#security

Look up software vulnerabilities by their CVE identifier and get clean, structured details — title, description, CVSS score, severity and vector, CWE weakness types, affected vendors and products with version ranges, and reference links — plus search every CVE that affects a given vendor or product, and stream the most recently published CVEs. Sourced from the CIRCL CVE Search service over the official CVE Record 5.1 data and returned as tidy JSON through a fast, reliable API. Ideal for vulnerability management and SOC tooling, DevSecOps and SCA pipelines, security dashboards, compliance and asset-risk monitoring.

api.oanor.com/cve-api

Hash and verify passwords with bcrypt, server-side. Generate a salted bcrypt hash at a cost factor you choose (4–14), check a plaintext password against an existing hash, or inspect a hash to read its bcrypt version, cost factor and salt. Fully compatible with bcrypt hashes from PHP ($2y$), Node, Python and others, so you can verify and migrate existing credentials. Pure server-side computation with no third-party upstream, so it is always available — and it offloads the deliberately CPU-intensive hashing work from your own servers. Ideal for adding password authentication, credential migration, auth tooling, testing and no-code backends.

api.oanor.com/bcrypt-api

Agregue y pruebe la autenticación de dos factores sin lidiar con una biblioteca criptográfica. Genere un secreto base32 nuevo con un URI otpauth listo para escanear, calcule el código único basado en tiempo actual (RFC 6238), verifique un código enviado por un usuario con una ventana de deriva ajustable, o construya un URI otpauth:// para cualquier secreto. Compatible con SHA-1, SHA-256 y SHA-512, de 6 a 8 dígitos y un período personalizado, y es totalmente compatible con Google Authenticator, Authy, 1Password y otras aplicaciones de autenticación. Cálculo puro del lado del servidor sin terceros, por lo que las respuestas son instantáneas y el servicio está siempre disponible. Ideal para agregar 2FA a aplicaciones, herramientas de autenticación, control de calidad y pruebas, y automatización sin código.

api.oanor.com/totp-api

A fast, fully-local JSON Web Token toolkit: sign a JSON payload into a JWT, verify a token signature together with its exp and nbf claims using a constant-time comparison, and decode a token header and payload without verifying. Supports the HMAC algorithms HS256, HS384 and HS512, automatically adds the iat claim and an exp claim from expires_in. Built on Node crypto and secrets are never logged, so responses are instant, private and always available. Every endpoint accepts input via the query string or the request body. Ideal for authentication, API gateways, session and token tooling, microservices and webhooks.

api.oanor.com/jwt-api

Un toolkit rápido y completamente local para MIME y tipos de archivo: busque el tipo MIME, el conjunto de caracteres y la categoría de un nombre de archivo o extensión, enumere todas las extensiones de archivo registradas para un tipo MIME y detecte el tipo real de un archivo a partir de sus bytes mágicos principales (más de 40 firmas, incluida la desambiguación de contenedores RIFF para WEBP, WAV y AVI), aceptando entrada hexadecimal o base64. Cada endpoint acepta entrada a través de la cadena de consulta o el cuerpo de la solicitud. Cálculo puro del lado del servidor, sin terceros ascendentes, por lo que las respuestas son instantáneas y siempre están disponibles. Ideal para validación de carga, seguridad (verificar el tipo real de un archivo contra su extensión declarada), CDN y canalizaciones de contenido.

api.oanor.com/mime-api

A fast, fully-local password toolkit: generate cryptographically-secure random passwords (configurable length, character classes and exclude-similar), estimate password strength (entropy bits, a 0-4 score, character-class breakdown, common-password detection, an offline crack-time estimate and actionable feedback), and create memorable diceware-style passphrases. Built on Node crypto, no third-party upstream, and inputs are never logged — so responses are instant, private and always available. Ideal for signup and account flows, admin tools, password managers and security features.

api.oanor.com/password-api

Navegue e pesquise a lista oficial de procurados do FBI — fugitivos, pessoas desaparecidas, terroristas e casos de busca de informações — com acusações, advertências, recompensas, descrições físicas, escritórios de campo e fotos. Útil para notícias, segurança pública, pesquisa de segurança e aplicativos OSINT.

api.oanor.com/fbi-api

Resolve DNS records — A, AAAA, MX, NS, TXT, CNAME, SOA, SRV, CAA, PTR — for any domain, fetch all common records in a single call, or run a reverse PTR lookup for an IPv4 address. Backed by Google DNS-over-HTTPS. Ideal for devops tooling, uptime and email-deliverability checks (SPF/DKIM/DMARC), security research and domain monitoring.

api.oanor.com/dns-api