Overview

This is the first approach to provide an API for the desenmascara.me service therefore the amount of details returned is limited. If you want to obtain the full details you may go directly either to the desenmascara.me service or pwnedwebsites.com resource.

Index

• Overview
• Querying if a given website has been pwned
• Getting the security awareness score for a given website
• http or https
• Getting the number of URLs related to a given brand
• Another potential uses
• Getting the URL's MD5 and the current status of 10 random FAKE websites for a given brand
• Querying the number of websites prone to be compromised (scoring less than 20) by country
• Unmasking (desenmascarando in Spanish) a website in real time
• Querying 10 URLs potentially prone to be compromised (the lower score possible) by TLD (gov, es. com...)
• Querying if a given website has been blacklisted in the past by SafeBrowsing
• Querying if a given website has been categorized either as fake, not official or official
• URLs Format
• Purposes
• Private API
• Authentication
• Rate limiting
• Abuse
• Disclaimer
• Contact

Querying if a given website has been pwned

The most common use of the API is to return compromised details for a given URL. The API takes a single parameter which is the URL to be searched for. It will search for either for http or https version of the website. i.e: will return pwned website details (url; incident; date; sector; reference) separated by ";" In case the queried website has not been pwned but it was in the desenmascara.me database, the following text will appear In case the queried website has not been pwned and it was not in the desenmascara.me database, the following text will appear

Getting the security awareness score of a given website

In the same way as getting a pwned website, in order to return the security awareness score of a given website, the API takes a single parameter which is the URL to be searched for. i.e: will return the url, the score value of the website and the last date which was unmasked (desenmascarado in Spanish) separated by ";" In case the queried website has not been unmasked yet (desenmascarado in Spanish), the following text will appear

HTTP o HTTPS
In contrast to querying a pwned website where the search is either for http and https, here by default when querying a website as above the query is for http. If you want to query the https version of a website you should do it as below: i.e: will return the score value of the website along with the last date which was unmasked (desenmascarado in Spanish) Notice that based on the kind of query (either http or https) the result may be different as the website infrastructure might change. i.e: result different to the https version

Querying the number of URLs related to a given brand

There are either fake or no official pages for several brands. Take a look to some stats collected.
By quering a given brand or word you can get the number of URLs retrieved by the desenmascara.me service.
i.e: will return the brand (or word), and the number of URLs available in the desenmascara.me service related to this brand (or word).

ANOTHER POTENTIAL USES
One of the core purposes of this search is to search for number of brands but you can use it as you like. The term used here will look in the metadata field, therefore you can use as your imagination allows you:

To get some numbers about software used To get some numbers about CMSs used Security headers used and so on... you get the idea right? :)

Getting the URL's MD5 and the current status of 10 random FAKE websites for a given brand

In order to have an idea of the data collected you can get some examples of websites (obfuscated with the MD5 instead of the URL) for any brand, let's say for example for RayBan.
By quering a given brand you can get 10 random of URL's MD5 and it's current status.
i.e: will return a list of 10 objects as below: The CURRENT STATUS values can be:

• Taken down: A FAKE website has been taken down by the brand or cooperators as any of this.
• 200: A FAKE website is still active.
• URL error: A FAKE website does not exists anymore.
• Socket error: A FAKE website either is not existing anymore or raised a timeout while checking the status.
• 403: A FAKE website either is not allowing us to gather information or it has been blocked.
• Parked: A FAKE website domain has been removed and now the domain it is parked.
  
  
  If you are interested in the FULL list of URLs, then contact with me
  
  
  

  Querying the number of websites prone to be compromised (scoring less than 20) by Country

  By querying a country (always in lowercase) you can get the number of URLs whose websites are hosted there with a score less than 20 (prone to be compromised). Take a look to the stats to get an idea about the top countries.
  
  
  GET http://desenmascara.me/api/hostcountry/{country}
  i.e:
  GET http://desenmascara.me/api/hostcountry/spain
  will return the number of URLs available in the desenmascara.me service for the country queried and with a score less than 20
  spain ; 819
  
  
  

  Unmasking (desenmascarando in Spanish) a website in real time

  Not ready yet. At this time the only way to unmask (desenmascarar in Spanish) a website is directly through the desenmascara.me service. This API does only provide information from the Database.
  
  

  Querying 10 URLs potentially prone to be compromised (the lowest score possible) by TLD (gov, es. com...)

