-
-
Notifications
You must be signed in to change notification settings - Fork 139
API
Mrigank Anand edited this page Sep 10, 2022
·
48 revisions
By using this switch, you will start the API server without any authentication required! to enable the authentication,
set api_access_without_key as True in config.py.
the authentication key must send as parameter key in every request (could be set as Cookie, GET, POST). after you run
the API server, a simple WebUI is also available to use (index.html
). It shows a few graphs using the API with JQuery
etc...
- All parameters could be sent in GET call as mentioned in the documentation below.
-
limit
parameter default value is10
, if you want to set it as unlimited, set it as0
-
skip
parameter default value is0
GET /api/events/count/<event_type>
URL Params
Attribute | Type | Required | Description |
---|---|---|---|
event_type | string | yes | type of event. Valid event types : [honeypot, all, network, credential, file, data, pcap ] |
date | string | no | used for filtering events by date |
Success Response:
- Code: 200 Content:
{
"count": 16161952,
"date": null
}
Error Response:
- Code: 404 Not found Content:
{
"msg": "file/path not found!",
"status": "error"
}
GET /api/events/count/groupby/<event_type>/<element>
URL Params
Attribute | Type | Required | Description |
---|---|---|---|
event_type | string | yes | type of event. Valid event types : [honeypot, network, credential, file, data, pcap] |
element | string | yes | Used for filtering the events based on the type. Valid element : [ip, country,port, module_name, username, password,machine_name] |
date | string | no | used for filtering events by date |
country | string | no | used for filtering events by country |
Success Response:
- Code: 200 Content:
[
{
"count": 1703,
"country": "DE"
}
]
Error Response:
- Code: 404 Not found Content:
{
"msg": "file/path not found!",
"status": "error"
}
GET /api/events/explore/<event_type>
URL Params
Attribute | Type | Required | Description |
---|---|---|---|
event_type | string | yes | type of event. Valid event types : [honeypot, network, credential, file, data, pcap] |
date | string | no | used for filtering events by date |
module_name | string | no | one of the module names supported by the framework. eg: ssh/weak_password |
filter | string (url-encoded) | no | filter on serverside by query (regex) e.g. ip_dest=192.16.1.1&ip_src=192.168.0.*
|
Success Response:
- Code: 200 Content:
{
"data": [
{
"country_ip_dest": "-",
"country_ip_src": "US",
"date": "2020-09-08 20:22:19",
"ip_dest": "192.168.0.100",
"ip_src": "54.183.140.32",
"machine_name": "stockholm_server_1",
"port_dest": 52107,
"port_src": 443,
"protocol": "TCP"
},
{
"country_ip_dest": "-",
"country_ip_src": "US",
"date": "2020-09-08 20:22:19",
"ip_dest": "192.168.0.100",
"ip_src": "54.183.140.32",
"machine_name": "stockholm_server_1",
"port_dest": 52107,
"port_src": 443,
"protocol": "TCP"
}
],
"total": 519720
}
Error Response:
- Code: 404 Not found Content:
{
"msg": "file/path not found!",
"status": "error"
}
GET /api/pcap/download
URL Params
Attribute | Type | Required | Description |
---|---|---|---|
md5 | string | yes | md5 value of the PCAP file to download |
Success Response:
- Code: 200 Content:
curl http://localhost:5000/api/pcap/download?md5=282e14c5b89ff2af63f4146fbd0a6c68 > f.pcap
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 280k 0 280k 0 0 8484k 0 --:--:-- --:--:-- --:--:-- 8484k
Error Response:
- Code: 404 Not found Content:
{
"msg": "file/path not found!",
"status": "error"
}
GET /api/core/list/modules
Success Response:
- Code: 200 Content:
[
"ftp/weak_password",
"ftp/strong_password",
"ics/veeder_root_guardian_ast",
"ssh/weak_password",
"ssh/strong_password",
"http/basic_auth_strong_password",
"http/basic_auth_weak_password",
"smtps/strong_password",
"smtp/strong_password"
]
http://127.0.0.1:5000/api/events/count/all
{
"count": 95191, "date": null
}
http://127.0.0.1:5000/api/events/count/all?date=2021-06-07
{
"count": 10279, "date": "2021-06-07"
}
http://127.0.0.1:5000/api/events/count/honeypot
{
"count": 55, "date": null
}
http://127.0.0.1:5000/api/events/count/honeypot?date=2021-06-07
{
"count": 55, "date": "2021-06-07"
}
http://127.0.0.1:5000/api/events/count/network
{
" count": 95134, "date": null
}
http://127.0.0.1:5000/api/events/count/network?date=2021-06-07
{
"count": 10224, "date": "2021-06-07"
}
http://127.0.0.1:5000/api/events/count/network?date=2021-06-07
{
"count": 10224, "date": "2021-06-07"
}
http://127.0.0.1:5000/api/events/count/network?date=2019-04-07|2022-05-07
{
"count": 95134, "date": "2019-04-07|2022-05-07"
}
http://127.0.0.1:5000/api/events/count/network?date=2021-06-05%2010:00:00
{
"count": 3963, "date": "2021-06-05 10:00:00"
}
http://127.0.0.1:5000/api/events/count/network?date=2021-06-01%2010:00:00|2021-06-10%2012:00:00
{
"count": 14187, "date": "2021-06-01 10:00:00|2021-06-10 12:00:00"
}
http://127.0.0.1:5000/api/events/count/groupby/honeypot/ip_dest
{
"17.253.85.207": 5, "34.107.221.82": 50
}
http: //127.0.0.1:5000/api/events/count/groupby/honeypot/ip_dest?date=2019-05-07
{
"17.253.85.207": 5, "34.107.221.82": 50
}
http: //127.0.0.1:5000/api/events/count/groupby/honeypot/ip_dest?date=2019-05-07&country=DE
{
"17.253.85.207": 5, "34.107.221.82": 50
}
http: //127.0.0.1:5000/api/events/count/groupby/honeypot/ip_dest?country=DE
{
"17.253.85.207": 5, "34.107.221.82":50
}
Or you can change the limit (default: 10) and/or skip (default: 0) in ALL Array-Based Results actions.
