Webamon API Documentation

Threat Hunt the Web. Unbiased & Unfiltered. Democratizing Search & Threat Intelligence

Try the API

Search existing domains or scan a new domain. Multi-word search phrases will be automatically quoted.

Search Scan

Processing...

API Response:

/search GET Search Endpoint

Performs search queries across the selected index. Supports both basic search and advanced Lucene queries.

GET https://search.webamon.com/search

Basic Search Parameters

Parameter	Type	Required	Description	Example
`search`	string	Yes	Search term (IP, domain, URL, hash, etc.)	`example.com`
`results`	string	Yes	Comma-separated list of fields to search within	`domain.name,resolved_url,page_title,dom`
`size`	integer	No	Number of results to return (default: 10, max: 100)	`25`

Lucene Search Parameters

Parameter	Type	Required	Description	Example
`lucene_query`	string	Yes	Lucene query string	`domain.name:bank AND scan_status:success`
`index`	string	Yes	Index to search: scans, domains, resources, servers, or feed indices	`scans`
`fields`	string	No	Comma-separated list of fields to return	`domain.name,page_title,report_id`
`size`	integer	No	Number of results to return (default: 10, max: 100)	`25`

Available Fields

The following fields are available for search and retrieval:

domain.name: Domain name and status information
resolved_url: Final resolved URL after redirects
page_title: HTML page title from the website
dom: Document Object Model data including title, description, and keywords
scan_date: Timestamp of when the domain was last scanned

Example Requests

GET https://search.webamon.com/search?search=example.com&results=domain.name,resolved_url,page_title,dom&size=20 Open

GET https://search.webamon.com/search?lucene_query=domain.name:bank&index=scans&fields=domain.name,page_title,report_id&size=20 Open

GET https://search.webamon.com/search?lucene_query=report_id:"adb12ff9-d715-470f-bb91-7468122598da"&index=scans&size=1 Open

Pro Mode Pagination

Pagination is available for Pro users with API keys. Use the from and size parameters together:

size: Number of results per page (default: 10, max: 100)
from: Starting offset (default: 0)

									GET https://pro.webamon.com/search?lucene_query=domain.name:*bank*&index=scans&size=10&from=20
								

This retrieves results 21-30 (third page with 10 results per page)

/screenshot GET Screenshot Endpoint

Retrieves the screenshot for a specific scan report.

GET https://search.webamon.com/screenshot

Query Parameters

Parameter	Type	Required	Description	Example
`report_id`	string	Yes	The report ID to fetch the screenshot for	`adb12ff9-d715-470f-bb91-7468122598da`

Example Request

GET https://search.webamon.com/screenshot?report_id=adb12ff9-d715-470f-bb91-7468122598da Open

Response Format

								{
								  "report": {
								    "screenshot": "base64-encoded-png-data"
								  }
								}
							

/scan GET Scan Endpoint

Initiates a scan for the specified target. Returns a report ID that can be used to retrieve scan results.

GET https://search.webamon.com/scan

Query Parameters

Parameter	Type	Required	Description	Example
`submission_url`	string	Yes	Target domain or URL to scan	`https://example.com` or `example.com`

Example Request

GET https://search.webamon.com/scan?submission_url=https://webamon.com Open

Tip

After submitting a scan, use the returned report_id to search for results: GET https://search.webamon.com/search?lucene_query=report_id:"[REPORT_ID]"&index=scans

/takedown GET/POST Takedown Endpoint

Submit domain takedown requests and check their status. This endpoint supports both GET requests to check status and POST requests to submit new takedown requests for brand abuse domains.

GET https://pro.webamon.com/takedown?domain=<domain>

POST https://pro.webamon.com/takedown

GET Request - Check Takedown Status

Parameter	Type	Required	Description	Example
`domain`	string	Yes	Domain to check takedown status for	`malicious-site.com`

POST Request - Submit Takedown Request

Parameter	Type	Required	Description	Example
`domain`	string	Yes	Domain to submit for takedown	`malicious-site.com`
`reason`	string	Yes	Reason for takedown request	`phishing`, `malware`, `brand_abuse`
`description`	string	Yes	Detailed description of the abuse	`Domain impersonating our brand for phishing`
`tag`	string	No	Optional tag for categorization	`urgent`, `brand_critical`

Example Requests

GET https://pro.webamon.com/takedown?domain=malicious-site.com

								POST https://pro.webamon.com/takedown
								Content-Type: application/json
								
								{
								  "domain": "malicious-site.com",
								  "reason": "phishing",
								  "description": "Domain impersonating our brand for credential theft",
								  "tag": "urgent"
								}
							

Response Format

								{
								  "takedown_id": "td_1234567890abcdef",
								  "domain": "malicious-site.com",
								  "status": "submitted",
								  "submitted_at": "2025-01-24T10:30:00Z",
								  "estimated_completion": "2025-01-25T10:30:00Z",
								  "priority": "high",
								  "message": "Takedown request submitted successfully"
								}
							

Status Values

submitted: Request has been submitted and is being processed
in_progress: Takedown request is being processed by the registrar/hosting provider
completed: Domain has been successfully taken down
rejected: Takedown request was rejected (with reason)
pending: Request is pending additional information or verification

Supported Reasons

phishing: Phishing websites and credential theft
malware: Malware distribution and hosting
brand_abuse: Brand impersonation and trademark infringement
spam: Spam and unsolicited content
fraud: Fraudulent activities and scams
copyright: Copyright infringement

Important

Takedown requests are processed by our team and submitted to the appropriate registrars and hosting providers. Processing time varies by provider but typically takes 24-48 hours for urgent cases.

Command Line Interface

Use our official CLI tool for easy command-line access to the Webamon API. Perfect for automation, scripting, and bulk operations.

Installation

pip3 install webamon-cli

Quick Start

webamon search example.com # Basic search

webamon search "phishing site" # Phrase search

								webamon search example.com domain.name,resolved_url,page_title,dom # Custom fields
							

webamon scan google.com --fetch-report # Scan domain

webamon search example.com --format json # JSON output

webamon search example.com --format csv -o results.csv # CSV export

								webamon takedown submit malicious-site.com --reason phishing --description "Brand impersonation" # Submit takedown
							

webamon takedown status malicious-site.com # Check takedown status

Advanced Features

Lucene Queries: Advanced search with complex filters
Pagination: Handle large result sets with --from and --size
Multiple Formats: JSON, CSV, and table output
Infostealer Search: Search for compromised credentials
Domain Scanning: Initiate new scans and fetch reports
Screenshot Retrieval: Get visual evidence from scans
Takedown Management: Submit and track domain takedown requests

Resources

GitHub Repository PyPI Package

The CLI supports all API features including Pro tier pagination, infostealer searches, and domain scanning capabilities.