Snusbase API Docs

Table of Contents

1. Introduction
2. Authentication
3. API Endpoints
   • Database Statistics
   • Database Search
   • Combo Lookup
   • Hash Lookup
   • IP WHOIS Lookup
4. Example Search Queries
   • Multiple Terms and Types
   • Search Specific Tables
   • Group by Specific Column
   • Search with Wildcards
5. Code Examples
   • JavaScript
   • Python
6. Error Handling
7. Rate Limiting
8. Important Information

Introduction

Welcome to the Snusbase API documentation. This guide provides comprehensive information on how to authenticate and interact with our API endpoints.

Authentication

All API requests require authentication using an activation code. Include your activation code in the Auth header of each request:

Auth: sb[...]

Activation codes generated after September 2021 start with sb followed by 28 random characters.

API Endpoints

Database Statistics

Retrieve information about the current databases in the main search engine. This endpoint does not require authentication.

• Endpoint: https://api.snusbase.com/data/stats
• Method: GET

Request Example

GET https://api.snusbase.com/data/stats

Response Example

{
  "rows": 18006941078,
  "tables": {
    "0001_STEALERLOGS_NA_121M_MALWARE_2023": [
      "email", "username", "password", "host", "_domain"
    ],
    /* Other tables */
  },
  "features": {
    "view_more": [
      "0005_ZING_VN_51M_ENTERTAINMENT_052015",
      /* ... */
    ],
    "combo_lookup": [
      "0001_PEMIBLANC_COMBOLIST_245M_2018",
      /* ... */
    ]
  }
}

Database Search

Search the Snusbase database for leaked information.

• Endpoint: https://api.snusbase.com/data/search
• Method: POST
• Headers:
  • Content-Type: application/json
  • Auth: YOUR_API_KEY_HERE

Parameters

Parameter	Type	Required	Description
terms	Array of strings	Yes	Search terms.
types	Array of strings	Yes	Types of data to search. Possible values: "email", "username", "lastip", "password", "hash", "name", "_domain".
wildcard	Boolean	No	Enable wildcard search (true or false).
group_by	Boolean or string	No	Group results. Defaults to "db". Set to false to disable grouping.
tables	Array of strings	No	Limit search to specific tables.

Request Example

POST https://api.snusbase.com/data/search
Content-Type: application/json
Auth: YOUR_API_KEY_HERE

{
  "terms": ["[email protected]"],
  "types": ["email"]
}

Response Example

{
  "took": 31.714,
  "size": 1233,
  "results": {
    "2123_BREACHFORUMS_BF_323K_HACKING_012026": [
      {
        "username": "avvd",
        "email": "[email protected]",
        "lastip": "127.0.0.9",
        "hash": "$argon2i$v=19$m=65536,t=4,p=1$NVphazc1SUg3YUVxNFV3Nw$EmshtvIzcwhG8lnDTsl0XvzCyg7h8k+Qr3tgTQihvZI",
        "salt": "Wlwirmmh",
        "uid": "331153",
        "created": "1729340505",
        "updated": "1729341708"
      }
    ],
    /* Other results.. */
  }
}

Combo Lookup

Search the combolist database for username/password combinations from large credential dumps.

• Endpoint: https://api.snusbase.com/tools/combo-lookup
• Method: POST
• Headers:
  • Content-Type: application/json
  • Auth: YOUR_API_KEY_HERE

Parameters

Parameter	Type	Required	Description
terms	Array of strings	Yes	Search terms (usernames or passwords).
types	Array of strings	Yes	Types of data to search. Possible values: "username", "password".
wildcard	Boolean	No	Enable wildcard search (true or false).
group_by	Boolean or string	No	Group results. Defaults to "db". Set to false to disable grouping.

Request Example

POST https://api.snusbase.com/tools/combo-lookup
Content-Type: application/json
Auth: YOUR_API_KEY_HERE

{
  "terms": ["[email protected]"],
  "types": ["username"]
}

Response Example

{
  "took": 2.905,
  "size": 1194,
  "results": {
    "0007_COLLECTION3_COMBOLIST_300M_2019": [
      {
        "username": "[email protected]",
        "password": "0981122847"
      },
      {
        "username": "[email protected]",
        "password": "123456"
      },
      /* Other results.. */
    ],
    /* Other combolists */
  }
}

Hash Lookup

Search for corresponding plaintext passwords or vice versa in the cracked password hash database.

