Skip to main content

DarkRecon

DarkRecon is a stored-scan API for breach intelligence lookups. Send either a keywords array or a domain, receive a scan_id, and use that identifier to fetch the full stored result later.
Older examples used queries in the request body. The current API expects keywords.

Base URL

https://darkrecon.1337807.xyz

What you can scan

  • Email addresses
  • Phone numbers
  • Usernames and handles
  • IP addresses
  • Password strings or masked fragments
  • Car plates / vehicle identifiers
  • Social account IDs
  • Composite search phrases
  • Domains, which trigger email enumeration and follow-on scanning

Authentication

DarkRecon uses an API key sent in the request header:
  • X-API-Key: <your_api_key>
See /darkrecon/authentication.

Request model

  1. Submit POST /scan with either keywords or domain.
  2. Read the synchronous response for scan_id, status, total_breaches, and optional discovered_emails.
  3. Fetch the stored record with GET /scan/{scan_id}.
  4. Parse the results object, which is keyed by breach database name rather than normalized into a fixed schema.

Response model

  • total_breaches counts matched breach sources, not the total number of raw rows inside Data.
  • results is a dictionary keyed by breach database name.
  • Each breach entry contains InfoLeak, NumOfResults, and Data.
  • Data records are source-specific. Field names vary between breaches.
  • Password-like fields are masked in API output.
  • /darkrecon/quickstart
  • /darkrecon/api/start-scan
  • /darkrecon/api/get-scan-results