit=100&timeline=1&ip_diversity_all_min=5&prefer=result&max_wait=25"
data = requests.get(url, headers={'x-api-key': api_key})
json_data = json.loads(data.content)['response']['records']
records = pd.DataFrame(json_data)
print(records)

Sample Output (Excerpt):

100 rows × 5 columns

Search Scan Data

Query scan data using Silent Push Query Language (SPQL) across various sources, including Webscan, Torscan, WebResources, Opendirectory, services, and Whois.

Endpoint: POST /api/v1/merge-api/explore/scandata/search/raw?limit=100&with_metadata=1

Example Code:

import requests
import pandas as pd
import json

data_source = "webscan,torscan"
query = "favicon_murmur3 = 309020573 AND domain != \"pptanupdate.info\""
full_query = f"datasource={data_source} AND {query}"
url = "https://api.silentpush.com/api/v1/merge-api/explore/scandata/search/raw?limit=100&with_metadata=1"

payload = json.dumps({"query": full_query})
headers = {
    'Content-Type': 'application/json',
    'x-api-key': api_key,
    'meta-data': '1'
}

response = requests.request("POST", url, headers=headers, data=payload)
results = json.loads(response.text)['response']['scandata_raw']
results = pd.DataFrame(results)
print(results)

Sample Output (Excerpt):

Summary Section

This section provides a high-level overview of key metadata for each scan entry.

Security and Analysis Section

This section focuses on adtech, body analysis, SSL details, and data hashes.

Assets and Hashes Section

This section covers favicon details, HHV, and related paths/hashes.

Network and Miscellaneous Section

This section includes resolves_to, datasource, user-agent (excerpt), and screenshot.

Live Scan

Initiate a real-time scan of a URL, configurable by OS, region, platform, and browser.

Endpoint: GET /api/v1/merge-api/explore/tools/scanondemand?url={url}&platform={platform}&OS={os}&browser={browser}®ion={region}

Example Code:

import requests
import json
import pandas as pd

url = "https://www.espn.com/"
os = "Windows"
region = "US"
platform = "Desktop"
browser = "Chrome"

api_url = f"https://api.silentpush.com/api/v1/merge-api/explore/tools/scanondemand?url={url}&platform={platform}&OS={os}&browser={browser}&region={region}"
data = requests.get(api_url, headers={'x-api-key': api_key})
json_data = json.loads(data.content)['response']
df = pd.DataFrame(json_data)
print(df)

Sample Output (Excerpt)

(Includes JARM fingerprints, HTML analysis, and resolves_to IPs.)

Get Indicator of Future Attack (IOFA) Feed

Automate exports of IOFA indicators via Feed UUID for integration with your security stack.

Endpoint: GET /api/v2/iocs/threat-ranking/?page=1&limit=10000&distinct=false&source_uuids={feed_uuid}&order=-total_ioc,-total_source_score&state=Feed&advanced=advanced

Example Code:

import requests
import json
import pandas as pd

feed_uuid = "324c613c-8b4e-4b2e-8f69-9c86fea78077"
data = requests.get(f'https://app.silentpush.com/api/v2/iocs/threat-ranking/?page=1&limit=10000&distinct=false&source_uuids={feed_uuid}&order=-total_ioc,-total_source_score&state=Feed&advanced=advanced', headers={'x-api-key': api_key})
json_data = json.loads(data.content)
response = pd.DataFrame(json_data)
# Optionally export to JSON/CSV

Sample Output: DataFrame of indicators with scores and sources.

Add Indicators to Feed

Programmatically add indicators and tags to a feed using its UUID.

