Bevigil OSINT API (1.0.0)

Download OpenAPI specification:Download

Wordlist

This API endpoint will take a package ID as input and will return a wordlist created by keywords extracted from different endpoints (eg. URLs, file paths) found in the APK.

path Parameters
package_id
required
string (Package Id) [ 1 .. 255 ] characters
header Parameters
X-Access-Token
required
string (X-Access-Token)

Responses

Request samples

curl --location --request GET 'http://osint.bevigil.com/api/com.example.app/wordlist/' \
--header 'X-Access-Token: <API Key Here>'

Response samples

Content type
application/json
{
  • "package_id": "com.example.customer",
  • "raw_wordlist": [
    ],
  • "wordlist": [
    ]
}

Hosts

This API endpoint will take a package ID as input and will return all the unique hosts found in the APK.

path Parameters
package_id
required
string (Package Id) [ 1 .. 255 ] characters
header Parameters
X-Access-Token
required
string (X-Access-Token)

Responses

Request samples

curl --location --request GET 'http://osint.bevigil.com/api/com.example.app/hosts/' \
--header 'X-Access-Token: <API Key Here>'

Response samples

Content type
application/json
{
  • "package_id": "com.example.customer",
  • "hosts": [
    ]
}

S3 Buckets

This API endpoint will take a package ID as input and will return all the S3 bucket URLs found in the APK.

path Parameters
package_id
required
string (Package Id) [ 1 .. 255 ] characters
header Parameters
X-Access-Token
required
string (X-Access-Token)

Responses

Request samples

curl --location --request GET 'http://osint.bevigil.com/api/com.example.app/S3-buckets/' \
--header 'X-Access-Token: <API Key Here>'

All Assets

This API endpoint will take a package ID as input and will return all of the assets such as URLs, Hostnames, IP Addresses, Emails, File Paths, Firebase URLs, S3 URLs, etc associated with that APK.

path Parameters
package_id
required
string (Package Id) [ 1 .. 255 ] characters
header Parameters
X-Access-Token
required
string (X-Access-Token)

Responses

Request samples

curl --location --request GET 'http://osint.bevigil.com/api/com.example.app/all-assets/' \
--header 'X-Access-Token: <API Key Here>'

Response samples

Content type
application/json
{}

URL Params

This API endpoint will take a package ID as input and will return a key-value pair of query parameters and values extracted from all the URLs found in the APK.

path Parameters
package_id
required
string (Package Id) [ 1 .. 255 ] characters
header Parameters
X-Access-Token
required
string (X-Access-Token)

Responses

Request samples

curl --location --request GET 'http://osint.bevigil.com/api/com.example.app/params/' \
--header 'X-Access-Token: <API Key Here>'

Response samples

Content type
application/json
{
  • "package_id": "in.example.android",
  • "url_params": {
    }
}

Apps

This API endpoint will take the domain name as input and will return all the Android apps which have the domain names mentioned in their APK.

path Parameters
domain_name
required
string (Domain Name) [ 1 .. 255 ] characters
header Parameters
X-Access-Token
required
string (X-Access-Token)

Responses

Request samples

curl --location --request GET 'http://osint.bevigil.com/api/example.com/apps/' \
--header 'X-Access-Token: <API Key Here>'

Response samples

Content type
application/json
{
  • "packages": [
    ]
}

Subdomains

This API endpoint will take a domain name as input and will return the subdomains of that domain.

path Parameters
domain_name
required
string (Domain Name) [ 1 .. 255 ] characters
header Parameters
X-Access-Token
required
string (X-Access-Token)

Responses

Request samples

curl --location --request GET 'http://osint.bevigil.com/api/example.com/subdomains/' \
--header 'X-Access-Token: <API Key Here>'

Response samples

Content type
application/json
{
  • "domain": "example.com",
  • "subdomains": [
    ]
}

URLs

This API endpoint will take a domain name(example: xvigil.com) as input and will return all of the URLs(example: xvigil.com/infra-monitor/web-apps?issue=) for that domain.

path Parameters
domain_name
required
string (Domain Name) [ 1 .. 255 ] characters
header Parameters
X-Access-Token
required
string (X-Access-Token)

Responses