Bevigil OSINT API (1.0.0)
Download OpenAPI specification:Download
Wordlist
This API endpoint will take a package ID as input and will return a wordlist created by keywords extracted from different endpoints (eg. URLs, file paths) found in the APK.
path Parameters
| package_id required | string (Package Id) [ 1 .. 255 ] characters |
header Parameters
| X-Access-Token required | string (X-Access-Token) |
Responses
Request samples
- cURL
curl --location --request GET 'http://osint.bevigil.com/api/com.example.app/wordlist/' \ --header 'X-Access-Token: <API Key Here>'
Response samples
- 200
- 400
- 401
- 402
- 422
Content type
application/json
{- "package_id": "com.olacabs.customer",
- "raw_wordlist": [
- "/app/launch",
- "/credit-app/acceptcredit",
- "/v1/ofs/upload_document",
- "/v1/ofs/loan_progress_info",
- "/v3/group_channels/%s/messages",
- "/v3/open_channels/%s/messages/changelogs",
- "/v3/group_channels/%s/messages/changelogs",
- "/v3/users/%s/my_group_channels/changelogs",
- "/v1/userBanners/dashboard",
- "/v1/payzappint/generatePayZappBill",
- "/v1/account/juspay/init-payload",
- "/v1/payuint/success",
- "/v1/payuint/failure",
- "/v1/user/feedback/askOnSuccess",
- "com.google.android.gms.ads",
- "/v1/account/getVoucherCashBalanceSplit",
- "/v1/payuint/deletesavedCard",
- "/v1/payuint/status",
- "/v4/account/transactions",
- "/v4/account/transactions/support",
- "/v1/account/transaction/support-direction",
- "/v3/servicePayments/utility/payUtilityBill",
- "/v3/mobile/getOperatorCircle",
- "/v3/servicePayments/operatorConfig/operators",
- "/v3/servicePayments/getPlans",
- "/v3/servicePayments/rechargeMobile",
- "/v2/servicePayments/payMobilePostpaidBill",
- "/v2/servicePayments/getRechargeStatus",
- "/v3/servicePayments/utility/fetchUtilityBill",
- "/v3/analytics/install",
- "v4/payment/initiate_purchase",
- "v4/payment/purchase_status",
- "v3/ola_share/cancel_retry"
], - "wordlist": [
- "/app/launch",
- "/launch",
- "/credit-app/acceptcredit",
- "/v1/ofs/upload_document",
- "/ofs/upload_document",
- "/v1/ofs/loan_progress_info",
- "/v1/postpaid/postpaidDashboard",
- "/postpaid/postpaidDashboard",
- "/v1/user/consents",
- "/user/consents",
- "/v1/account/balances/transfer",
- "/account/balances/transfer",
- "/v2/payuint/generateBillWithoutPaymentHash",
- "/payuint/generateBillWithoutPaymentHash",
- "/v1/payuint/generateBillForType",
- "olaconnect/olacast/inapp/get_template/default",
- "/olacast/inapp/get_template/default",
- "/inapp/get_template/default",
- "/get_template/default",
- "marketing/v2/feedback/push",
- "/v2/feedback/push",
- "/feedback/push",
- "olaconnect/unset/card",
- "v4/payment/change_payment",
- "v3/shuttle/pass_cancellation_reasons",
- "/shuttle/pass_cancellation_reasons",
- "v3/shuttle/shuttle_tracking_polling",
- "/shuttle/shuttle_tracking_polling",
- "v3/sos/inform_police",
- "/sos/inform_police",
- "v3/sos/deactivate_sos_signal",
- "/sos/deactivate_sos_signal",
- "v3/ola_share/active_booking",
- "/ola_share/active_booking",
- "v3/ola_share/cancel_retry",
- "v3/ola_share/booking_cancel",
- "/ola_share/booking_cancel",
- "api/v1/callback/push_notification",
- "/v1/callback/push_notification",
- "/callback/push_notification",
- "v1/ola_pass/subscription_details",
- "/ola_pass/subscription_details",
- "v1/ola_pass/cancel_subscription",
- "juspay/certificates_v1/",
- "/certificates_v1/"
]
}Hosts
This API endpoint will take a package ID as input and will return all the unique hosts found in the APK.
