The Cyber API provides comprehensive access to structured dark web data collected and retained for up to two years.

This data empowers cybersecurity teams to effectively monitor cybercrime activities and underground discussions, investigate leaked credentials and personal data exposures, analyze malware and ransomware trends, and enhance security alerts with contextual dark web intelligence.

The API delivers detailed insights from diverse dark web sources, including forums, chat groups, paste sites, marketplaces, and other decentralized or anonymous networks. Each record is accompanied by rich metadata, facilitating thorough analysis of cyber threats, identification of compromised assets, and timely understanding of emerging risks.

Key Features

Extensive Coverage: Aggregates dark web data from a wide array of sources, such as Tor, Telegram, underground forums, dark web marketplaces, paste sites, and alternative social media platforms.
Structured & Enriched Data: Provides parsed fields beyond raw content, including author details, site metadata, content categories, cyber risk scores, and extracted entities such as emails, IP addresses, CVEs, cryptocurrency addresses, and more.
Risk Scoring: Assigns cyber risk scores to posts based on content analysis and source reputation, helping prioritize investigation and response efforts.
Flexible Search: Enables advanced Boolean queries to filter posts by keywords, topics, or any structured field, supporting precise and targeted data retrieval.

How to Use

The Cyber API uses HTTP GET requests with the following general URL structure:

https://api.webz.io/cyberFilter?token=XXXXX-XXXXX&format=json&q=[QUERY]

q (required): Your search query, which accepts Boolean operators for precise filtering.
token (required): Your API authentication token.
Other optional parameters control sorting, pagination, output format, structured data detail, and result highlighting.

Output Format

Each response includes up to 10 CyberDoc objects representing dark web posts, alongside a root object with metadata about the request such as total results, pagination URLs, and remaining API calls.

CyberDoc entries contain fields such as:

URLs and unique IDs
Post titles and content (including structured chat messages if applicable)
Author information and language
Publication, crawl, and update timestamps
Site metadata (domain, site type, categories)
Extracted cyber entities (domain, emails, credit cards, CVEs, IPs, crypto addresses, etc.)
Cyber risk scores for prioritizing threats