Example Code:

import requests

feed_uuid = "a03f3a69-ac84-4fd8-a7d7-71dafd2bf3f2"
indicators = ["microsoft.com", "apple.com"]
tags = "malware, test"

def add_indicators():
    url = f"https://app.silentpush.com/api/v1/feeds/{feed_uuid}/indicators/"
    payload = {"indicators": indicators}
    headers = {"x-api-key": api_key, "Content-Type": "application/json"}
    response = requests.post(url, json=payload, headers=headers, verify=False)
    print("Status Code:", response.status_code)
    print("Response JSON:", response.json())

def add_tags(indicator):
    url = f"https://app.silentpush.com/api/v1/feeds/{feed_uuid}/indicators/{indicator}/update-tags/"
    payload = {"tags": tags}
    headers = {"x-api-key": api_key, "Content-Type": "application/json"}
    response = requests.put(url, json=payload, headers=headers, verify=False)
    print("Status Code:", response.status_code)
    print("Response JSON:", response.json())

add_indicators()
for indicator in indicators:
    add_tags(indicator)

Sample Output:

Status Code: 201
Response JSON: {'created_or_updated': [{'uuid': 'bed9608aca5a28c3', 'name': '8.8.8.1', 'tags': ''}, ...], 'invalid_indicators': []}

Get Feeds

Retrieve a list of all available feeds.

Endpoint: GET /api/v1/feeds/?page_size=200

Example Code:

import requests

url = "https://app.silentpush.com/api/v1/feeds/?page_size=200"
headers = {"x-api-key": api_key, "Content-Type": "application/json"}
response = requests.get(url, headers=headers, verify=False)
print("Status Code:", response.status_code)
print("Response JSON:", response.json())

Sample Output: JSON array of feeds with UUIDs, names, and metadata.

Get Data Export

Download custom exports from Feed Scanner as CSV, enriched with metadata.

Endpoint: https://app.silentpush.com/app/v1/export/

Example: Get Organization Export

GET /api/v2/export/organisation-feeds/{feed_uuid}_enriched.csv

Example Code:

import requests
import pandas as pd
import io

feed_uuid = "7a7aa058-699a-4bc4-88bd-5256787c313b"
data = requests.get(f'https://app.silentpush.com/api/v2/export/organisation-feeds/{feed_uuid}_enriched.csv', headers={'x-api-key': api_key})
df = pd.read_csv(io.BytesIO(data.content))
print(df)

Sample Output (Excerpt):

(Up to 51 rows across 123 columns, including certificates, NS changes, and risk explanations.)

ThreatCheck

For enterprise users: Check if an IP or hostname appears on an IOFA feed. Returns a boolean with optional text.

Endpoint: GET /v1/?t={indicator_type}&d=iofa&u={access_key}&q={indicator}

Example Code:

import requests
import json

access_key = ""  # Your ThreatCheck access key
indicator = "mahombres.ru"
indicator_type = "name"

data = requests.get(f'https://api.threatcheck.silentpush.com/v1/?t={indicator_type}&d=iofa&u={access_key}&q={indicator}')
json_data = json.loads(data.content)
print(json_data)

Sample Response:

{
  "query": "mahombres.ru",
  "is_listed": True,
  "listed_txt": "listed on Silent Push IOFA feed"
}

Ideal for high-volume integrations like email gateways or SIEMs.

Additional Endpoints

Silent Push offers more endpoints for advanced use cases, such as live WHOIS lookups and dangling DNS detection.

Get ASNs for a Domain

Endpoint: GET /api/v1/explore-recipes/hosting-infra-asns-recipes/query/?limit=100&domain={domain}&type=hosting_infrastructure_asn&queryType=hosting_infrastructure_asn

Example Code:

import requests
import json
import pandas as pd

url = "https://app.silentpush.com/api/v1/explore-recipes/hosting-infra-asns-recipes/query/?limit=100&domain=fox.com&type=hosting_infrastructure_asn&queryType=hosting_infrastructure_asn"
data = requests.get(url, headers={'x-api-key': api_key})
json_data = json.loads(data.content)
response = pd.DataFrame(json_data)['response']
print(response)

Sample Output:

records    [{'asn': 16625, 'asn_size': 7696128, 'asname': 'AOL, US', ...}]
dtype: object