path Parameters
| package_id required | string (Package Id) [ 1 .. 255 ] characters |
header Parameters
| X-Access-Token required | string (X-Access-Token) |
Responses
Request samples
- cURL
curl --location --request GET 'http://osint.bevigil.com/api/com.example.app/hosts/' \ --header 'X-Access-Token: <API Key Here>'
Response samples
- 200
- 400
- 401
- 402
- 422
Content type
application/json
{- "package_id": "com.olacabs.customer",
- "hosts": [
- "assets.juspay.in",
- "api.sandbox.braintreegateway.com",
- "api.braintreegateway.com",
- "codepush.appcenter.ms",
- "q.stripe.com",
- "m.stripe.com",
- "api.stripe.com",
- "pagead2.googlesyndication.com",
- "www.example.com",
- "support.google.com",
- "googleads.g.doubleclick.net",
- "imasdk.googleapis.com",
- "app-measurement.com",
- "www.googleadservices.com",
- "google.com",
- "www.googleapis.com",
- "developers.google.com",
- "firebase-settings.crashlytics.com",
- "update.crashlytics.com",
- "reports.crashlytics.com",
- "firebaseremoteconfig.googleapis.com",
- "www.android.com",
- "facebook.com",
- ".facebook.com",
- "api.xmpush.xiaomi.com",
- "resolver.msg.xiaomi.net",
- "register.xmpush.global.xiaomi.com",
- "fr.register.xmpush.global.xiaomi.com",
- "ru.register.xmpush.global.xiaomi.com",
- "idmb.register.xmpush.global.xiaomi.com",
- "mqa.kaptcha.com",
- "resident.uidai.gov.in",
- "info.payu.in",
- "mobiletest.payu.in",
- "ola-store.olafoods.co",
- "ow-foods.olafoods.co",
- "jp-remote-assets.s3.ap-south-1.amazonaws.com",
- "apiv2mumbai.moengage.com",
- "apiv2eu.moengage.com",
- "apiv2.moengage.com",
- "webhook.logentries.com"
]
}S3 Buckets
This API endpoint will take a package ID as input and will return all the S3 bucket URLs found in the APK.
path Parameters
| package_id required | string (Package Id) [ 1 .. 255 ] characters |
header Parameters
| X-Access-Token required | string (X-Access-Token) |
Responses
Request samples
- cURL
curl --location --request GET 'http://osint.bevigil.com/api/com.example.app/S3-buckets/' \ --header 'X-Access-Token: <API Key Here>'
Response samples
- 200
- 400
- 401
- 402
- 422
Content type
application/json
{- "package_id": "com.indiaBulls",
- "s3_buckets": [
]
}All Assets
This API endpoint will take a package ID as input and will return all of the assets such as URLs, Hostnames, IP Addresses, Emails, File Paths, Firebase URLs, S3 URLs, etc associated with that APK.
