Difference between revisions of "Hashdb api"

From Insomnia 24/7 Wiki
Jump to: navigation, search
imported>Wikiadmin
(How do I use it?)
 
(14 intermediate revisions by one other user not shown)
Line 7: Line 7:
  
 
==How do I use it?==
 
==How do I use it?==
You send an HTTP request to http://insomnia247.nl/hash_api.php with the GET parameters ''type'' and ''hash''.
+
=== Looking up hashes ===
 +
You send an HTTP request to https://hashdb.insomnia247.nl/v1/hashfunction/passwordhash.
  
So for example '''http://insomnia247.nl/hash_api.php?type=md5&hash=5f4dcc3b5aa765d61d8327deb882cf99''' would return '''password'''.
+
Example:
 +
https://hashdb.insomnia247.nl/v1/md5/de038c8d3a8e15b0c8578280ac12cffd
  
No HTML or styling info is added. Just the blank, plaintext password is returned.
+
will return:
 +
 
 +
{"hash":"de038c8d3a8e15b0c8578280ac12cffd","found":true,"result":"ex499er4+!on$"}
 +
 
 +
Currently the '''md5''', '''sha1''', and '''sha256''' hashing algorithms are supported.
 +
 
 +
The results are always JSON encoded. You will always receive the ''hash'', ''found'', and ''result'' parameters in your response. The ''hash'' parameter is the hash you submitted, the ''found'' parameter will be ''true'' if the hash was found in the database or ''false'' if it was not. The final ''result'' parameter will contain the password if one has been found or ''null'' if no password has been found.
 +
 
 +
=== Inserting new passwords ===
 +
If you find a hash that is not in the database but you know the password for, you can add to our database by inserting the new password. The ''/v1/insert'' endpoint accepts a '''PUT''' request with the '''password''' option.
 +
 
 +
Example:
 +
<pre>curl -XPUT 'https://hashdb.insomnia247.nl/v1/insert' -d 'password=newpassword'</pre>
 +
 
 +
This will also return the hashes for you;
 +
{"md5":"5e9d11a14ad1c8dd77e98ef9b53fd1ba","sha1":"f2c57870308dc87f432e5912d4de6f8e322721ba","sha256":"089542505d659cecbb988bb5ccff5bccf85be2dfa8c221359079aee2531298bb","password":"newpassword"}
  
 
==What comes back if something is wrong?==
 
==What comes back if something is wrong?==
:When a hash is not in the databse: '''Hash not found.'''
+
===GET requests===
:Invalid MD5 hash: '''Error: Not a valid MD5 hash.'''
+
:When a hash is not in the database: '''{"hash":"0123456789abdef0123456789abcdef0","found":false,"result":null}'''
:Invalid SHA-1 hash: '''Error: Not a valid SHA-1 hash.'''
+
:Invalid hashing algorithm: HTTP 404 Error.
:Invalid hash type: '''Error: Not a valid hash type.'''
+
:Invalid hash: HTTP 400 Error.
:Not all parameters are set: '''Error: Both a 'hash' and 'type' need to be defined.'''
+
:Something terribly wrong: HTTP 500 Error. Please inform us if this happens.
 +
 
 +
 
 +
===PUT requests===
 +
:When the '''password''' option is not set: HTTP 400 Error.
 +
:When the wrong HTTP verb is used (ie. not PUT): HTTP 404 Error.
 +
 
 +
 
 +
==Some special chars show up weird==
 +
Some chars will require you support the utf-8 charset. For an HTML page you can force this support by adding the following meta tag between your head tags:
 +
:<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 +
 
 +
 
 +
==Is it free?==
 +
Yes, it is, and will continue to be free for the foreseeable future. We would appreciate it if you give us credit for it though.
 +
 
 +
 
 +
==I plan to use it in a pretty big site/application. How many requests can I make?==
 +
Though it should be able to handle a fair amount of requests, there's always going to be a limit. If you're planning to use it a lot, please [http://insomnia247.nl/?page=chat contact us].
 +
 
 +
We can discuss if we'll be able to handle the amount of requests, or if you can perhaps set up your own local copy of the database.

Latest revision as of 00:31, 12 September 2019

What does it do?

The API interface allows you to retrieve passwords from the database in a single simple http request.

This means you can easily add hash lookups into your website or application.


How do I use it?

Looking up hashes

You send an HTTP request to https://hashdb.insomnia247.nl/v1/hashfunction/passwordhash.

Example:

https://hashdb.insomnia247.nl/v1/md5/de038c8d3a8e15b0c8578280ac12cffd

will return:

{"hash":"de038c8d3a8e15b0c8578280ac12cffd","found":true,"result":"ex499er4+!on$"}

Currently the md5, sha1, and sha256 hashing algorithms are supported.

The results are always JSON encoded. You will always receive the hash, found, and result parameters in your response. The hash parameter is the hash you submitted, the found parameter will be true if the hash was found in the database or false if it was not. The final result parameter will contain the password if one has been found or null if no password has been found.

Inserting new passwords

If you find a hash that is not in the database but you know the password for, you can add to our database by inserting the new password. The /v1/insert endpoint accepts a PUT request with the password option.

Example:

curl -XPUT 'https://hashdb.insomnia247.nl/v1/insert' -d 'password=newpassword'

This will also return the hashes for you;

{"md5":"5e9d11a14ad1c8dd77e98ef9b53fd1ba","sha1":"f2c57870308dc87f432e5912d4de6f8e322721ba","sha256":"089542505d659cecbb988bb5ccff5bccf85be2dfa8c221359079aee2531298bb","password":"newpassword"}

What comes back if something is wrong?

GET requests

When a hash is not in the database: {"hash":"0123456789abdef0123456789abcdef0","found":false,"result":null}
Invalid hashing algorithm: HTTP 404 Error.
Invalid hash: HTTP 400 Error.
Something terribly wrong: HTTP 500 Error. Please inform us if this happens.


PUT requests

When the password option is not set: HTTP 400 Error.
When the wrong HTTP verb is used (ie. not PUT): HTTP 404 Error.


Some special chars show up weird

Some chars will require you support the utf-8 charset. For an HTML page you can force this support by adding the following meta tag between your head tags:

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />


Is it free?

Yes, it is, and will continue to be free for the foreseeable future. We would appreciate it if you give us credit for it though.


I plan to use it in a pretty big site/application. How many requests can I make?

Though it should be able to handle a fair amount of requests, there's always going to be a limit. If you're planning to use it a lot, please contact us.

We can discuss if we'll be able to handle the amount of requests, or if you can perhaps set up your own local copy of the database.