20 Free Security APIs Every Developer Should Know About (2026)

I spent the last month cataloging every free security API I could find. Here are the 20 best ones — each with a free tier generous enough for real projects.

I also built Python tools for the most useful ones. All open-source.

The Full List

Vulnerability Databases

1. NVD (National Vulnerability Database)

• 250,000+ CVEs, maintained by NIST
• No key needed (optional key for higher limits)
• Tutorial | Python Tool

2. OSV.dev

• Google's open-source vulnerability database
• No key, no rate limits
• Covers npm, PyPI, Go, Rust, and more

3. GitHub Advisory Database

• Security advisories for GitHub ecosystem
• Free with GitHub token (5,000 req/hr)

Malware & Threat Intelligence

4. VirusTotal

• Scan against 70+ antivirus engines
• 500 lookups/day free
• Tutorial | Python Tool

5. AlienVault OTX

• 200,000+ contributors sharing IOCs
• No rate limits
• Tutorial

6. MalwareBazaar (abuse.ch)

• Malware sample database
• No key needed
• Download actual samples for research

7. URLhaus (abuse.ch)

• Database of malicious URLs
• No key, no rate limits

Network & Infrastructure

8. Shodan

• The search engine for Internet-connected devices
• Free tier: 100 results per search
• Tutorial | Python Tool

9. InternetDB (by Shodan)

• Quick IP lookup — ports, vulns, tags
• No key needed. No rate limits.
• Tutorial

10. Censys

• Shodan alternative with better certificate search
• 250 queries/month free
• Tutorial | Python Tool

11. GreyNoise

• Tells you if an IP is mass-scanning the internet (noise) or targeting you
• 50/day without key, 1,000/day registered
• Tutorial

12. AbuseIPDB

• IP reputation database
• 1,000 checks/day free

DNS & Certificates

13. crt.sh

• Certificate Transparency log search
• No key. No limits. Just add ?output=json\
• Tutorial

14. SecurityTrails

• DNS history, subdomains
• 50 queries/month free

15. RDAP

• Modern WHOIS replacement (returns JSON)
• No key, no limits

Credentials & Breaches

16. Have I Been Pwned (Passwords)

• Check if a password was in any data breach
• Uses k-anonymity — your password never leaves your machine
• No key. No limits.
• Tutorial | Python Tool

17. EmailRep.io

• Email reputation scoring
• 20 lookups/day, no key

Frameworks & Knowledge Bases

18. MITRE ATT&CK

• The universal adversary tactics & techniques database
• Full dataset on GitHub, no key
• Tutorial

19. EPSS (Exploit Prediction)

• Predicts which CVEs will be exploited
• No key, daily updates

20. MITRE CVE

• Official CVE details API
• No key, no limits

The GitHub Repo

I maintain a curated list with more details, links, and ready-to-use Python tools:

awesome-security-apis — Star it if you find it useful.

What Can You Build?

Combining these APIs, you can build:

• A vulnerability scanner that checks your dependencies (NVD + OSV)
• A threat intelligence platform (OTX + VirusTotal + AbuseIPDB)
• A subdomain enumerator (crt.sh + SecurityTrails)
• A SOC triage tool (GreyNoise + InternetDB + VirusTotal)
• A breach monitoring system (HIBP + EmailRep)
• A compliance dashboard (MITRE ATT&CK + NVD + EPSS)

All with free APIs. No enterprise subscriptions needed.

---

I write about free APIs and build open-source security tools. Follow for more, or check my GitHub.