path Parameters
| package_id required | string (Package Id) [ 1 .. 255 ] characters |
header Parameters
| X-Access-Token required | string (X-Access-Token) |
Responses
Request samples
- cURL
curl --location --request GET 'http://osint.bevigil.com/api/com.example.app/all-assets/' \ --header 'X-Access-Token: <API Key Here>'
Response samples
- 200
- 400
- 401
- 402
- 422
Content type
application/json
{- "package_id": "com.indiaBulls",
- "host": {
- "url": [
], - "file_path": [
- "/Annotation",
- "/collections/Iterable",
- "/collections/MutableIterable",
- "/collections/Collection",
- "/collections/MutableMap.MutableEntry",
- "/collections/Iterator",
- "/collections/MutableIterator",
- "/collections/ListIterator",
- "/collections/MutableListIterator",
- "/cpufreq/cpuinfo_max_freq",
- "/Number",
- "/ShortArray",
- "/BooleanArray",
- "/CharArray",
- "/Cloneable"
], - "host": [
- "web.dhanipay.in",
- "edis.cdslindia.com",
- "www.udio.in",
- "patient.dhanipay.in",
- "pharmacy.dhani.com",
- "marketing.dhanipay.in",
- "m.dhanistocks.com",
- "hubhopper.com",
- "dhani-10acd.firebaseio.com",
- "games.dhanipay.in",
- "s3.ap-south-1.amazonaws.com",
- "wallet.udioforyou.com",
- "payment.dhani.com",
- "loan.dhanipay.in",
- "dhani.s3.ap-south-1.amazonaws.com",
- "play.google.com",
- "www.indiabullsdhani.com",
- "www.dhanipay.in",
- "www.dhanipay.com",
- "www.dhani.com",
- "web-uat1.dhanipay.in",
- "wallet.udio.in",
- "butler.razorpay.com",
- "static.wizrocket.com"
], - "filename": [
- "progress_loader.json",
- "version.json",
- "ff_cache.json",
- "pacman.json",
- "roulette.json",
- "billard.json",
- "dart.json",
- "flick.json",
- "inactive_button.json",
- "manifest.json"
], - "rest_api": [
- "v1/save-card/show-form",
- "dhani/v1/user/verify",
- "dhani/v3/user/login",
- "dhani/v1/user/validate-mpin",
- "v1/user/validate-token",
- "dhani/v1/user/send-otp",
- "dhani/v2/user/reset-mpin",
- "dhani/v3/user/register",
- "dhani/v2/user/get-profile",
- "v1/supersaver/get-application?serviceCheck=true",
- "v1/supersaver/debit-info",
- "v1/supersaver/get-transaction",
- "v2/api/wallet/transactions",
- "v1/udio-card/update",
- "v2/udio-card/block",
- "v1/user/get-preferences",
- "kotlin/reflect/jvm/internal/impl/utils/SmartList",
- "kotlin/reflect/jvm/internal/impl/utils/DFS",
- "v1/recharge/plans",
- "v2/billpay-recharge/add",
- "v1/recharge/fetch-bill",
- "v2/recharge/service-providers",
- "v3/user/balance",
- "v1/user/app-static/shopping",
- "v1/creditline/curative-tile",
- "v1/supersaver/update-kyc-state",
- "dhani/v1/metadata/wallet_kyc_aadhaar",
- "dhani/v1/aadhaarxml/webcallback",
- "v1/supersaver/document-metadata",
- "v1/user/app-static/DOF-top-benefits",
- "v1/proxy/analytics/get-user-coupon-details",
- "v1/proxy/analytics/verify-cms-coupon/",
- "v1/user/home-page",
- "v1/user/customer-support",
- "v1/bank-transfer/processing-fee",
- "v1/group/add",
- "v1/group/delete",
- "v1/send-money/add",
- "kotlin/reflect/jvm/internal/impl/utils/WrappedValues",
- "America/Argentina/Buenos_Aires",
- "America/Indiana/Indianapolis",
- "payments/create/ajax",
- "payments/create/checkout/json?key_id=",
- "payments/validate/account",
- "payments/create/checkout",
- "config/app/",
- "yeshen/simulator/",
- "oppo/r7c/r7c"
], - "ip_url": [
- "rtp://0.0.0.0"
], - "relative_endpoint": [
- "com/clevertap/android/sdk/certificates/DigiCertGlobalRootCA.crt",
- "com/clevertap/android/sdk/certificates/DigiCertSHA2SecureServerCA.crt",
- "org/threeten/bp/TZDB.dat"
], - "IP Address disclosure": [
- "0.0.0.0",
- "10.0.0.200",
- "10.237.14.141",
- "127.0.0.1"
], - "AWS URL": [
],
}
}URL Params
This API endpoint will take a package ID as input and will return a key-value pair of query parameters and values extracted from all the URLs found in the APK.
path Parameters
| package_id required | string (Package Id) [ 1 .. 255 ] characters |
header Parameters
| X-Access-Token required | string (X-Access-Token) |
Responses
Request samples
- cURL
curl --location --request GET 'http://osint.bevigil.com/api/com.example.app/params/' \ --header 'X-Access-Token: <API Key Here>'
Response samples
- 200
- 400
- 401
- 402
- 422
Content type
application/json
{- "package_id": "in.swiggy.android",
- "url_params": {
- "id": [
- "gmob-apps"
], - "v2": [
- "true?makePayment=false"
], - "RID": [
- "40147"
], - "VAA": [
- "B"
], - "id_type": [
- "adid"
], - "sdk_version": [
- "%s"
], - "rdid": [
- "..."
