Download OpenAPI specification:Download
This API endpoint will take a package ID as input and will return a wordlist created by keywords extracted from different endpoints (eg. URLs, file paths) found in the APK.
package_id required | string (Package Id) [ 1 .. 255 ] characters |
X-Access-Token required | string (X-Access-Token) |
curl --location --request GET 'http://osint.bevigil.com/api/com.example.app/wordlist/' \ --header 'X-Access-Token: <API Key Here>'
{- "package_id": "com.example.customer",
- "raw_wordlist": [
- "/app/launch",
- "/credit-app/acceptcredit",
- "/v1/ofs/upload_document",
- "/v1/ofs/loan_progress_info",
- "/v3/group_channels/%s/messages",
- "/v3/open_channels/%s/messages/changelogs",
- "/v3/group_channels/%s/messages/changelogs",
- "/v3/users/%s/my_group_channels/changelogs",
- "/v1/userBanners/dashboard",
- "/v1/payzappint/generatePayZappBill",
- "/v1/account/example/init-payload",
- "/v1/payuint/success",
- "/v1/payuint/failure",
- "/v1/user/feedback/askOnSuccess",
- "com.google.android.gms.ads",
- "/v1/account/getVoucherCashBalanceSplit",
- "/v1/payuint/deletesavedCard",
- "/v1/payuint/status",
- "/v4/account/transactions",
- "/v4/account/transactions/support",
- "/v1/account/transaction/support-direction",
- "/v3/servicePayments/utility/payUtilityBill",
- "/v3/mobile/getOperatorCircle",
- "/v3/servicePayments/operatorConfig/operators",
- "/v3/servicePayments/getPlans",
- "/v3/servicePayments/rechargeMobile",
- "/v2/servicePayments/payMobilePostpaidBill",
- "/v2/servicePayments/getRechargeStatus",
- "/v3/servicePayments/utility/fetchUtilityBill",
- "/v3/analytics/install",
- "v4/payment/initiate_purchase",
- "v4/payment/purchase_status",
- "v3/ola_share/cancel_retry"
], - "wordlist": [
- "/app/launch",
- "/launch",
- "/credit-app/acceptcredit",
- "/v1/ofs/upload_document",
- "/ofs/upload_document",
- "/v1/ofs/loan_progress_info",
- "/v1/postpaid/postpaidDashboard",
- "/postpaid/postpaidDashboard",
- "/v1/user/consents",
- "/user/consents",
- "/v1/account/balances/transfer",
- "/account/balances/transfer",
- "/v2/payuint/generateBillWithoutPaymentHash",
- "/payuint/generateBillWithoutPaymentHash",
- "/v1/payuint/generateBillForType",
- "olaconnect/olacast/inapp/get_template/default",
- "/olacast/inapp/get_template/default",
- "/inapp/get_template/default",
- "/get_template/default",
- "marketing/v2/feedback/push",
- "/v2/feedback/push",
- "/feedback/push",
- "olaconnect/unset/card",
- "v4/payment/change_payment",
- "v3/shuttle/pass_cancellation_reasons",
- "/shuttle/pass_cancellation_reasons",
- "v3/shuttle/shuttle_tracking_polling",
- "/shuttle/shuttle_tracking_polling",
- "v3/sos/inform_police",
- "/sos/inform_police",
- "v3/sos/deactivate_sos_signal",
- "/sos/deactivate_sos_signal",
- "v3/ola_share/active_booking",
- "/ola_share/active_booking",
- "v3/ola_share/cancel_retry",
- "v3/ola_share/booking_cancel",
- "/ola_share/booking_cancel",
- "api/v1/callback/push_notification",
- "/v1/callback/push_notification",
- "/callback/push_notification",
- "v1/ola_pass/subscription_details",
- "/ola_pass/subscription_details",
- "v1/ola_pass/cancel_subscription",
- "example/certificates_v1/",
- "/certificates_v1/"
]
}
This API endpoint will take a package ID as input and will return all the unique hosts found in the APK.
