API Transparency

Complete disclosure of third-party services and data sources

ASNSPY API Transparency & Third-Party Services Guide

Version: 3.1.0 Last Updated: January 15, 2026 Purpose: Complete transparency about external services, APIs, rate limits, costs, and user responsibilities

WHY THIS DOCUMENT EXISTS

ASNSPY integrates with multiple third-party services and APIs to provide comprehensive reconnaissance capabilities. This document ensures you understand:

1. What external services are used (and when)

2. Rate limits and costs for each service

3. Your legal responsibilities when using these services

4. How to configure services for your use case

5. What licenses you need for commercial use

Our commitment: Full transparency about what data sources we use, their limitations, and your obligations when using them.

Quick Reference: Data Sources

ServicePurposeLicenseRate LimitsUser Action
MaxMind GeoLite2-ASNIP-to-ASN mapping, cloud detectionCC BY-SA 4.0♾ Unlimited (local)Download (strongly recommended)
RouteViews/IRRASN prefix enumerationCC BY 4.0Respectful useNone (built-in delays)
Team Cymru DNSIP-to-ASN fallbackFree serviceUnknownNone (fallback only)
IPinfo.ioCloud detection fallbackCC BY-SA 4.050k/monthNone (fallback only)
NVD APICVE vulnerability dataPublic Domain5/30s (free)
50/30s (with key)		Get API key (recommended)
Vulners APIEnhanced CVE dataUser-licensedPer your planProvide your key
crt.shCertificate TransparencyFree servicePolite useNone (built-in delays)
WHOIS/DNSStandard protocolsPublicVaries by serverNone

Recommended Setup

For Personal Use / Bug Bounty Hunters

Minimum Setup:
  • Install ASNSPY
  • Run scans
Recommended Additions:
  • MaxMind GeoLite2-ASN (free, unlimited queries)
  • NVD API key (free, 10x faster CVE scanning)
Total Cost: $0

For Professional Penetration Testers

Required:
  • MaxMind GeoLite2-ASN (eliminates rate limit issues)
  • NVD API key (faster CVE scanning)
Optional:
  • Vulners API subscription (enhanced CVE data)
Total Cost: $0-600/month

For SOC Teams / Enterprise

Critical:
  • MaxMind GeoLite2-ASN (required for large-scale scans)
  • NVD API key (required for efficient CVE detection)
Recommended:
  • IPinfo.io commercial plan (if MaxMind insufficient)
  • Vulners Enterprise subscription (comprehensive CVE data)
Total Cost: $0-2000/month depending on scale

For Continuous Monitoring / Automation

Absolutely Required:
  • MaxMind GeoLite2-ASN (no alternatives for this scale)
  • NVD API key (critical for automation)
  • Commercial API plans for all services
Total Cost: $500-3000/month depending on volume

Detailed Service Information

1. MaxMind GeoLite2-ASN Database

What it does:
  • Maps IP addresses to ASN numbers
  • Provides organization names
  • Enables cloud provider detection
License: Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) Attribution Required:

This product includes GeoLite2 data created by MaxMind,

available from https://www.maxmind.com

Rate Limits: None (local database, unlimited queries) Cost: Free Commercial Use: Allowed with attribution Setup:

1. Sign up: https://www.maxmind.com/en/geolite2/signup (free account)

2. Download: GeoLite2-ASN.mmdb database

3. Place in: `/usr/local/share/GeoIP/GeoLite2-ASN.mmdb`

4. ASNSPY will automatically detect and use it

Why Recommended:
  • Unlimited queries (no rate limits)
  • Faster than remote API calls
  • More reliable than fallback services
  • Professional (required for enterprise use)
Without MaxMind:
  • ASNSPY falls back to Team Cymru DNS service
  • Fallback may trigger abuse detection on high-volume scans
  • Not recommended for production/commercial use

2. University of Oregon RouteViews Project

Purpose:
  • ASN prefix enumeration
  • BGP routing table data
  • Network topology discovery
Provider: University of Oregon License: Creative Commons Attribution 4.0 International (CC BY 4.0) Attribution:

