Unlock Unlimited Searches Through the Search Engine, OSINT Sources, and the API for a Small Fee. Get Started  


About

Search Engine & API

The BreachDirectory search engine and API helps you not fall victim to hacker attacks. The search engine can be used to investigate cybercrime and protect yourself and your customers and the API can be used to incorporate the data inside BreachDirectory into any application or website.

All users of the API should only use the service to improve the security of their service or product offerings, secure their API credentials, ensure that any information obtained through the BreachDirectory API or any other services is secured from unauthorized access, and follow all of the applicable laws pertaining to their jurisdiction.

Data Breaches

BreachDirectory allows anyone to search for an email address, IP address, or a username through its extensive list of data breaches.
If you're searching for any data class through data breaches and a record exists in a data breach, BreachDirectory will return a JSON "200 OK" response which will look like so (if a record does not exist, [] will be returned): 

[
    {
        "title": "Data Breach #1",
        "domain": "a.com",
        "email": "[email protected]",
        "username": "Username",
        "ip": "127.0.0.1"
    },
	{
	"title": "Data Breach #2",
        "domain": "b.com",
        "email": "[email protected]",
        "username": "Demouser",
        "ip": "127.0.0.1"
}, ...
]

Blockchain

If you're searching for information on addresses on the Blockchain (BTC, ETH, etc. - cryptocurrency addresses), specify “blockchain” as the search method. If there are no results, the API will return "No results found." If results do exist, the API will return the following: 

				{
        "id": "1",
        "address": "112AmFATxzhuSpvtz1hfpa3Zrw3BG276pc",
        "balance": "0.0",
        "total_sent_btc": "50000000.0",
		"total_received_btc": "50000000.0",
		"total_sent_eth": null,
		"total_received_eth": null,
		"total_sent_usd": "210.05",
		"total_received_usd": "211.05",
		"transaction_fees": "4080.128571",
		"transactions_payment": "1",
		"transactions_receipt": "1",
		"sent_counter": "1",
		"received_counter": "2",
		"first_seen": "2016/04/05 17:35",
		"last_seen": "2016/04/07 11:18",
		"about": "Ransomware"
			}

Pastebin Data

If you're searching through the Pastebin database, specify “general” as the search method. If there are no results, the API will return "No results found." If results do exist, the API will return results from Pastebin that will look similar to the following output: 

				[
				{
        "id":"id-from-pastebin",
		"tags":"none",
		"length":4,
		"time":"2019-04-30 09:30",
		"text":"demo"},
		...
			}
			]

KEV/CVE

If you're searching through the KEV/CVE database, specify “kev_cve” as the search method. If there are no results, the API will return "No results found." If results do exist, the API will return the following: 

				{
        "cve_id": "CVE-2025-54948",
        "vendor_project": "Trend Micro",
        "product": "Apex One",
        "vulnerability_name": "Trend Micro Apex One OS Command Injection Vulnerability",
		"cve_dateadded": "2025-08-18",
		"cve_description": "Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations.",
		"cve_requiredaction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
		"cve_duedate": "2025-09-08",
		"cve_knownransomwarecampaignuse": "Unknown",
		"cve_notes" => "https://success.trendmicro.com/en-US/solution/KA-0020652 ; N/A ; https://nvd.nist.gov/vuln/detail/CVE-2025-54948"
		"cve_cwes" => "CWE-78"
			}

Disposable Email Addresses

To check whether an email address is disposable, specify email_disposable (“email_disposable”) as the search method. If the domain associated with an email address is disposable, the API will return disposable. If not, not disposable will be returned.

Using the Search Engine & API

Usage

After gaining access to the API, you can use it like so:

https://BreachDirectory.com/api_usage?
method=$Method&key=$Key&query=$Query

  • - $Method - Search method. Users can query the API by providing an email address (“email”), an email address to check if the domain associated with it is disposable (“email_disposable”), a username (“username”), an IP address (“ip”), KEV/CVEs by searching for a “kev_cve”, or perform a search through pastes on pastebin - for that, specify “general” as the method. For exact specifications on all of the possible search methods, refer to the descriptions above.
  • - $Key - API Key acquired by purchasing access to the API.
  • - $Query - Search Query.

Example (general search through pastes on pastebin - “general” is specified as the method):

https://BreachDirectory.com/api_usage?
method=general&key=262010b83c3ac0f10fe5c01f18542551&query=demo@demo.com

If you have bought access to the bulk API plan, you will also be able to provide the API with a text (.txt or .csv) file of accounts to search for. In that case, an additional parameter - “bulk_url” - is needed. In that case, the API should be used like so:

https://BreachDirectory.com/api_file?
api_method=$Method&api_key=$Key&bulk_url=$URL

  • - $URL - The URL towards the file that contains user accounts that you need to search through the API. Make sure the extension of the file is either .txt or .csv.

Those people that have access to the bulk version of the API can also provide user accounts via the UI accessible here.

* There is no need to specify the query when using the API in bulk - specifying a file is enough.

If you have access to the unlimited bulk API search plan, you will also have access to a variety of search methods within the data breach search engine enabling you to connect email addresses to usernames and IPs and vice versa, investigate Blockchain addresses, obtain information on vulnerabilities in the KEV/CVE database, and so much more. Get an API key today and unlock unlimited searches through the search engine and the API!

The search methods available to those with a bulk API search plan include searches through pastes using the General method, due diligence on Blockchain addresses when the Blockchain method is in use, searches on Threat Actors and KEV/CVEs, etc. Checking a due diligence checkbox when searching for an IP address returns more information on the IP address and checking Check what dark web service this URL is related to allows you to provide a URL of a dark web service and dig further into it.

ERROR MESSAGES

ERRORS

If the search fails, the system will return error messages. Some of them are:

- A search method is required.

When a search method is not specified.

- An API key is required.

When an API key is not specified.

- You have exceeded the limit of queries allowed for your API key.

When the limit of queries allocated to the API has been exceeded.

- Invalid or expired API key.

When the API key in use is invalid or expired.

- A search query is required.

When a search query is not specified.

- false or an empty array ([])

When you're searching through data breaches and your search did not return any results.

- No results found.

When you're searching through the KEV/CVE database and your search did not return any results.

- No results found.

When you're searching through the Blockchain database and your search did not return any results.

- disposable or not disposable

When you're utilizing the email disposability checker and the domain associated with the email address is disposable or not disposable.

- File size too big! Consider removing some accounts from the file. We suggest searching for up to 100 accounts at once.

When the file you're using the bulk API with is too big. This is done to prevent malicious use, spam and possible system overload.