FastBin API Documentation - Malware Analysis & Reverse Engineering Platform

Overview

FastBin provides a powerful malware analysis and reverse engineering API powered by Ghidra. Perform comprehensive static analysis, detect malicious patterns, and decompile binaries in seconds.

Key Features

Complete static analysis with metadata extraction (MD5, SHA256, architecture, file type)
Malicious pattern detection and automated risk assessment
ZIP archive support with automatic extraction
File size limits: 5MB (anonymous) / 100MB (authenticated users)
Ghidra-powered decompilation with code visualization
Function-level analysis with detailed signature information
String extraction and cross-reference analysis
RESTful API design with JSON responses

Base URL

https://api.fastbin.io:8443

Authentication

The API uses JWT (JSON Web Token) authentication. Tokens are valid for 1 hour and must be included in the Authorization header for authenticated requests.

POST /api/register

Create a new user account to access authenticated features and increased file size limits

Parameters

Parameter	Type	Required	Description
username	string	Yes	Unique username for your account
email	string	Yes	Valid email address
password	string	Yes	Password (minimum 6 characters)

Request Example

{
  "username": "user",
  "email": "[email protected]",
  "password": "securepassword123"
}

Response (201 Created)

{
  "message": "Account created successfully",
  "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": 123,
    "username": "user",
    "email": "[email protected]"
  }
}

POST /api/login

Authenticate and obtain a JWT token for API access

Request Example

{
  "email": "[email protected]",
  "password": "securepassword123"
}

Response (200 OK)

{
  "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Public Endpoints

These endpoints are accessible without authentication and provide basic information and analysis capabilities.

GET /

Get general API information, server status, and available endpoints

Response (200 OK)

{
  "message": "Malware analysis API operational",
  "files_analyzed": 25483,
  "server_status": "running",
  "api_version": "1.0",
  "endpoints": {
    "public": [
      "GET /",
      "POST /analyze",
      "GET /files-count",
      "GET /stats",
      "GET /function/:projectName/:address"
    ],
    "auth": [
      "POST /api/login",
      "POST /api/register"
    ]
  }
}

POST /analyze

Analyze a binary file using Ghidra's powerful reverse engineering engine. Supports ZIP archives containing a single file. File size limits: 5MB (anonymous) / 100MB (with JWT authentication).

Headers

Header	Value	Required
Content-Type	multipart/form-data	Yes
Authorization	Bearer JWT_TOKEN	Optional

Parameters

malware

file

Yes

Binary file to analyze (EXE, DLL, ELF, ZIP, etc.)

cURL Example

curl -X POST https://api.fastbin.io:8443/analyze \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -F "[email protected]"

Response (200 OK)

{
  "filename": "sample.exe",
  "filesize": 102400,
  "filetype": "application/x-dosexec (exe)",
  "architecture": "x86_64",
  "md5": "5d41402abc4b2a76b9719d911017c592",
  "sha256": "7d865e959b2466918c9863afca942d0fb89d7c9ac0c99bafc3749504ded97730",
  "stringCount": 45,
  "totalFilesAnalyzed": 25484,
  "programInfo": {
    "name": "sample.exe",
    "language": "x86:LE:64:default",
    "compiler": "windows",
    "executable_format": "Portable Executable (PE)",
    "image_base": "0x140000000"
  },
  "sections": [".text", ".rdata", ".data", ".pdata"],
  "functions": [
    {
      "address": "0x140001000",
      "name": "main",
      "signature": "int main(int argc, char** argv)",
      "hasDecompiled": true
    }
  ],
  "functionCount": 12,
  "strings": [
    {
      "address": "0x140003000",
      "value": "Hello World"
    }
  ],
  "projectName": "project_1704202800_abc123",
  "potentiallyMalicious": false,
  "maliciousIndicators": [],
  "decompiled": "int main(int argc, char** argv) {\n  printf(\"Hello World\");\n  return 0;\n}",
  "selectedFunction": "main"
}

GET /files-count

Get the total number of files analyzed by the platform

Response (200 OK)

{
  "count": 25483
}

GET /stats

Retrieve public server statistics and usage metrics

Response (200 OK)

{
  "message": "Server statistics",
  "files_analyzed": 25483,
  "last_update": "2026-01-20T14:30:00.000Z"
}

GET /function/:projectName/:address

Retrieve complete details for a specific function including decompiled code

URL Parameters

projectName	string	Yes	Ghidra project name (returned by /analyze endpoint)
address	string	Yes	Memory address of the function (e.g., 0x140001000)

Request Example

GET /function/project_1704202800_abc123/0x140001000

Response (200 OK)

{
  "name": "main",
  "address": "0x140001000",
  "signature": "int main(int argc, char** argv)",
  "is_external": false,
  "decompiled": "int main(int argc, char** argv) {\n  HWND hwnd;\n  MSG msg;\n  \n  hwnd = CreateWindowW(...);\n  ShowWindow(hwnd, SW_SHOW);\n  \n  while (GetMessage(&msg, NULL, 0, 0)) {\n    TranslateMessage(&msg);\n    DispatchMessage(&msg);\n  }\n  \n  return 0;\n}"
}

Rate Limits & Best Practices

Rate Limits

To ensure fair usage and optimal performance for all users, the following rate limits apply:

Anonymous users: 10 requests per hour
Authenticated users: 100 requests per hour
File size limit: 5MB (anonymous) / 100MB (authenticated)

Best Practices

Always use HTTPS for secure communication
Store JWT tokens securely and refresh before expiration
Implement proper error handling for API responses
Cache analysis results when possible to reduce API calls
Use ZIP archives for batch processing single files
Validate file types before uploading to avoid unnecessary requests

Error Codes

The API uses standard HTTP status codes to indicate success or failure:

Status Code	Description
200 OK	Request successful
201 Created	Resource created successfully (registration)
400 Bad Request	Invalid request parameters or malformed data
401 Unauthorized	Missing or invalid authentication token
413 Payload Too Large	File exceeds size limit
429 Too Many Requests	Rate limit exceeded
500 Internal Server Error	Server-side error occurred