Documentation
FileScanner API
Programmatically analyze files for malware, suspicious imports, YARA matches, and threat indicators. Integrate private file analysis directly into your security pipelines, SOAR playbooks, or custom tooling.
API keys available on all plans
Free (10/day) · Solo (100/day) · Business (unlimited) — shared quota across URL Scanner, File Scanner, and API.
Overview
The FileScanner API is a REST API. All requests go to https://filescanner.online/api and return JSON.
Scanning is synchronous: submit a file via POST /api/analyze and receive the complete analysis result in a single response. Typical response time is 5–30 seconds depending on file size and content complexity.
Authentication
All API requests require an API key passed in the X-API-Key header. Generate and manage keys from the Aprensec dashboard or from your account settings on this site (avatar → Settings → API keys).
curl -X POST https://filescanner.online/api/analyze \
-H "X-API-Key: fsc_your_api_key_here" \
-F "file=@/path/to/sample.exe"Keep your key secret
Never expose it in client-side code, browser extensions, or public repositories. If a key is compromised, revoke it immediately from the dashboard and generate a new one.
Endpoint
| Method | Path | Auth | Description |
|---|---|---|---|
| POST | /api/analyze | Required | Upload a file for full malware analysis — synchronous, returns complete result |
| POST | /api/pdf/export | Required | Generate a PDF report from an analysis result |
POST /api/analyze — Analyze a File
Accepts a multipart form upload. Returns the complete analysis result synchronously. Maximum file size: 250 MB.
Request — multipart/form-data
| Field | Type | Required | Description |
|---|---|---|---|
| file | binary | Yes | The file to analyze. Any format, up to 250 MB. |
Example request
curl -X POST https://filescanner.online/api/analyze \
-H "X-API-Key: fsc_your_api_key_here" \
-F "file=@malware_sample.exe"Response Fields
A successful 200 response returns a JSON object with all analysis modules.
| Field | Type | Description |
|---|---|---|
| score.total | number | Threat score 0–100 (higher = more dangerous) |
| score.verdict | string | "clean" | "low" | "medium" | "high" | "critical" |
| score.yaraScore | number | YARA contribution to total (0–45) |
| score.importScore | number | Suspicious imports contribution (0–25) |
| score.entropyScore | number | Entropy contribution (0–15) |
| hashes | object | MD5, SHA1, SHA256 cryptographic hashes |
| fileType | string | Detected file type (magic bytes + extension) |
| yara | array | Matched YARA rules with category, severity, offsets |
| suspiciousImports | array | Flagged API imports with category and severity |
| iocs | object | Extracted URLs, IPs, domains, emails, paths, registry keys |
| entropy | object | Shannon entropy (overall + per-section with suspicious flags) |
| binaryInfo | object | null | Parsed PE or ELF binary structure, sections, imports |
| packers | array | Detected packers (UPX, VMProtect, Themida …) |
| attackMappings | array | MITRE ATT&CK technique mappings |
| behavioralProfiles | array | Classified behavior profiles (ransomware, spyware, C2 …) |
| aiAnalysis | object | null | AI-generated risk summary, verdict, recommendations |
| fuzzyHash | object | SSDEEP fuzzy hash for similarity matching |
| shareId | string | Unique ID for shareable result URL |
| remaining | number | Scans remaining in your daily quota |
Example response (truncated)
{
"remaining": 99,
"shareId": "a1b2c3d4-...",
"hashes": {
"md5": "d41d8cd98f00b204e9800998ecf8427e",
"sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
},
"fileType": "PE32 executable (GUI) Intel 80386",
"score": {
"yaraScore": 28,
"importScore": 18,
"entropyScore": 8,
"iocScore": 3,
"packerScore": 0,
"total": 57,
"verdict": "high"
},
"yara": [
{
"rule": "SuspiciousEval",
"category": "Execution",
"severity": "high",
"matches": [{"offset": "0x1a40", "data": "eval("}]
}
],
"suspiciousImports": [
{
"function": "VirtualAllocEx",
"category": "Process Injection",
"severity": "critical",
"reason": "Allocates memory in a remote process — common in injection techniques"
}
],
"aiAnalysis": {
"riskLevel": "high",
"summary": "This sample exhibits multiple process injection indicators...",
"briefSummary": "High-risk PE with injection capability and credential-theft imports."
}
}Rate Limits
Scan quotas are shared across the URL Scanner, File Scanner, and API — using one tool consumes from the same daily pool. Quotas reset at midnight UTC.
| Plan | Daily scans | Shared with |
|---|---|---|
| Free | 10 | URL Scanner · File Scanner · API |
| Solo | 100 | URL Scanner · File Scanner · API |
| Business | Unlimited | URL Scanner · File Scanner · API |
When the daily limit is reached, the API returns 429 Too Many Requests. You can purchase additional scan credits from the dashboard — credits are consumed after the daily limit is exhausted.
Errors
| Status | Meaning |
|---|---|
| 400 | No file provided, or file name is missing |
| 401 | Missing or invalid API key |
| 413 | File too large (max 250 MB) |
| 429 | Daily scan limit reached |
| 500 | Internal analysis error — try again |
Error response shape
{ "error": "Daily scan limit reached. Upgrade for more scans." }Code Examples
All examples use the synchronous POST /api/analyze endpoint. Replace fsc_your_api_key_here with your actual key.
cURL
curl -X POST https://filescanner.online/api/analyze \
-H "X-API-Key: fsc_your_api_key_here" \
-F "file=@/path/to/sample.exe" \
| jq '.score'JavaScript (Node.js)
import fs from "fs"
import FormData from "form-data"
import fetch from "node-fetch"
const API_KEY = "fsc_your_api_key_here"
const filePath = "./sample.exe"
const form = new FormData()
form.append("file", fs.createReadStream(filePath))
const res = await fetch("https://filescanner.online/api/analyze", {
method: "POST",
headers: { "X-API-Key": API_KEY, ...form.getHeaders() },
body: form,
})
const result = await res.json()
console.log("Verdict:", result.score.verdict)
console.log("Threat score:", result.score.total)
console.log("YARA matches:", result.yara.length)
console.log("Remaining scans:", result.remaining)Python
import requests
API_KEY = "fsc_your_api_key_here"
FILE_PATH = "sample.exe"
with open(FILE_PATH, "rb") as f:
response = requests.post(
"https://filescanner.online/api/analyze",
headers={"X-API-Key": API_KEY},
files={"file": (FILE_PATH, f, "application/octet-stream")},
)
result = response.json()
print(f"Verdict: {result['score']['verdict']}")
print(f"Threat score: {result['score']['total']}")
print(f"YARA matches: {len(result['yara'])}")
print(f"Remaining scans: {result['remaining']}")PHP
<?php
$apiKey = 'fsc_your_api_key_here';
$filePath = '/path/to/sample.exe';
$ch = curl_init('https://filescanner.online/api/analyze');
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_HTTPHEADER => ["X-API-Key: $apiKey"],
CURLOPT_POSTFIELDS => ['file' => new CURLFile($filePath)],
]);
$body = curl_exec($ch);
$result = json_decode($body, true);
echo "Verdict: " . $result['score']['verdict'] . PHP_EOL;
echo "Score: " . $result['score']['total'] . PHP_EOL;