• Endpoint: https://api.snusbase.com/tools/hash-lookup
• Method: POST
• Headers:
  • Content-Type: application/json
  • Auth: YOUR_API_KEY_HERE

Parameters

Parameter	Type	Required	Description
terms	Array of strings	Yes	Hashes or passwords to look up.
types	Array of strings	Yes	Types of lookup. Possible values: "hash", "password".
wildcard	Boolean	No	Enable wildcard search.
group_by	Boolean or string	No	Group results. Defaults to "db". Set to false to disable grouping.

Request Example

POST https://api.snusbase.com/tools/hash-lookup
Content-Type: application/json
Auth: YOUR_API_KEY_HERE

{
  "terms": ["482c811da5d5b4bc6d497ffa98491e38"],
  "types": ["hash"]
}

Response Example

{
  "took": 0.102,
  "size": 1,
  "results": {
    "HASHES": [
      {
        "hash": "482c811da5d5b4bc6d497ffa98491e38",
        "password": "password123"
      }
    ]
  }
}

IP WHOIS Lookup

Retrieve WHOIS information for IP addresses.

• Endpoint: https://api.snusbase.com/tools/ip-whois
• Method: POST
• Headers:
  • Content-Type: application/json
  • Auth: YOUR_API_KEY_HERE

Parameters

Parameter	Type	Required	Description
terms	Array of strings	Yes	IP addresses to look up.

Request Example

POST https://api.snusbase.com/tools/ip-whois
Content-Type: application/json
Auth: YOUR_API_KEY_HERE

{
  "terms": ["12.34.56.78"]
}

Response Example

{
  "took": 6.4,
  "size": 1,
  "results": {
    "12.34.56.78": {
      "continent": "North America",
      "continentCode": "NA",
      "country": "United States",
      "countryCode": "US",
      "region": "OH",
      "regionName": "Ohio",
      "city": "Columbus",
      "zip": "43215",
      "lat": 39.9612,
      "lon": -82.9988,
      "timezone": "America/New_York",
      "isp": "AT&T Enterprises, LLC",
      "org": "AT&T Enterprises, LLC",
      "as": "AS7018 AT&T Enterprises, LLC",
      "asname": "ATT-INTERNET4",
      "mobile": false,
      "proxy": false,
      "hosting": false
    }
  }
}

Example Search Queries

Multiple Terms and Types

When using multiple types, each type will be applied to all terms, so you don’t need to match them in order.

Request Example

POST https://api.snusbase.com/data/search
Content-Type: application/json
Auth: YOUR_API_KEY_HERE

{
  "terms": ["example1", "example2"],
  "types": ["username", "email", "lastip", "hash", "password", "name"]
}

Search Specific Tables

You can specify one or multiple tables. This will display all available columns rather than the default set. This is used for the “View More” feature on our websites.

Request Example

POST https://api.snusbase.com/data/search
Content-Type: application/json
Auth: YOUR_API_KEY_HERE

{
  "terms": ["example"],
  "types": ["username"],
  "tables": ["0001_STEALERLOGS_NA_106M_MALWARE_2023"]
}

Group by Specific Column

If a result doesn’t have the column you want to group by, it will be appended to the NO_{GROUP_BY} object. For example, if you group by "email" but a result doesn’t have an email column, it can be found in NO_EMAIL.

By default, the value of group_by is "db", but you can turn this off by setting group_by to false.

Request Example

POST https://api.snusbase.com/data/search
Content-Type: application/json
Auth: YOUR_API_KEY_HERE

{
  "terms": ["example"],
  "types": ["username"],
  "group_by": "_domain"
}

Search with Wildcards

Our wildcard characters are % (any number of any characters, including none) and _ (exactly one character). Wildcard characters cannot be the first character in a search term. If you need domain searches, use the "_domain" search type.

You can escape wildcard characters by prepending them with a backslash (\).