http://127.0.0.1:5000/api/events/explore/network?limit=1
{
"data":[{"country_ip_dest": "CZ", "country_ip_src": "-", "date": "2021-06-05 20:23:26", "ip_dest": "13.107.42.14", "ip_src": "192.168.0.104", "machine_name": "stockholm_server_1", "port_dest": 443, "port_src": 53751, "protocol": "TCP"}], "total": 95134
}
http: //127.0.0.1:5000/api/events/explore/network?limit=1&skip=1
{
"data":[{"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-05 20:23:26", "ip_dest": "172.217.167.163", "ip_src": "192.168.0.104", "machine_name": "stockholm_server_1", "port_dest": 443, "port_src": 55376, "protocol": "UDP"}], "total": 95134
}
http://127.0.0.1:5000/api/events/explore/honeypot
{
"data":[{"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:13", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60212, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:23", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60213, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:23", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60212, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:33", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60213, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:33", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60212, "protocol": "TCP"},{"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:42", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60213, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:42", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60213, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:42", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60212, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:42", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60212, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:52", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60213, "protocol": "TCP"}], "total": 55
}
http: //127.0.0.1:5000/api/events/explore/honeypot?date=2021-06-07
{
"data":[{"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:13", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60212, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:23", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60213, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:23", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60212, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:33", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60213, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:33", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60212, "protocol": "TCP"},{"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:42", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60213, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:42", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60213, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:42", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60212, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:42", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60212, "protocol": "TCP"}, {"country_ip_dest": "US", "country_ip_src": "-", "date": "2021-06-07 12:37:52", "ip_dest": "34.107.221.82", "ip_src": "192.168.0.107", "machine_name": "stockholm_server_1", "module_name": "http/basic_auth_weak_password", "port_dest": 80, "port_src": 60213, "protocol": "TCP"}], "total": 55
}
http://localhost:5000/api/events/explore/pcap
{
"data":[
{
"content":"Cg0Nx98dNX6Aa1ag8bSEp6/zlBARJ8Nbx98dNX6Aa1ag8bSEp6/zlBARJ8NbXeAXeA ",
"date":"2021-06-23 01:10:26",
"filename":"captured-traffic-1624390826.pcap",
"machine_name":"stockholm_server_1",
"md5":"97d7228b35e217505a3cd358cefc2d63",
"splitTimeout":3600
}
],
"total":1
}
curl http://localhost:5000/api/pcap/download?md5=282e14c5b89ff2af63f4146fbd0a6c68 > f.pcap % Total % Received % Xferd
Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 280k 0 280k 0 0 8484k 0 --:--:-- --:--:--
--:--:-- 8484k
http://127.0.0.1:5000/api/core/running/modules
[
{
"Command": "\"/bin/sh -c 'service…\"",
"CreatedAt": "2022-07-27 21:49:43 +0530 IST",
"ID": "b5760a5cc113",
"Image": "ohp_ftpserver_weak_password",
"Labels": "desktop.docker.io/binds/0/SourceKind=hostFile,desktop.docker.io/binds/0/Target=/root,desktop.docker.io/binds/0/Source=/Users/mrigankanand/PycharmProjects/Python-Honeypot/tmp/ohp_ftp_weak_container/",
"LocalVolumes": "0",
"Mounts": "/host_mnt/User…",
"Names": "ohp_ftpserver_weak_password",
"Networks": "ohp_internet",
"Ports": "0.0.0.0:21->21/tcp",
"RunningFor": "2 hours ago",
"Size": "3B (virtual 293MB)",
"State": "running",
"Status": "Up 2 hours"
}
]