API Reference
Programmatic access to every NetSight tool. REST endpoints, JSON responses, rate limits and examples. Free for non-commercial use.
Base URL:
All endpoints are GET, respond with JSON, and are CORS-enabled. Rate limits apply per-IP. No auth required.
https://netsight.mutebefehl.deAll endpoints are GET, respond with JSON, and are CORS-enabled. Rate limits apply per-IP. No auth required.
Network
GET
/api/ipGeolocation + ASN + reverse DNS for an IP or hostname.?q=8.8.8.8 or ?ip=1.1.1.1
GET
/api/ispISP and organization info for an IP.
GET
/api/check-pingPing a host from multiple global probes.
GET
/api/check-tracerouteTraceroute from multiple global probes.
DNS
GET
/api/dns-lookupA, AAAA, CNAME, MX, TXT, NS, SOA, CAA, SRV records.?domain=example.com
GET
/api/check-dns-propagationPropagation check across global resolvers.
GET
/api/whoisWHOIS lookup for a domain.?query=example.com
GET
/api/subdomainsSubdomain enumeration via crt.sh + OTX.?domain=example.com
GET
/api/subdomains-dnsSubdomains + their resolved DNS.
GET
/api/mailcheckMX, SPF, DMARC for a domain.?domain=example.com
GET
/api/dkim-checkCheck a DKIM selector record.?domain=example.com&selector=google
Security
GET
/api/abuseipdbAbuseIPDB reputation score.?ip=1.2.3.4
GET
/api/scamalyticsScamalytics fraud score (0-100).?ip=1.2.3.4
GET
/api/shodanShodan host fingerprint.?ip=1.2.3.4
GET
/api/fraud-checkCombined reputation (AbuseIPDB + Scamalytics + more).?ip=1.2.3.4
GET
/api/fireholFireHOL level-1 blocklist check.
GET
/api/blocklistsCheck against multiple blocklists at once.
GET
/api/virustotalVirusTotal hash / URL check.
GET
/api/urlhausURLhaus malicious-URL check.
GET
/api/threatfoxThreatFox IOC check.
GET
/api/cveCVE search by id or keyword.?query=log4j&limit=20
Browser
GET
/api/safe-browseURL threat analysis + screenshot.
GET
/api/screenshotRender a URL to PNG via headless browser.
GET
/api/url-checkFull multi-source URL reputation + TLS + final URL trace.
Auth & rate limits
Endpoints are free for non-commercial use. Per-IP rate limits are generous (typically dozens of requests per minute) and enforced at the edge. For commercial or heavy use, get in touch.
CORS & clients
Every response is returned with Access-Control-Allow-Origin: *, so browsers can call the API from any origin without a proxy. No SDK is required - plain fetch() works.
Questions
Is an OpenAPI spec available?
Yes, at /openapi.json on the primary domain.
Can I self-host this?
Some endpoints proxy external services with private keys (AbuseIPDB, Shodan, etc.). You would need your own keys.
Related tools
Subnet Calculator
IPv4 + IPv6 CIDR math: range, mask, usable hosts, wildcard.
Password Strength
Password entropy, breach status, strength audit.
Ports Reference
Searchable reference of common TCP/UDP ports and services.
IP Lookup
Instant geolocation, ISP, ASN, abuse history and reputation for any IPv4 or IPv6 address.