BGP routing data from University of Oregon RouteViews Project

http://www.routeviews.org

Website: http://www.routeviews.org API Documentation: http://www.routeviews.org/routeviews/ Commercial Use: Allowed with attribution Rate Limits: No specific limits, but ASNSPY includes respectful delays (1-2 seconds between queries) Cost: Free Data Quality:
  • Authoritative BGP routing data
  • Updated regularly
  • Comprehensive global coverage
  • Used by researchers and network operators worldwide
ASNSPY Implementation:
  • Queries RouteViews RIB dumps via HTTP
  • Parses BGP prefixes for target ASN
  • Implements 1-2 second delays between requests
  • Handles rate limiting gracefully

3. RADB & Internet Routing Registry (IRR)

Purpose:
  • ASN prefix verification
  • Routing policy data
  • Route object information
Provider: Merit Network (RADB) and other IRR operators License: Community resource (free access) Attribution:

Routing policy data from RADB Internet Routing Registry

https://www.radb.net

Website: https://www.radb.net Protocol: WHOIS (standard Internet protocol) Commercial Use: Allowed Rate Limits: No specific limits, but servers may rate limit excessive queries Cost: Free ASNSPY Implementation:
  • Queries via WHOIS protocol (whois.radb.net port 43)
  • Looks up route objects for ASN prefixes
  • Verifies ASN assignments
  • Respectful query patterns

4. National Vulnerability Database (NVD)

Purpose:
  • CVE vulnerability information
  • Security advisory data
  • CVSS scores and impact ratings
  • Vulnerability descriptions
Provider: National Institute of Standards and Technology (NIST) License: Public Domain (U.S. Government data) Attribution:

This product uses the NVD API but is not endorsed or certified by the NVD.

Website: https://nvd.nist.gov API Documentation: https://nvd.nist.gov/developers Commercial Use: Allowed (public domain) Requirements:
  • Include attribution notice
  • Respect rate limits (5 req/30s without key, 50 req/30s with key)
  • Do not claim endorsement by NVD
Rate Limits:
  • Without API key: 5 requests per 30 seconds
  • With API key: 50 requests per 30 seconds
  • Get free API key: https://nvd.nist.gov/developers/request-an-api-key
Cost: Free Why Get an API Key:
  • 10x faster scanning (50 req/30s vs 5 req/30s)
  • Required for commercial/enterprise use
  • Free to obtain
  • Easy to configure in ASNSPY
ASNSPY Implementation:
  • Queries NVD API v2.0
  • Respects rate limits automatically
  • Uses API key if configured
  • Caches CVE data locally to reduce queries

5. Certificate Transparency Logs

Purpose:
  • Subdomain discovery
  • SSL/TLS certificate information
  • Historical certificate data
  • Domain enumeration
Provider: Multiple CT log operators (accessed via crt.sh) Service: crt.sh (Sectigo public CT search) License: Free public service Attribution:

Certificate Transparency data queried via crt.sh

https://crt.sh

Website: https://crt.sh Commercial Use: Allowed (polite use) Requirements:
  • Respect rate limits (implement delays)
  • Do not abuse the service
  • No formal attribution required but recommended
Rate Limits: No official limits, but ASNSPY implements polite delays Cost: Free ASNSPY Implementation:
  • Queries crt.sh via HTTP API
  • Includes 1-2 second delays between queries
  • Handles rate limiting gracefully
  • Respects service availability

6. WHOIS & DNS Protocols

Purpose:
  • Domain ownership information
  • DNS records (A, AAAA, MX, TXT, etc.)
  • Contact information
  • Registrar details
Provider: Various WHOIS servers and DNS resolvers License: Standard Internet protocols Attribution: Not required Commercial Use: Allowed Rate Limits: Vary by WHOIS server (ASNSPY respects individual server limits) Cost: Free ASNSPY Implementation:
  • Uses standard WHOIS protocol (port 43)
  • Queries authoritative DNS servers
  • Implements delays to respect rate limits
  • Handles WHOIS server redirects

Fallback Services (Used Only When Primary Sources Unavailable)

7. Team Cymru IP-to-ASN Service

Purpose:
  • IP address to ASN mapping (when MaxMind not available)
  • Traceroute hop attribution
Provider: Team Cymru License: Free community service (terms not specific) Attribution:

