For Agents
Discover hosts, subdomains, S3 buckets, URLs, and security reports tied to mobile apps and domains via BeVigil's OSINT corpus.
Get started with BeVigil OSINT API in minutes using your preferred integration method.
# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
"jentic": {
"url": "https://api.jentic.com/mcp",
"auth": "oauth"
}
}
# Then ask your agent:
"list subdomains for a target domain"
# → Jentic returns the GET /events tool with parameter schema, agent executes.What an agent can do with BeVigil OSINT API API.
List all assets discovered from a given Android package id
Enumerate hosts referenced by a mobile application
Enumerate subdomains for a target domain
Find S3 buckets referenced by a package or matching a keyword
Pull discovered URLs and query parameters from a target domain or package
GET STARTED
Use for: Find all subdomains for a target domain, List S3 buckets exposed in a mobile app, Get hosts referenced by an Android package, Search for S3 buckets containing a keyword
Not supported: Does not handle active scanning, exploit execution, or vulnerability remediation — use for read-only OSINT lookups of mobile-app-referenced hosts, subdomains, S3 buckets, URLs, and reports only.
Jentic publishes the only available OpenAPI document for BeVigil OSINT API, keeping it validated and agent-ready.
Jentic publishes the only available OpenAPI specification for BeVigil OSINT API, keeping it validated and agent-ready. The BeVigil OSINT API surfaces assets discovered from mobile applications: associated hosts, subdomains, S3 buckets, URLs, query parameters, wordlists, and security reports tied to a target Android package or domain. It is used by red teams, attack-surface management products, and bug bounty hunters to enumerate exposed assets that originate in mobile app reverse engineering. The spec covers 10 read-only endpoints scoped to package ids, domains, and S3 keywords.
Retrieve a security report for a specific Android package
List Android apps that reference a given domain
Patterns agents use BeVigil OSINT API API for, with concrete tasks.
★ Mobile-Originated Attack Surface Discovery
Enumerate the external attack surface that originates in a target's mobile apps by combining /{package_id}/all-assets, /{package_id}/hosts, and /{package_id}/S3-buckets. This catches hosts and buckets that never appear in DNS or web crawls because they are only referenced inside the Android binary. A baseline integration that fans out across a known package list takes about a day.
GET /{package_id}/all-assets/ for each target package, then GET /{package_id}/S3-buckets/ to surface any newly referenced buckets
Domain Enumeration for Bug Bounty
Run subdomain and URL enumeration for an in-scope bug bounty target via /{domain_name}/subdomains/ and /{domain_name}/urls/. Couple this with /{domain_name}/apps/ to surface mobile apps that reference the domain — often a richer source of forgotten endpoints than web-only recon. Fits straightforwardly into an existing recon pipeline in a few hours.
GET /{domain_name}/subdomains/ for the in-scope domain, then GET /{domain_name}/apps/ and pivot into /{package_id}/all-assets/ for each app id
Continuous Bucket Monitoring
Watch for new S3 buckets that match a brand keyword and may indicate misconfigured cloud storage tied to the company. /{keyword}/S3-keyword/ returns matching buckets discovered across BeVigil's mobile corpus. A daily polling job with delta detection takes a few hours and feeds directly into a cloud-misconfig review queue.
Poll /{keyword}/S3-keyword/ daily for the company's brand keywords and emit any new bucket names to a review queue
AI Agent for Attack-Surface Triage
An AI agent uses Jentic to discover BeVigil operations and triage a target's attack surface: pulling hosts, S3 buckets, URLs, and the security report in one orchestrated pass. The agent searches by intent, loads the operation schema, and executes against BeVigil without learning the 10-endpoint surface manually. Through Jentic, integration takes under an hour.
Search Jentic for 'list bevigil subdomains' and execute /{domain_name}/subdomains/ for the target, then chain into /{package_id}/all-assets/ for each linked app
10 endpoints — jentic publishes the only available openapi specification for bevigil osint api, keeping it validated and agent-ready.
