Most security tools cost $200+/month. But you can build a surprisingly powerful security toolkit using only free APIs.
Here are 5 APIs I use regularly — all free, all with Python examples.
1. VirusTotal — Scan URLs and Files (Free: 500/day)
Check if a URL or file is malicious against 70+ antivirus engines.
import requests
VT_KEY = 'your_key' # Free from virustotal.com
def vt_check_url(url):
import base64
url_id = base64.urlsafe_b64encode(url.encode()).decode().strip('=')
resp = requests.get(
f'https://www.virustotal.com/api/v3/urls/{url_id}',
headers={'x-apikey': VT_KEY}
).json()
stats = resp['data']['attributes']['last_analysis_stats']
return {'malicious': stats.get('malicious', 0), 'clean': stats.get('harmless', 0)}
2. Shodan — Find Exposed Devices (Free: 100 queries/month)
Search engine for internet-connected devices. Find exposed servers, databases, webcams.
SHODAN_KEY = 'your_key' # Free from shodan.io
def shodan_check_ip(ip):
resp = requests.get(
f'https://api.shodan.io/shodan/host/{ip}',
params={'key': SHODAN_KEY}
).json()
return {
'ports': resp.get('ports', []),
'vulns': resp.get('vulns', []),
'org': resp.get('org', 'Unknown')
}
3. RDAP/WHOIS — Domain Intelligence (Free, No Key)
Check when a domain was registered. New domains in phishing emails = red flag.
def check_domain_age(domain):
resp = requests.get(f'https://rdap.org/domain/{domain}').json()
for event in resp.get('events', []):
if event['eventAction'] == 'registration':
return event['eventDate'][:10]
return 'Unknown'
# google.com → '1997-09-15' (legit)
# sketchy-bank.com → '2026-03-20' (3 days old = suspicious)
4. PyPI Supply Chain Scanner (Free, No Key)
Check if your Python dependencies are suspicious.
def check_package(name):
resp = requests.get(f'https://pypi.org/pypi/{name}/json')
if resp.status_code != 200:
return 'HIGH RISK: Package not found'
info = resp.json()['info']
risks = []
if not info.get('home_page') and not info.get('project_urls'):
risks.append('No repo link')
if not info.get('author') or info['author'] == 'UNKNOWN':
risks.append('No author')
return 'LOW' if not risks else f'RISKS: {", ".join(risks)}'
5. npm Security Advisory API (Free, No Key)
Check npm packages for known vulnerabilities.
def check_npm_security(package):
resp = requests.get(f'https://registry.npmjs.org/-/npm/v1/security/advisories?package={package}')
if resp.status_code == 200:
data = resp.json()
return {'advisories': data.get('total', 0)}
return {'error': 'Could not check'}
Putting It All Together
def security_check(target):
"""Run all checks on a domain/URL."""
print(f"\n=== Security Check: {target} ===")
# Domain age
age = check_domain_age(target)
print(f" Domain registered: {age}")
# VirusTotal
vt = vt_check_url(f'https://{target}')
print(f" VirusTotal: {vt['malicious']} malicious detections")
# Shodan (if IP available)
import socket
try:
ip = socket.gethostbyname(target)
shodan = shodan_check_ip(ip)
print(f" Open ports: {shodan['ports']}")
print(f" Known vulns: {len(shodan['vulns'])}")
except:
print(" Could not resolve IP")
security_check('example.com')
Cost Comparison
| Tool | Free API | Commercial Alternative | Commercial Price |
|---|---|---|---|
| VirusTotal | 500/day | Recorded Future | $10K+/year |
| Shodan | 100/month | Censys | $500+/month |
| RDAP | Unlimited | DomainTools | $2K+/year |
| PyPI check | Unlimited | Snyk | $100+/month |
| npm audit | Unlimited | Socket.dev | $100+/month |
Total cost of our toolkit: $0/month (covers 90% of use cases).
I build security tools with free APIs. All code on GitHub. Technical writing inquiries: Spinov001@gmail.com
Top comments (0)