@apiclient.xyz/abuse.ch Documentation for @apiclient.xyz/abuse.ch readme.md for @apiclient.xyz/abuse.ch 🛡️ Unofficial TypeScript/JavaScript client for retrieving threat intelligence data from abuse.ch Access real-time malware URLs, malicious indicators of compromise (IOCs), and botnet C&C servers through a clean, type-safe API. Issue Reporting and Security For reporting bugs, issues, or security vulnerabilities, please visit community.foss.global/. This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a code.foss.global/ account to submit Pull Requests directly. What is abuse.ch? abuse.ch is a community-driven platform operated by a Swiss security researcher that tracks and shares threat intelligence data. This module provides programmatic access to three key abuse.ch services: URLhaus - Malware URL distribution database ThreatFox - Indicators of Compromise (IOC) sharing platform FeodoTracker - Botnet C&C server tracker Installation npm install @apiclient.xyz/abuse.ch # or pnpm install @apiclient.xyz/abuse.ch Usage URLhaus - Retrieve Malicious URLs import { UrlHaus } from '@apiclient.xyz/abuse.ch'; const urlHaus = new UrlHaus(); const maliciousUrls = await urlHaus.getData(); console.log(maliciousUrls[0]); // { // ID: '12345', // Dateadded: '2025-01-15 10:30:00', // URL: 'http://malicious-example.com/malware.exe', // URLStatus: 'online', // Threat: 'malware_download', // AssociatedTags: 'emotet', // UrlHausLink: 'https://urlhaus.abuse.ch/url/12345/', // Reporter: 'abuse_ch' // } ThreatFox - Access IOC Data import { ThreatFox } from '@apiclient.xyz/abuse.ch'; const threatFox = new ThreatFox(); const iocs = await threatFox.getData(); console.log(iocs[0]); // { // ID: '67890', // Dateadded: '2025-01-15 11:45:00', // URL: 'http://c2-server.example.com', // URLStatus: 'online', // Threat: 'botnet_cc', // AssociatedTags: 'mirai', // ThreatFoxLink: 'https://threatfox.abuse.ch/ioc/67890/', // Reporter: 'researcher_name' // } FeodoTracker - Track Botnet C&C Servers import { FeodoTracker } from '@apiclient.xyz/abuse.ch'; const feodoTracker = new FeodoTracker(); const c2servers = await feodoTracker.getData(); console.log(c2servers[0]); // { // ip_address: '192.0.2.100', // port: 8080, // status: 'online', // hostname: 'malicious.example.com', // as_number: 12345, // as_name: 'EXAMPLE-AS', // country: 'US', // first_seen: '2025-01-10', // last_online: '2025-01-15', // malware: 'Emotet' // } TypeScript Support This module is written in TypeScript and provides full type definitions out of the box. All data structures are properly typed for maximum developer productivity and type safety. import type { IUrlHausData, IThreatFoxData, IFeodoTrackerData } from '@apiclient.xyz/abuse.ch'; Proxy Support The client automatically detects and uses proxy settings from your environment variables ( HTTP_PROXY, HTTPS_PROXY) when making requests to abuse.ch APIs. Features ✅ Type-safe - Full TypeScript support with comprehensive interfaces ✅ Modern - Uses ES modules and async/await patterns ✅ Lightweight - Minimal dependencies, focused functionality ✅ Proxy-aware - Automatic proxy detection and configuration ✅ Reliable - Fetches data directly from official abuse.ch sources API Rate Limits Please be respectful of abuse.ch's resources. The service is provided free of charge by the security community. Avoid excessive polling and cache results when possible. Links npm package abuse.ch official website URLhaus ThreatFox FeodoTracker License and Legal Information This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the license file within this repository. Please note: The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file. Trademarks This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH. Company Information Task Venture Capital GmbH Registered at District court Bremen HRB 35230 HB, Germany For any legal inquiries or if you require further information, please contact us via email at hello@task.vc. By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works. changelog.md for @apiclient.xyz/abuse.ch 2025-11-22 - 2.0.1 - fix(package.json) Pin pnpm packageManager in package.json and remove stale analysis.md Add packageManager field to package.json to pin pnpm to pnpm@10.18.1 with integrity hash Remove outdated analysis.md file 2025-11-22 - 2.0.0 - BREAKING CHANGE(UrlHaus) Rename UrlHouse to UrlHaus (public API change), migrate dev dependencies to @git.zone, bump runtime deps, adjust TS module resolution, and update tests/docs. Renamed class/file: urlhouse.ts -> urlhaus.ts and updated export in ts/index.ts — public API class name changed from UrlHouse to UrlHaus (breaking change). Updated tests to use @git.zone/tstest/tapbundle, adjusted test names, and switched to export default tap.start() pattern. Migrated devDependencies from @gitzone/* to @git.zone/* and upgraded versions (@git.zone/tsbuild, tsbundle, tsdoc, tsrun, tstest). Bumped several runtime dependencies: @push.rocks/smartfile -> 11.2.7, @push.rocks/smartpath -> 6.0.0, csv-parser -> 3.2.0, https-proxy-agent -> 7.0.6, unzipper -> 0.12.3. Set TypeScript compiler option module to nodenext to match moduleResolution: nodenext. Minor CSV parsing/formatting fixes (mapValues trailing comma, consistent URL sanitization) and cleanup of temporary files after parsing. Expanded README and added readme.hints.md with migration/build/test instructions. 2023-07-28 - 1.0.1..1.0.8 - maintenance Maintenance releases and internal core updates. Published patch releases 1.0.1 through 1.0.8. Contained internal core updates and version bumps; no user-facing feature changes documented. Consolidated minor fixes and housekeeping changes across these builds. 2023-08-01 - 1.0.9..1.0.12 - core fixes Patch releases with core updates. Published patch releases 1.0.9 through 1.0.12. Applied multiple core updates (commit messages: "fix(core): update") and bumped versions. No additional feature work or breaking changes noted.