METHOD
PATH
DESCRIPTION
/{package_id}/all-assets/
All assets tied to a package id
/{package_id}/hosts/
Hosts referenced by a mobile app
/{package_id}/S3-buckets/
S3 buckets referenced by a mobile app
/{package_id}/report/
Security report for a package
/{domain_name}/subdomains/
Subdomains for a domain
/{domain_name}/urls/
URLs discovered for a domain
/{domain_name}/apps/
Apps that reference a domain
/{keyword}/S3-keyword/
S3 buckets matching a keyword
/{package_id}/all-assets/
All assets tied to a package id
/{package_id}/hosts/
Hosts referenced by a mobile app
/{package_id}/S3-buckets/
S3 buckets referenced by a mobile app
/{package_id}/report/
Security report for a package
/{domain_name}/subdomains/
Subdomains for a domain
Three things that make agents converge on Jentic-routed access.
Credential isolation
BeVigil access tokens are stored encrypted in the Jentic vault. Agents receive scoped execution rights — the X-Access-Token header is injected at execution time and never appears in the agent's context window.
Intent-based discovery
Agents search Jentic by intent such as 'bevigil subdomains for domain' or 'bevigil s3 buckets for app' and Jentic returns the matching BeVigil operation with its parameter schema, removing the need to read the 10-endpoint reference manually.
Time to first call
Direct BeVigil integration: 1 to 2 days for token onboarding, path templating, and pagination handling. Through Jentic: under 1 hour — search, load schema, execute.
Alternatives and complements available in the Jentic catalogue.
Shodan API
Internet-wide service and banner enumeration as a complement to mobile-originated OSINT
Use Shodan for service banners across the public IPv4 space; choose BeVigil when an agent needs assets sourced specifically from mobile apps.
AbuseIPDB API
Reputation and abuse history lookups on hosts discovered by BeVigil
After BeVigil surfaces a host or IP, use AbuseIPDB to score its reported abuse history before triaging.
Specific to using BeVigil OSINT API API through Jentic.
Why is there no official OpenAPI spec for BeVigil OSINT API?
BeVigil does not publish an OpenAPI specification. Jentic generates and maintains this spec so that AI agents and developers can call BeVigil OSINT API via structured tooling. It is validated against the live API and kept up to date. Get started at https://app.jentic.com/sign-up.
What authentication does the BeVigil OSINT API use?
BeVigil uses an API key passed in the X-Access-Token request header. Tokens are provisioned through the BeVigil OSINT dashboard. When called via Jentic, the access token is stored encrypted in the Jentic vault and injected at execution time so it never appears in the agent's context.
Can I enumerate subdomains for a target domain?
Yes. GET /{domain_name}/subdomains/ returns subdomains BeVigil has observed for the supplied domain, sourced from mobile app references rather than passive DNS. Pair with /{domain_name}/apps/ to find mobile apps that reference the same domain.
How do I find S3 buckets referenced by an Android app through Jentic?
Run pip install jentic and search for 'bevigil s3 buckets for android app'. Jentic returns GET /{package_id}/S3-buckets/, the agent loads the schema, and executes with the package id. Combine with /{keyword}/S3-keyword/ to fan out by brand keyword.
What rate limits apply to the BeVigil OSINT API?
BeVigil enforces per-token rate limits and request quotas tied to the subscription tier; the OpenAPI spec does not encode these explicitly. Honour 429 responses with backoff and cache asset listings client-side when running large recon sweeps.
Is the BeVigil OSINT API free?
BeVigil OSINT is a paid commercial service with tiered plans based on call volume and feature access. Free trial credentials are available from the BeVigil sign-up flow but production use of the asset and report endpoints requires an active subscription.
/{domain_name}/urls/
URLs discovered for a domain
/{domain_name}/apps/
Apps that reference a domain
/{keyword}/S3-keyword/
S3 buckets matching a keyword