Request Example

POST https://api.snusbase.com/data/search
Content-Type: application/json
Auth: YOUR_API_KEY_HERE

{
  "terms": ["exa____@%.tld"],
  "types": ["email"],
  "wildcard": true
}

Code Examples

JavaScript

const snusbaseAuth = 'YOUR_API_KEY_HERE';
const snusbaseAPI = 'https://api.snusbase.com/';

const sendRequest = async (url, body = null) => {
  const options = {
    method: body ? 'POST' : 'GET',
    headers: {
      'Auth': snusbaseAuth,
      'Content-Type': 'application/json',
    },
    body: body ? JSON.stringify(body) : null,
  };
  const response = await fetch(snusbaseAPI + url, options);
  return await response.json();
};

// Example: Get Database Statistics
sendRequest('data/stats').then(response => console.log(response));

// Example: Search Snusbase
sendRequest('data/search', {
  terms: ['[email protected]'],
  types: ['email'],
}).then(response => console.log(response));

// Example: Combo Lookup
sendRequest('tools/combo-lookup', {
  terms: ['[email protected]'],
  types: ['username'],
}).then(response => console.log(response));

// Example: Hash Lookup
sendRequest('tools/hash-lookup', {
  terms: ['482c811da5d5b4bc6d497ffa98491e38'],
  types: ['hash'],
}).then(response => console.log(response));

// Example: IP WHOIS Lookup
sendRequest('tools/ip-whois', {
  terms: ['12.34.56.78'],
}).then(response => console.log(response));

Python

import requests

snusbase_auth = 'YOUR_API_KEY_HERE'
snusbase_api = 'https://api.snusbase.com/'

def send_request(url, body=None):
    headers = {
        'Auth': snusbase_auth,
        'Content-Type': 'application/json',
    }
    method = 'POST' if body else 'GET'
    response = requests.request(method, snusbase_api + url, headers=headers, json=body)
    return response.json()

# Example: Get Database Statistics
stats_response = send_request('data/stats')
print(stats_response)

# Example: Search Snusbase
search_response = send_request('data/search', {
    'terms': ['[email protected]'],
    'types': ['email'],
})
print(search_response)

# Example: Combo Lookup
combo_lookup_response = send_request('tools/combo-lookup', {
    'terms': ['[email protected]'],
    'types': ['username'],
})
print(combo_lookup_response)

# Example: Hash Lookup
hash_lookup_response = send_request('tools/hash-lookup', {
    'terms': ['482c811da5d5b4bc6d497ffa98491e38'],
    'types': ['hash'],
})
print(hash_lookup_response)

# Example: IP WHOIS Lookup
ip_whois_response = send_request('tools/ip-whois', {
    'terms': ['12.34.56.78'],
})
print(ip_whois_response)

Error Handling

The API uses standard HTTP status codes to indicate the success or failure of requests.

Status Code	Meaning
200 OK	Successful request.
400 Bad Request	Invalid input or missing required parameters.
401 Unauthorized	Invalid, expired, or missing API key.
429 Too Many Requests	Rate limit exceeded.

Detailed error messages are provided in the errors array in the response body. These messages are safe to display to end users in your application.

Rate Limiting

To ensure fair usage and prevent abuse, the API implements rate limiting. Current limits are:

• /data/search: 2,048 requests every 12 hours.
• /tools/combo-lookup: 4,096 requests every 12 hours.
• All other endpoints: 256 requests every 2 minutes.

If you exceed these limits, you’ll receive a 429 Too Many Requests response. The following response headers are included on all authenticated requests:

Header	Description
X-Rate-Limit	Maximum number of requests allowed in the current window.
X-Rate-Limit-Remaining	Number of requests remaining in the current window.
X-Rate-Limit-Reset	Seconds until the current rate limit window resets.

These limits are subject to change, so it’s advisable to implement these headers in your application logic.

Important Information

• API Key Security: Keep your API key confidential and never expose it in client-side code. You are responsible for your API key, and misuse may result in termination per our Terms of Service.

• Data Sanitization: Always sanitize outputs from our API before rendering them in your application. We don’t modify much of the data we import, so expect HTML and potential exploits aimed at the third-party websites we import to still be present in some datasets.