], - "user_code": [
- "%1$s"
], - "qr": [
- "1"
], - "color": [
- "red"
]
}
}Apps
This API endpoint will take the domain name as input and will return all the Android apps which have the domain names mentioned in their APK.
path Parameters
| domain_name required | string (Domain Name) [ 1 .. 255 ] characters |
header Parameters
| X-Access-Token required | string (X-Access-Token) |
Responses
Request samples
- cURL
curl --location --request GET 'http://osint.bevigil.com/api/example.com/apps/' \ --header 'X-Access-Token: <API Key Here>'
Response samples
- 200
- 400
- 401
- 402
- 422
Content type
application/json
{- "packages": [
- {
- "package_id": "com.app.faircent",
- "app_name": "Faircent - Personal Loan and Investments",
- "app_version": "5.9.28"
}, - {
- "package_id": "com.application.zomato",
- "app_name": "Zomato - Online Food Delivery & Restaurant Reviews",
- "app_version": "16.0.5"
}, - {
- "package_id": "com.metrobikes.app",
- "app_name": "Bounce - Rent Bikes & Scooters | Sanitized Rentals",
- "app_version": "4.0.5"
}
]
}Subdomains
This API endpoint will take a domain name as input and will return the subdomains of that domain.
path Parameters
| domain_name required | string (Domain Name) [ 1 .. 255 ] characters |
header Parameters
| X-Access-Token required | string (X-Access-Token) |
Responses
Request samples
- cURL
curl --location --request GET 'http://osint.bevigil.com/api/example.com/subdomains/' \ --header 'X-Access-Token: <API Key Here>'
Response samples
- 200
- 400
- 401
- 402
- 422
Content type
application/json
{- "domain": "paytm.com",
- "subdomains": [
- "pguat.paytm.com",
- "easypay.paytm.com",
- "accounts-staging.paytm.com",
- "insurance-staging.paytm.com",
- "prs-staging.paytm.com",
- "pic-staging.paytm.com",
- "digitalapiproxy-staging.paytm.com",
- "ump-staging.paytm.com",
- "stage-api.lending.paytm.com",
- "ffwallet-staging.paytm.com",
- "ump3-staging.paytm.com",
- "goldengate-staging5.paytm.com",
- "cir-staging.paytm.com",
- "goldengate-staging12.paytm.com",
- "wealth-subscription-staging.paytm.com",
- "ump-staging3.paytm.com",
- "goldengate-staging13.paytm.com",
- "middleware-staging.paytm.com",
- "catalog-staging.paytm.com",
- "apiproxy.paytm.com",
- "assetscdn1.paytm.com",
- "developerminiapp.paytm.com",
- "digitalproxy-staging.paytm.com",
- "cart-staging.paytm.com",
- "digitalcatalog-staging.paytm.com",
- "loyalty-staging.paytm.com",
- "contacts-staging.paytm.com",
- "business-staging.paytm.com",
- "staging-dashboard.paytm.com",
- "staging-merchant.paytm.com",
- "dev-merchant-analytics.paytm.com",
- "compliance.paytm.com",
- "catalogre.paytm.com",
- "thunderbolt.paytm.com"
]
}URLs
This API endpoint will take a domain name(example: xvigil.com) as input and will return all of the URLs(example: xvigil.com/infra-monitor/web-apps?issue=) for that domain.
path Parameters
| domain_name required | string (Domain Name) [ 1 .. 255 ] characters |
header Parameters
| X-Access-Token required | string (X-Access-Token) |
Responses
Request samples
- cURL
curl --location --request GET 'http://osint.bevigil.com/api/example.com/urls/' \ --header 'X-Access-Token: <API Key Here>'
Response samples
- 200
- 400
- 401
- 402
- 422
Content type
application/json
{- "domain": "paytm.com",
- "urls": [