IP-to-ASN mapping by Team Cymru

https://www.team-cymru.com

Website: https://www.team-cymru.com/ip-asn-mapping Commercial Use: Terms unclear When Used:
  • Only as fallback when MaxMind GeoLite2-ASN is not installed
  • Not recommended for production/enterprise use
  • May trigger abuse detection on high-volume scans
Rate Limits: None documented, but abuse detection is active Cost: Free ASNSPY Behavior:
  • Displays warning when using Team Cymru
  • Recommends installing MaxMind instead
  • Uses as last resort only
Recommendation: Install MaxMind to avoid reliance on this service

8. IPinfo.io

Purpose:
  • Cloud provider detection (when MaxMind insufficient)
  • IP geolocation
  • Hosting provider identification
Provider: IPinfo.io License: Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) for free tier Attribution:

IP data provided by IPinfo.io

https://ipinfo.io

Website: https://ipinfo.io Commercial Use:
  • Free tier: Allowed with attribution (50,000 requests/month)
  • Commercial tier: Requires paid plan
Rate Limits:
  • Free tier: 50,000 requests per month
  • Basic plan ($49/month): 250,000 requests per month
  • Standard plan ($249/month): 1,000,000 requests per month
When Used:
  • Only as fallback when MaxMind cannot identify cloud provider
  • Requires user configuration for commercial use
Cost:
  • Free: $0 (50k requests/month)
  • Basic: $49/month
  • Standard: $249/month
  • Business: $499/month
Recommendation: Install MaxMind GeoLite2-ASN to avoid rate limits

User-Configured Services (Optional, User-Licensed)

9. Vulners API (Optional)

Purpose:
  • Enhanced CVE vulnerability intelligence
  • Exploit availability information
  • Vulnerability references and advisories
Provider: Vulners.com License: User must provide their own licensed API key Website: https://vulners.com Commercial Use:
  • Free tier: May have restrictions (100 credits/month)
  • Commercial plans: Required for business use (starts at 475/month)
Rate Limits: Depends on your Vulners plan Cost:
  • Free tier: $0 (100 credits/month, possible commercial restrictions)
  • Startup plan: 475/month (60,000 requests)
  • Business plan: 1,275/month (180,000 requests)
  • Enterprise: Custom pricing
IMPORTANT:
  • You are responsible for ensuring your Vulners API key is properly licensed
  • Using free-tier keys in commercial environments may violate Vulners' terms
  • ASNSPY does not provide Vulners licenses
  • ASNSPY is not responsible for your Vulners terms violations
Configuration:

bash

VULNERS_API_KEY="your-api-key-here" asnspy --target AS15169

Why Optional:
  • NVD provides comprehensive CVE data for free
  • Vulners adds exploit intelligence and additional context
  • Only needed if you require exploit availability data

10. User-Configured Integrations

ASNSPY supports various user-configured integrations. You are fully responsible for licensing and costs.

Webhook Integrations

Examples:
  • Slack webhooks
  • Discord webhooks
  • Microsoft Teams webhooks
  • Custom HTTP endpoints
User Responsibility:
  • Ensure your webhook URLs are properly secured
  • Comply with third-party service terms (Slack, Discord, etc.)
  • Any costs for third-party services
Configuration:

bash

asnspy --webhook "https://hooks.slack.com/services/YOUR/WEBHOOK/URL"

Database Exports

Supported:
  • PostgreSQL
  • MySQL/MariaDB
  • MongoDB
User Responsibility:
  • Provide your own database credentials
  • Ensure proper database security
  • Pay for database hosting costs
  • Comply with database licensing (e.g., MongoDB commercial use)
Configuration:

bash

asnspy --db-export postgres://user:pass@host/database

SIEM Integrations

Supported:
  • Splunk
  • IBM QRadar
  • Elastic SIEM
  • Microsoft Sentinel
User Responsibility:
  • Have valid SIEM licenses
  • Ensure SIEM is properly configured
  • Pay for SIEM subscription costs
  • Comply with SIEM vendor terms
Configuration:

bash

asnspy --siem-export splunk://your-splunk-instance:8088

Use Case Configurations

Personal / Bug Bounty Hunter

Recommended Setup:
  • MaxMind GeoLite2-ASN (FREE, unlimited)
  • NVD API with key (FREE, 50 req/30sec)
  • ⏭ Skip Vulners (NVD sufficient for basic CVE data)
  • ⏭ Skip commercial APIs
Total Cost: $0/month Suitable For: Individual researchers, bug bounty hunters, students

