Frequently Asked Questions

buckets.grayhatwarfare.com is a search engine for publicly accessible buckets. It indexes open buckets, and lets users search for files to identify exposed or misconfigured cloud storage. Read more here.

Yes. You can access our bucket index using a documented RESTful API. Our RESTful API lets you search, fetch, filter, and sort bucket files and entries directly through HTTP endpoints. You can make authenticated GET requests to endpoints such as https://buckets.grayhatwarfare.com/api/v2/files for file searches, https://buckets.grayhatwarfare.com/api/v2/buckets for listing and filtering buckets, and https://buckets.grayhatwarfare.com/api/v2/stats to retrieve index statistics. Authentication is done by including your API key either as a header (Authorization: Bearer {apiKey}) or as a query parameter (access_token={apiKey}). Read more on our API documentation.

For large result sets, the our scrolling API allows you to fetch all matching records efficiently and without timeouts. This method uses paging-mode=scrolling and sequential scroll-id tokens provided in responses to continuously retrieve pages until all results are fetched. Full technical details, usage examples, and parameter references are available here. 

shorteners.grayhatwarfare.com is a search engine that indexes and lets you explore URLs exposed by link shortener services like bit.ly or tinyurl. It helps researchers and security testers find publicly accessible shortened links that may reveal sensitive or misconfigured data. Read more here. 

Yes. Our shorteners index is fully accessible via a RESTful API. You can search URLs with GET https://shorteners.grayhatwarfare.com/api/v1/files, list subdomains, or fetch stats. Authenticate using Authorization: Bearer {apiKey} or access_token={apiKey}. Queries support filters like keywords, ext, sorting, and regex. Read more on our API documentation.   

Yes we do, but payments are manual. The accepted cryptocurrencies are: Bitcoin, Ethereum, Bitcoin Cash, Litecoin, Dai and USD. Please contact us and tell us what package you want to purchase and the cryptocurrency you want to use. Also make sure you have registered with a free account so that we can upgrade and mention your registration email address in the email, if different. We will respond with a cryptocurrency address and the exact amount you need to send. Upon receiving the payment we will upgrade your account.

Since 10-May-2020 we have full support for Crypto payments. You can select between Credit card payments and Crypto in the purchase step. Supported cryptocurrencies are: Bitcoin, Ethereum, Bitcoin Cash, Litecoin, Dai and USD

No. Since April 2020 we include all files listed in buckets. We used to exclude images for performance reasons, but since many people requested them we have redesigned and reimplement our architecture to support more files.

We exclude of course, sensitive buckets that some person or organization asked us to remove.

Yes. We offer custom addons that include tailor made API endpoints, automated reports and alerts, targeted bucket scans, and other specialized tooling based on your input. These solutions can integrate with your workflow or data requirements. For details on available plans and how custom services are priced, reference our packages page. Feel free to contact us if you have more questions.