package_id required | string (Package Id) [ 1 .. 255 ] characters |
X-Access-Token required | string (X-Access-Token) |
curl --location --request GET 'http://osint.bevigil.com/api/com.example.app/hosts/' \ --header 'X-Access-Token: <API Key Here>'
{- "package_id": "com.example.customer",
- "hosts": [
- "assets.example.in",
- "api.sandbox.braintreegateway.com",
- "api.braintreegateway.com",
- "codepush.appcenter.ms",
- "q.stripe.com",
- "m.stripe.com",
- "api.stripe.com",
- "pagead2.googlesyndication.com",
- "www.example.com",
- "support.google.com",
- "googleads.g.doubleclick.net",
- "imasdk.googleapis.com",
- "app-measurement.com",
- "www.googleadservices.com",
- "google.com",
- "www.googleapis.com",
- "developers.google.com",
- "firebase-settings.crashlytics.com",
- "update.crashlytics.com",
- "reports.crashlytics.com",
- "firebaseremoteconfig.googleapis.com",
- "www.android.com",
- "facebook.com",
- ".facebook.com",
- "api.xmpush.xiaomi.com",
- "resolver.msg.xiaomi.net",
- "register.xmpush.global.xiaomi.com",
- "fr.register.xmpush.global.xiaomi.com",
- "ru.register.xmpush.global.xiaomi.com",
- "idmb.register.xmpush.global.xiaomi.com",
- "mqa.kaptcha.com",
- "resident.uidai.example.com",
- "info.example.com",
- "mobiletest.example.com",
- "ola-store.example.co",
- "ow-foods.example.co",
- "jp-remote-assets.s3.ap-south-1.amazonaws.com",
- "apiv2mumbai.example.com",
- "apiv2eu.example.com",
- "apiv2.example.com",
- "webhook.logentries.com"
]
}
This API endpoint will take a package ID as input and will return all the S3 bucket URLs found in the APK.
package_id required | string (Package Id) [ 1 .. 255 ] characters |
X-Access-Token required | string (X-Access-Token) |
curl --location --request GET 'http://osint.bevigil.com/api/com.example.app/S3-buckets/' \ --header 'X-Access-Token: <API Key Here>'
{- "package_id": "com.example",
- "s3_buckets": [
]
}
This API endpoint will take a package ID as input and will return all of the assets such as URLs, Hostnames, IP Addresses, Emails, File Paths, Firebase URLs, S3 URLs, etc associated with that APK.
package_id required | string (Package Id) [ 1 .. 255 ] characters |
X-Access-Token required | string (X-Access-Token) |
curl --location --request GET 'http://osint.bevigil.com/api/com.example.app/all-assets/' \ --header 'X-Access-Token: <API Key Here>'
{- "package_id": "com.example",
- "host": {
- "url": [
], - "file_path": [
- "/Annotation",
- "/collections/Iterable",
- "/collections/MutableIterable",
- "/collections/Collection",
- "/collections/MutableMap.MutableEntry",
- "/collections/Iterator",
- "/collections/MutableIterator",
- "/collections/ListIterator",
- "/collections/MutableListIterator",
- "/cpufreq/cpuinfo_max_freq",
- "/Number",
- "/ShortArray",
- "/BooleanArray",
- "/CharArray",
- "/Cloneable"
], - "host": [
- "web.example.in",
- "edis.cdslindia.com",
- "www.udio.in",
- "patient.example.in",
- "pharmacy.example.com",
- "marketing.example.in",
- "m.examplestocks.com",
- "hubhopper.com",
- "example-10acd.firebaseio.com",
- "games.example.in",
- "s3.ap-south-1.amazonaws.com",
- "wallet.udioforyou.com",
- "payment.example.com",
- "loan.example.in",
- "example.s3.ap-south-1.amazonaws.com",
- "play.google.com",
- "www.example.com.com",
- "www.example.in",
- "www.example.com",
- "www.example.com",
- "web-uat1.example.in",
- "wallet.udio.in",
- "butler.razorpay.com",
- "static.wizrocket.com"
], - "filename": [
- "progress_loader.json",
- "version.json",
- "ff_cache.json",
- "pacman.json",
- "roulette.json",
- "billard.json",
- "dart.json",
- "flick.json",
- "inactive_button.json",
- "manifest.json"
], - "rest_api": [
- "v1/save-card/show-form",
- "example/v1/user/verify",
- "example/v3/user/login",
- "example/v1/user/validate-mpin",
- "v1/user/validate-token",
- "example/v1/user/send-otp",
- "example/v2/user/reset-mpin",
- "example/v3/user/register",
- "example/v2/user/get-profile",
- "v1/supersaver/get-application?serviceCheck=true",
- "v1/supersaver/debit-info",
- "v1/supersaver/get-transaction",
- "v2/api/wallet/transactions",
- "v1/udio-card/update",
- "v2/udio-card/block",
- "v1/user/get-preferences",
- "kotlin/reflect/jvm/internal/impl/utils/SmartList",
- "kotlin/reflect/jvm/internal/impl/utils/DFS",
- "v1/recharge/plans",
- "v2/billpay-recharge/add",
- "v1/recharge/fetch-bill",
- "v2/recharge/service-providers",
- "v3/user/balance",
- "v1/user/app-static/shopping",
- "v1/creditline/curative-tile",
- "v1/supersaver/update-kyc-state",
- "example/v1/metadata/wallet_kyc_aadhaar",
- "example/v1/aadhaarxml/webcallback",
- "v1/supersaver/document-metadata",
- "v1/user/app-static/DOF-top-benefits",
- "v1/proxy/analytics/get-user-coupon-details",
- "v1/proxy/analytics/verify-cms-coupon/",
- "v1/user/home-page",
- "v1/user/customer-support",
- "v1/bank-transfer/processing-fee",
- "v1/group/add",
- "v1/group/delete",
- "v1/send-money/add",
- "kotlin/reflect/jvm/internal/impl/utils/WrappedValues",
- "America/Argentina/Buenos_Aires",
- "America/Indiana/Indianapolis",
- "payments/create/ajax",
- "payments/create/checkout/json?key_id=",
- "payments/validate/account",
- "payments/create/checkout",
- "config/app/",
- "yeshen/simulator/",
- "oppo/r7c/r7c"
], - "ip_url": [
- "rtp://0.0.0.0"
], - "relative_endpoint": [
- "com/clevertap/android/sdk/certificates/DigiCertGlobalRootCA.crt",
- "com/clevertap/android/sdk/certificates/DigiCertSHA2SecureServerCA.crt",
- "org/threeten/bp/TZDB.dat"
], - "IP Address disclosure": [
- "0.0.0.0",
- "10.0.0.200",
- "10.237.14.141",
- "127.0.0.1"
], - "AWS URL": [
],
}
}
This API endpoint will take a package ID as input and will return a key-value pair of query parameters and values extracted from all the URLs found in the APK.