Professional Penetration Tester

Recommended Setup:
  • MaxMind GeoLite2-ASN (FREE, unlimited)
  • NVD API with key (FREE, 50 req/30sec)
  • Vulners free tier (100 credits/month, if non-commercial)
  • Skip: Paid APIs unless needed
Total Cost: $0-49/month Suitable For: Professional pen testers, security consultants, CTF teams

SOC / Enterprise Security Team

Recommended Setup:
  • MaxMind GeoLite2-ASN (FREE, unlimited)
  • NVD API with key (FREE, 50 req/30sec)
  • Vulners commercial plan (475/month, for comprehensive CVE data)
  • IPinfo.io commercial (optional, $49-499/month for API)
  • SIEM integration (your existing SIEM license)
  • Database exports (your existing database)
Total Cost: $0-1000/month (excluding existing infrastructure) Suitable For: Enterprise SOC teams, managed security service providers

Continuous Monitoring / Automation

Recommended Setup:
  • MaxMind GeoLite2-ASN (CRITICAL - avoid fallback rate limits)
  • NVD API with key (CRITICAL - 10x better performance)
  • Vulners commercial (RECOMMENDED - better data)
  • Commercial API plans for high-volume use
  • Webhooks for alerting
  • Database for historical analysis
Total Cost: $500-2000/month Suitable For: Continuous security monitoring, automated scanning, large enterprises

COMPLIANCE CHECKLIST

For Commercial Use

  • [ ] MaxMind GeoLite2-ASN installed (or acknowledge fallback rate limits)
  • [ ] MaxMind attribution included in any public-facing outputs
  • [ ] RouteViews/IRR attribution included
  • [ ] NVD API key obtained (free, but 10x better performance)
  • [ ] All third-party API keys properly licensed for commercial use
  • [ ] Vulners API key (if used) is from commercial plan
  • [ ] SIEM licenses valid for intended use
  • [ ] Terms of Service acknowledged
  • [ ] Proper authorization obtained for all targets
  • [ ] Data protection compliance (GDPR, CCPA, etc.)

COST BREAKDOWN EXAMPLES

Scenario 1: Bug Bounty Hunter

  • MaxMind: $0
  • NVD API: $0 (use free key)
  • Vulners: $0 (free tier, 100 credits)
  • TOTAL: $0/month

Scenario 2: Small Security Consulting Firm

  • MaxMind: $0
  • NVD API: $0 (use free key)
  • Vulners: $0 (free tier) or 475/month (commercial)
  • TOTAL: $0 or 475/month

Scenario 3: Enterprise SOC Team

  • MaxMind: $0
  • NVD API: $0 (use free key)
  • Vulners: 475/month (commercial)
  • IPinfo.io: $249/month (Standard plan)
  • SIEM: $0 (existing license)
  • TOTAL: ~$750/month

Scenario 4: Continuous Monitoring Service

  • MaxMind: $0
  • NVD API: $0 (use free key)
  • Vulners: 475/month (commercial)
  • IPinfo.io: $499/month (Business plan)
  • SIEM: $0 (existing license)
  • Database: $0 (existing infrastructure)
  • TOTAL: ~$1000/month

API CHANGES & UPDATES

This document will be updated when:

  • New APIs are integrated
  • Existing APIs change their terms
  • Rate limits are modified
  • Pricing changes occur
  • New licensing requirements emerge
Check for updates: https://www.asnspy.com/legal/api-transparency Last Updated: January 15, 2026

TRANSPARENCY COMMITMENT

We commit to:

1. Documenting all external services before integration

2. Disclosing rate limits and costs clearly

3. Explaining user responsibilities for third-party services

4. Updating this document when changes occur

5. Being honest about limitations and dependencies

QUESTIONS?

Email: legal@asnspy.com Website: https://www.asnspy.com/legal Support: contact@asnspy.com © 2026 ASNSPY - Full Transparency, Always
Back to Legal Hub