The srcport.com API hosts a wide range of active cyber security tools for testing online targets.
To interact with the API, make a POST request to the endpoint /api/capabilities/[module]/execute where [module] is the name of the tool you want to use.
Configuration of the payload is done through the request body. Here’s a quick examples:
{
"prompt": "example.com",
"options": {
"dns_record": "txt"
},
"config": {
"crawl_target": true,
"delay_sec": 0.1,
"disable_cache": false,
"https_target": true,
"threads": 5,
"timeout_sec": 120,
"verify_https": false
}
}
There are typically 2 main fields:
Note that the config and options must have some value set. If there are available options for the request you must specify a value for each otherwise the request will fail.
The response will always be delivered as a JSON object with a 200 status code. You will receive a results object containing the
{
"results": {
"http": {
"url": "http://example.com",
"code": 200,
"unreachable": false
},
"https": {
"url": "https://example.com",
"code": 200,
"unreachable": false
}
}
}
The structure of the results object will differ between each tool, if you want to explore the tool outputs in more detail, visit https://srcport.com to see the API being used in action.
The response will always be delivered as a string with a non-200 HTTP status code, for example:
"Invalid option 6s in request, must be: [1s 3s 5s 10s 30s 1m]"
You should always check the HTTP response code returned by the server before attempting to access the results.
The result string will always be a user-friendly error intended to be shown to the user providing details of what error has occured.