# IP Exposure API
> See what any host exposes to the internet — as an API over Shodan's free InternetDB. Give it an IPv4/IPv6 address (or a hostname, which is resolved to its IP) and get that host's attack surface: the open ports (annotated with common service names), the products and technologies detected on it (CPEs), its reverse hostnames, Shodan's classification tags, and the known vulnerabilities (CVE identifiers) observed on its services. A dedicated vulnerabilities view returns just the CVEs and whether the host appears vulnerable. It is fast, requires no key, and is built for security, asset-discovery, external attack-surface monitoring and reconnaissance workflows. A network-exposure / attack-surface resource — distinct from IP geolocation (where an address is), the IANA port registry (what a port number means) and CVE databases (what a vulnerability is). Data from Shodan InternetDB (free / non-commercial use).

## Authentication
All requests require your oanor API key in the `x-oanor-key` header. Get one at https://www.oanor.com/developer/keys.

```bash
curl -H "x-oanor-key: oanor_live_…" "https://api.oanor.com/internetdb-api/..."
```

## Pricing
- **Free** (Free) — 2,420 calls/Mo, 2 req/s
- **Starter** ($7/Mo) — 48,500 calls/Mo, 8 req/s
- **Pro** ($22/Mo) — 240,000 calls/Mo, 20 req/s
- **Mega** ($58/Mo) — 858,000 calls/Mo, 50 req/s

## Endpoints

### IP Exposure

#### `GET /v1/host` — A host's exposed ports, products & CVEs

**Parameters:**
- `ip` (query, optional, string) — An IPv4 or IPv6 address Example: `8.8.8.8`
- `host` (query, optional, string) — A hostname (resolved to its IP)

**Example:**
```bash
curl -H "x-oanor-key: $KEY" \
  "https://api.oanor.com/internetdb-api/v1/host?ip=8.8.8.8"
```

**Response:**
```json
{
    "data": {
        "ip": "8.8.8.8",
        "tags": [],
        "ports": [
            {
                "port": 53,
                "service": "dns"
            },
            {
                "port": 443,
                "service": "https"
            }
        ],
        "vulns": [],
        "products": [],
        "hostnames": [
            "dns.google"
        ],
        "port_count": 2,
        "vuln_count": 0,
        "queried_host": null
    },
    "meta": {
        "timestamp": "2026-06-01T16:22:46.524Z",
        "request_id": "b5cd451a-ce57-44df-a39b-4bb493079cca"
    },
    "status": "ok",
    "message": "Host exposure retrieved",
    "success": true
}
```

#### `GET /v1/vulns` — Known CVEs detected on a host

**Parameters:**
- `ip` (query, optional, string) — An IPv4 or IPv6 address Example: `8.8.8.8`
- `host` (query, optional, string) — A hostname (resolved to its IP)

**Example:**
```bash
curl -H "x-oanor-key: $KEY" \
  "https://api.oanor.com/internetdb-api/v1/vulns?ip=8.8.8.8"
```

**Response:**
```json
{
    "data": {
        "ip": "8.8.8.8",
        "note": "No known CVEs observed by Shodan for this host (absence of evidence is not evidence of absence).",
        "vulns": [],
        "open_ports": [
            53,
            443
        ],
        "vuln_count": 0,
        "vulnerable": false,
        "queried_host": null
    },
    "meta": {
        "timestamp": "2026-06-01T16:22:46.630Z",
        "request_id": "75adb8f0-23d5-47eb-8127-da2703707d2b"
    },
    "status": "ok",
    "message": "Vulnerabilities retrieved",
    "success": true
}
```

### Meta

#### `GET /v1/meta` — Endpoint catalogue & notes

**Example:**
```bash
curl -H "x-oanor-key: $KEY" \
  "https://api.oanor.com/internetdb-api/v1/meta"
```

**Response:**
```json
{
    "data": {
        "note": "InternetDB is Shodan's fast, free index of what hosts expose to the internet. /v1/host?ip=8.8.8.8 (or ?host=dns.google, resolved via DNS) returns a host's attack surface — its open ports (annotated with common service names), detected products/technologies (CPEs), reverse hostnames, Shodan classification tags and the known vulnerabilities (CVE ids) seen on it; /v1/vulns?ip=8.8.8.8 is a security-focused view returning just the CVEs detected on the host, the open ports and whether it appears vulnerable. Accepts an IPv4 or IPv6 address, or a hostname which is resolved to its IP. Hosts with no indexed data return 404. Data from Shodan InternetDB (free, non-commercial use). A network-exposure / attack-surface resource — distinct from IP geolocation (where an IP is), the IANA port registry (what a port number means) and CVE databases (what a vulnerability is). Ideal for security, asset-discovery, monitoring and reconnaissance tooling.",
        "source": "Shodan InternetDB (internetdb.shodan.io)",
        "endpoints": [
            "/v1/host",
            "/v1/vulns",
            "/v1/meta"
        ]
    },
    "meta": {
        "timestamp": "2026-06-01T16:22:46.714Z",
        "request_id": "54ae8e73-bfd0-492e-a8f9-c0c8568bf808"
    },
    "status": "ok",
    "message": "Meta retrieved",
    "success": true
}
```


---
Marketplace page: https://www.oanor.com/api/internetdb-api
OpenAPI spec: https://www.oanor.com/api/internetdb-api/openapi.json