package_id required | string (Package Id) [ 1 .. 255 ] characters |
X-Access-Token required | string (X-Access-Token) |
curl --location --request GET 'http://osint.bevigil.com/api/com.example.app/params/' \ --header 'X-Access-Token: <API Key Here>'
{- "package_id": "in.example.android",
- "url_params": {
- "id": [
- "gmob-apps"
], - "v2": [
- "true?makePayment=false"
], - "RID": [
- "40147"
], - "VAA": [
- "B"
], - "id_type": [
- "adid"
], - "sdk_version": [
- "%s"
], - "rdid": [
- "..."
], - "user_code": [
- "%1$s"
], - "qr": [
- "1"
], - "color": [
- "red"
]
}
}
This API endpoint will take the domain name as input and will return all the Android apps which have the domain names mentioned in their APK.
domain_name required | string (Domain Name) [ 1 .. 255 ] characters |
X-Access-Token required | string (X-Access-Token) |
curl --location --request GET 'http://osint.bevigil.com/api/example.com/apps/' \ --header 'X-Access-Token: <API Key Here>'
{- "packages": [
- {
- "package_id": "com.app.example",
- "app_name": "Example - Personal Loan and Investments",
- "app_version": "5.9.28"
}, - {
- "package_id": "com.application.example",
- "app_name": "Example - Online Food Delivery & Restaurant Reviews",
- "app_version": "16.0.5"
}, - {
- "package_id": "com.example.app",
- "app_name": "Example - Rent Bikes & Scooters | Sanitized Rentals",
- "app_version": "4.0.5"
}
]
}
This API endpoint will take a domain name as input and will return the subdomains of that domain.
domain_name required | string (Domain Name) [ 1 .. 255 ] characters |
X-Access-Token required | string (X-Access-Token) |
curl --location --request GET 'http://osint.bevigil.com/api/example.com/subdomains/' \ --header 'X-Access-Token: <API Key Here>'
{- "domain": "example.com",
- "subdomains": [
- "pguat.example.com",
- "easypay.example.com",
- "accounts-staging.example.com",
- "insurance-staging.example.com",
- "prs-staging.example.com",
- "pic-staging.example.com",
- "digitalapiproxy-staging.example.com",
- "ump-staging.example.com",
- "stage-api.lending.example.com",
- "ffwallet-staging.example.com",
- "ump3-staging.example.com",
- "goldengate-staging5.example.com",
- "cir-staging.example.com",
- "goldengate-staging12.example.com",
- "wealth-subscription-staging.example.com",
- "ump-staging3.example.com",
- "goldengate-staging13.example.com",
- "middleware-staging.example.com",
- "catalog-staging.example.com",
- "apiproxy.example.com",
- "assetscdn1.example.com",
- "developerminiapp.example.com",
- "digitalproxy-staging.example.com",
- "cart-staging.example.com",
- "digitalcatalog-staging.example.com",
- "loyalty-staging.example.com",
- "contacts-staging.example.com",
- "business-staging.example.com",
- "staging-dashboard.example.com",
- "staging-merchant.example.com",
- "dev-merchant-analytics.example.com",
- "compliance.example.com",
- "catalogre.example.com",
- "thunderbolt.example.com"
]
}
This API endpoint will take a domain name(example: xvigil.com) as input and will return all of the URLs(example: xvigil.com/infra-monitor/web-apps?issue=) for that domain.
domain_name required | string (Domain Name) [ 1 .. 255 ] characters |
X-Access-Token required | string (X-Access-Token) |
curl --location --request GET 'http://osint.bevigil.com/api/example.com/urls/' \ --header 'X-Access-Token: <API Key Here>'
{- "domain": "example.com",
- "urls": [