  It took me some time to publish this feature as I am aware of the potential malicious uses, but the goal of this service is to raise web security awareness to web owners, and honestly I think this way, despite being the hard way, it is a legitimate method to raise security awareness by exposing some numbers and data, and the most important, it is neither illegal nor unethical.
  
  By querying a TLD (just the letters without dot) you will get a list of the 10 websites with the lowest scoring (security awareness value).
  In other words, this list is a potential list of websites prone to be compromised.
  
  GET http://desenmascara.me/api/lessscorebytld/{tld}
  i.e:
  GET http://desenmascara.me/api/lessscorebytld/gov
  will return the URLs with the lowest score
  http://www.doe.in.gov : -165
http://www.cbp.gov : -140
http://www.performance.gov : -40
https://studentaid.ed.gov : -40
http://webapps.dol.gov : -10
http://www.dol.gov : -10
http://woodstockct.gov : -10
http://www.fairhousing.arkansas.gov : -10
http://www.washingtoncounty.in.gov : -10
http://arcadia-fl.gov : -10
  Notice that a website under the dol.gov was compromised in the past.
  Bear in mind that the last desenmascara.me date is not showed, it is possible a website listed there has been already updated but it has not been desenmascarado again. You can use the desenmascara.me service in order to show the full details.
  
  

  Querying if a given website has been blacklisted in the past by SafeBrowsing

  Not ready yet
  
  

  Querying if a given website has been categorized either as fake, not official or official

  Contact with me
  
  

  URLs format

  Prior to use this API make sure the URL you are going to query is valid. Only letters, numbers and the underscore and dash symbols are allowed. In case you use this API with a non valid URL such as: b you will obtain a standard 404 desenmascara.me response with the full HTML code. It is your responsability make sure the URLs you are querying are valid otherwise you may obtain results unable to be parsed correctly.
  Below you can find a list of valid URL formats to use either with http or https:
  • GET http://desenmascara.me/api/google.com
  • GET http://desenmascara.me/api/51pojieb.com
  • GET http://desenmascara.me/api/espace-prelevement.eu
  • GET http://desenmascara.me/api/www.google.com
  • GET http://desenmascara.me/api/www.dreamhouse1990.com
  • GET http://desenmascara.me/api/wt9.97sky.cn
  • GET http://desenmascara.me/api/hiroba.dqx.jp.sq.fscjv.com
  And some non valid URLs
  • GET http://desenmascara.me/api/n
  • GET http://desenmascara.me/api/nothing
  • GET http://desenmascara.me/api/http://www.securitybydefault.com
  
  
  

  Purposes

  I can imagine infinite purposes to use this data (currently I am using it for research purposes).
  • For fun
  • For research
  • For stats
  • To discover websites prone to be compromised
  • For context in websites related security incidents
  • For monitor changes in the website infrastructure
  • For evaluate confidence in a given website
  • For integration in services which categorize websites based on reputation
  • For brand abuse monitoring
  • For historic purposes
  • Use your imagination and out-of-the-box-thinking
  One of the main purposes of this service is to show the relation between poor maintained websites and malicious websites. It is a call for webmasters in order to keep update their websites.
  
  

  Private API

  There is also a private API provided to companies under request which gives full access to data like urlfeeds.
  i.e: URL feeds with more data under request:
  
  
  Security
  • URLs with either a determined score or score range (i.e: websites with a score < 0)
  • URLs with a specific software/CMS/technology
  • Websites which had been blacklisted in the past by Safebrowsing
  • Websites with a specific domain expiring date (i.e: websites whit the domain expiring in the next 3 days)
  
  Anti-counterfeiting (feed related with this research)
  • Fake websites for a given brand
  • Full feed of Fake websites with their current status
  
  
  

  Authentication

  There isn't any for the public API.
  
  

  Rate limiting

  There isn't any of that either.
  
  

  Abuse

  There's not much point; all the metadata extracted with this service is public. I hope you have best things to do than trying to abuse a small personal research project.
  
  

  Disclaimer

  I am not responsible for the use you might do with the information gathered with this service. My goal is to highlight the danger of not keeping update the websites. This service is used with public metadata. Use this information under your own responsability.
  
  

  Contact

  If you have any issues while using this API, any question or just want to share with me the purposes for what you are using these data just drop me an email: my email address is available out there or through the contact form.

  ---