Query malware hashes, vulnerability advisories, exploit databases, and secure file storage — all through a single authenticated API.
>> Authentication
All requests require an API key. Four methods are supported — pick the one that fits your workflow.
Pass your key as a Bearer token.
curl -H "Authorization: Bearer YOUR_KEY" \ "https://cyfare.net/api/enterprise/api.php?endpoint=threat&hash=..."
Send the key as a custom header.
curl -H "X-API-Key: YOUR_KEY" \ "https://cyfare.net/api/enterprise/api.php?endpoint=advisory&q=log4j"
Append api_key= to any request URL.
curl "https://cyfare.net/api/enterprise/api.php
?endpoint=exploit&q=wordpress&api_key=YOUR_KEY"
Subscribe on RapidAPI — no separate CyFare key needed.
curl -H "X-RapidAPI-Key: YOUR_RAPID_KEY" \ -H "X-RapidAPI-Host: cyfare-advanced-threat-api.p.rapidapi.com" \ "https://cyfare-advanced-threat-api.p.rapidapi.com/threat.php?hash=44d88612..."
>> Reference
All requests go to https://cyfare.net/api/enterprise/api.php with the endpoint parameter.
?endpoint=threat
also: endpoint=ultrahash
Look up a file hash (MD5 or SHA256) against the CyFare malware database.
| Parameter | Type | Required | Description |
|---|---|---|---|
| hash | string | required | 32-char MD5 or 64-char SHA256 hex string |
curl -H "X-API-Key: YOUR_KEY" \ "https://cyfare.net/api/enterprise/api.php?endpoint=threat&hash=44d88612fea8a8f36de82e1278abb02f"
curl -H "X-RapidAPI-Key: YOUR_RAPID_KEY" \ -H "X-RapidAPI-Host: cyfare-advanced-threat-api.p.rapidapi.com" \ "https://cyfare-advanced-threat-api.p.rapidapi.com/threat.php?hash=44d88612fea8a8f36de82e1278abb02f"
?endpoint=advisory
Search the vulnerability advisory database (CVEs, GitHub Security Advisories).
| Parameter | Type | Required | Description |
|---|---|---|---|
| q | string | optional | Full-text search query (e.g. log4j remote execution) |
| severity | string | optional | Comma-separated: CRITICAL, HIGH, MEDIUM, LOW, MODERATE |
| year | integer | optional | Filter by publication year |
| date_from | YYYY-MM-DD | optional | Start of date range |
| date_to | YYYY-MM-DD | optional | End of date range |
| reviewed | boolean | optional | Filter by GitHub review status |
| alias | string | optional | Search within vulnerability aliases |
| sort_by | string | optional | published_dt (default), severity, id, modified |
| sort_dir | string | optional | DESC (default) or ASC |
| page / limit | integer | optional | Pagination (limit: 1–100, default 20) |
curl -H "X-API-Key: YOUR_KEY" \ "https://cyfare.net/api/enterprise/api.php?endpoint=advisory&q=log4j&severity=CRITICAL&limit=5"
curl -H "X-RapidAPI-Key: YOUR_RAPID_KEY" \ -H "X-RapidAPI-Host: cyfare-advanced-threat-api.p.rapidapi.com" \ "https://cyfare-advanced-threat-api.p.rapidapi.com/advisory.php?q=log4j&severity=CRITICAL&limit=5"
?endpoint=exploit
Search exploits, shellcodes, and Google Hacking Database (GHDB) entries.
| Parameter | Type | Required | Description |
|---|---|---|---|
| q | string | optional | Free-text search query |
| table_type | string | optional | all (default), exploits, ghdb, shellcodes |
| author | string | optional | Filter by author (exact match) |
| platform | string | optional | Filter by platform (e.g. Windows, Linux, PHP) |
| type | string | optional | Filter by type (e.g. webapps, local, dos) |
| verified | boolean | optional | Filter by verified status |
| date_from / date_to | YYYY-MM-DD | optional | Date range filter |
| sort_by | string | optional | date (default), id, author, type, file |
| page / limit | integer | optional | Pagination (limit: 1–100, default 20) |
curl -H "X-API-Key: YOUR_KEY" \ "https://cyfare.net/api/enterprise/api.php?endpoint=exploit&q=wordpress&platform=PHP&table_type=exploits"
curl -H "X-RapidAPI-Key: YOUR_RAPID_KEY" \ -H "X-RapidAPI-Host: cyfare-advanced-threat-api.p.rapidapi.com" \ "https://cyfare-advanced-threat-api.p.rapidapi.com/exploit.php?q=wordpress&platform=PHP&table_type=exploits"
?endpoint=upload
upload · download
Upload files (max 10 MB) and retrieve them via share tokens.
| Parameter | Type | Required | Description |
|---|---|---|---|
| file | multipart | required (upload) | File to upload (POST multipart/form-data) |
| action | string | optional | upload (default on POST) or download |
| token | string | required (download) | Share token from a previous upload |
curl -X POST -H "X-API-Key: YOUR_KEY" \ -F "file=@/path/to/sample.bin" \ "https://cyfare.net/api/enterprise/api.php?endpoint=upload"
curl -X POST -H "X-RapidAPI-Key: YOUR_RAPID_KEY" \ -H "X-RapidAPI-Host: cyfare-advanced-threat-api.p.rapidapi.com" \ -F "file=@/path/to/sample.bin" \ "https://cyfare-advanced-threat-api.p.rapidapi.com/upload.php"
curl -H "X-API-Key: YOUR_KEY" \ "https://cyfare.net/api/enterprise/api.php?endpoint=upload&action=download&token=TOKEN" \ -o downloaded_file
curl -H "X-RapidAPI-Key: YOUR_RAPID_KEY" \ -H "X-RapidAPI-Host: cyfare-advanced-threat-api.p.rapidapi.com" \ "https://cyfare-advanced-threat-api.p.rapidapi.com/download.php?token=TOKEN" \ -o downloaded_file
Every response includes a _meta block with request metadata.
{
"_meta": {
"api_version": "1.0.0",
"response_ms": 42.7,
"plan": "professional",
"key_hint": "cyf_sk_pro***",
"rate_remaining": { "minute": 57, "hour": 994 }
},
"endpoint": "advisory",
"status": "success",
"meta": { /* pagination, execution_ms, warnings */ },
"data": [ /* results */ ]
}
{
"_meta": { /* ... */ },
"status": "error",
"error": "API key required. ...",
"error_code": "MISSING_API_KEY" // machine-readable code
}
HTTP status codes: 200 success · 400 bad request · 401 unauthorized · 403 forbidden · 404 not found · 429 rate limited · 500/502/503 server errors
>> Interactive
Test the API directly in your browser. Enter your API key and choose an endpoint.
>> Plans
Available directly from CyFare or through the RapidAPI marketplace.
STARTER
For individual researchers and analysts.
PROFESSIONAL
For security teams and professionals.
ENTERPRISE
For SOC teams and large organizations.
RAPIDAPI
Subscribe on RapidAPI — use your existing account.