The playground

Try any of 919 endpoints — live.

Pick an endpoint, load a working example, tweak the params, and send — no signup to try. Results render the way the data deserves; raw JSON, headers & code are one tab away.

Playground demo key · api.reefapi.com

post/passive-osint/v1/subdomains2 credits

Passive subdomain discovery across crt.sh + certspotter + OTX + hackertarget + Wayback, deduped, with a per-source matrix and an honest coverage note

Working example

Parameters

domainrequired

The registrable domain to enrich (a bare host like example.com; a full URL or leading www. is accepted and normalized). NOT a person.

sourcesoptional

Which passive sources to query (comma-separated string or array). Defaults to all five. Unknown names are ignored.

request preview

curl -X POST https://api.reefapi.com/passive-osint/v1/subdomains \
  -H "x-api-key: $REEF_KEY" \
  -H "content-type: application/json" \
  -d '{"domain":"hackerone.com"}'

Hit Send to run this endpoint live.