Skip to content

API

Jump to bottom
Dhiren Serai edited this page Aug 18, 2020 · 48 revisions

API Actions

By using this switch, you will start the API server without any authentication required! to enable the authentication, set api_access_without_key as True in config.py. the authentication key must send as parameter key in every request (could be set as Cookie, GET, POST). after you run the API server, a simple WebUI is also available to use (index.html). It shows a few graphs using the API with JQuery and etc...

  • All parameters could be sent in GET call as mentioned in the documentation below.
  • limit parameter default value is 10, if you want to set it as unlimited, set it as 0
  • skip parameter default value is 0

API Endpoints

Method: Get events count.

  GET /api/events/count/<event_type>

URL Params

Attribute Type Required Description
event_type string yes type of event. Valid event types : [honeypot, all, network,credential,file,data ]
date string no used for filtering events by date

Success Response:

  • Code: 200 Content: 
{"count":16161952,"date":null}

Error Response:

  • Code: 404 Not found Content: 
{"msg":"file/path not found!","status":"error"}

Method: Get top ten repeated elements in honeypot events

  GET /api/events/count/groupby/<event_type>/<element>

URL Params

Attribute Type Required Description
event_type string yes type of event. Valid event types : [honeypot, all, network,credential,file,data ]
element string yes Used for filtering the events based on the type. Valid element : [ip, country,port,module_name, username, password,machine_name]
date string no used for filtering events by date
country string no used for filtering events by country

Success Response:

  • Code: 200 Content: 
[{"count":1703,"country":"DE"}]

Error Response:

  • Code: 404 Not found Content: 
{"msg":"file/path not found!","status":"error"}

Method: Get events data

  GET /api/events/explore/<event_type>

URL Params

Attribute Type Required Description
event_type string yes type of event. Valid event types : [honeypot, all, network,credential,file,data ]
date string no used for filtering events by date
module_name string no one of the module names supported by the framework. eg: ssh/weak_password

Success Response:

  • Code: 200 Content: 
[{"count":1703,"country":"DE"}]

Error Response:

  • Code: 404 Not found Content: 
{"msg":"file/path not found!","status":"error"}

Method: Get the list of pcap files stored in the file archive

  GET /api/pcap/explore

URL Params

Attribute Type Required Description
date string no used for filtering events by date

Success Response:

  • Code: 200 Content: 
[]

Method: Download PCAP files

  GET /api/pcap/download

URL Params

Attribute Type Required Description
_id string yes id of the PCAP file to download

Success Response:

  • Code: 200 Content: 
[]

Error Response:

  • Code: 404 Not found Content: 
{"msg":"file/path not found!","status":"error"}

Method: Get modules list

  GET /api/core/list/modules

Success Response:

  • Code: 200 Content: 
["ftp/weak_password","ftp/strong_password","ics/veeder_root_guardian_ast","ssh/weak_password","ssh/strong_password","http/basic_auth_strong_password","http/basic_auth_weak_password","smtps/strong_password","smtp/strong_password"]

Actions

GET Count All Events

http://127.0.0.1:5000/api/events/count/all
{"count":16161952,"date":null}

GET Count All Events By Date

http://127.0.0.1:5000/api/events/count/all?date=2019-05-07
{"count":65925,"date":"2019-05-07"}

GET Count All Honeypot Events

http://127.0.0.1:5000/api/events/count/honeypot
{"count":53505,"date":null}

GET Count All Honeypot Events by Date

http://127.0.0.1:5000/api/events/count/honeypot?date=2019-05-07
{"count":190,"date":"2019-05-07"}

GET Count All Network Events

http://127.0.0.1:5000/api/events/count/network
{"count":16108401,"date":null}

GET Count All Network Events by Date

http://127.0.0.1:5000/api/events/count/network?date=2019-05-07
{"count":65735,"date":"2019-05-07"}

Date Types

Type 1

http://127.0.0.1:5000/api/events/count/network?date=2019-05-07
{"count":65735,"date":"2019-05-07"}

Type 2

http://127.0.0.1:5000/api/events/count/network?date=2019-04-07|2019-05-07
{"count":65735,"date":"2019-04-07|2019-05-07"}

Type 3

http://127.0.0.1:5000/api/events/count/network?date=2019-04-07 10:00:00
{"count":0,"date":"2019-04-07 10:00:00"}

Type 4

http://127.0.0.1:5000/api/events/count/network?date=2019-04-07 10:00:00|2019-05-07 12:00:00
{"count":65735,"date":"2019-04-07 10:00:00|2019-05-07 12:00:00"}

GET Top IPs Repeated in Honeypot Events

http://127.0.0.1:5000/api/events/count/groupby/honeypot/ip
[{"count":1691,"ip":"141.58.127.50"},{"count":12,"ip":"129.143.66.147"}]

http://127.0.0.1:5000/api/events/count/groupby/honeypot/ip?date=2019-05-07
[{"count":12,"ip":"129.143.66.147"}]

http://127.0.0.1:5000/api/events/count/groupby/honeypot/ip?date=2019-05-07&country=DE
[{"count":190,"ip":"129.143.66.147"}]

http://127.0.0.1:5000/api/events/count/groupby/honeypot/ip?country=DE
[{"count":1691,"ip":"141.58.127.50"},{"count":12,"ip":"129.143.66.147"}]

Or you can change the limit (default: 10) and/or skip (default: 0) in ALL Array-Based Results actions.

http://127.0.0.1:5000/api/events/network-events-ips?limit=1
[{"_id":{"country_ip_dest":"DE","ip_dest":"192.168.0.102"},"count":251050}]


http://127.0.0.1:5000/api/events/network-events-ips?limit=1&skip=1
[{"_id":{"country_ip_dest":"DE","ip_dest":"129.143.66.13"},"count":27175}]

http://127.0.0.1:5000/api/events/network-events-ips?limit=2&skip=5
[{"_id":{"country_ip_dest":"DE","ip_dest":"31.13.92.52"},"count":6121},{"_id":{"country_ip_dest":"DE","ip_dest":"185.60.216.53"},"count":4123}]

GET Honeypot Events

http://127.0.0.1:5000/api/events/explore/honeypot
[{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:13","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80}]

http://127.0.0.1:5000/api/events/explore/honeypot?date=2019-05-07
[{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:13","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80}]

OWASP Honeypot's Wiki

Manuals

Miscellaneous

Clone this wiki locally