Skip to content

API

Jump to bottom
Dhiren Serai edited this page Aug 18, 2020 · 48 revisions

API Actions

By using this switch, you will start the API server without any authentication required! to enable the authentication, set api_access_without_key as True in config.py. the authentication key must send as parameter key in every request (could be set as Cookie, GET, POST). after you run the API server, a simple WebUI is also available to use (index.html). It shows a few graphs using the API with JQuery and etc...

  • All parameters could be sent in GET call as mentioned in the documentation below.
  • limit parameter default value is 10, if you want to set it as unlimited, set it as 0
  • skip parameter default value is 0

API Endpoints

Method: Get events count.

  GET /api/events/count/<event_type>

URL Params

Attribute Type Required Description
event_type string yes type of event. Valid event types : [honeypot, all, network,credential,file,data ]
date string no used for filtering events by date

Success Response:

  • Code: 200 Content: 
{"count":16161952,"date":null}

Error Response:

  • Code: 404 Not found Content: 
{"msg":"file/path not found!","status":"error"}

Method: Get top ten repeated elements in honeypot events

  GET /api/events/count/groupby/<event_type>/<element>

URL Params

Attribute Type Required Description
event_type string yes type of event. Valid event types : [honeypot, all, network,credential,file,data ]
element string yes Used for filtering the events based on the type. Valid element : [ip, country,port,module_name, username, password,machine_name]
date string no used for filtering events by date
country string no used for filtering events by country

Success Response:

  • Code: 200 Content: 
[{"count":1703,"country":"DE"}]

Error Response:

  • Code: 404 Not found Content: 
{"msg":"file/path not found!","status":"error"}

Method: Get events data

  GET /api/events/explore/<event_type>

URL Params

Attribute Type Required Description
event_type string yes type of event. Valid event types : [honeypot, all, network,credential,file,data ]
date string no used for filtering events by date
module_name string no one of the module names supported by the framework. eg: ssh/weak_password

Success Response:

  • Code: 200 Content: 
[{"count":1703,"country":"DE"}]

Error Response:

  • Code: 404 Not found Content: 
{"msg":"file/path not found!","status":"error"}

Method: Get the list of pcap files stored in the file archive

  GET /api/pcap/explore

URL Params

Attribute Type Required Description
date string no used for filtering events by date

Success Response:

  • Code: 200 Content: 
[{"chunkSize":261120,"date":"2020-08-16 23:52:58","filename":"captured-traffic-1597614778.pcap","length":286720,"machine_name":"stockholm_server_1","md5":"282e14c5b89ff2af63f4146fbd0a6c68","splitTimeout":3600,"uploadDate":"Sun, 16 Aug 2020 21:53:15 GMT"}]

Method: Download PCAP files

  GET /api/pcap/download

URL Params

Attribute Type Required Description
md5 string yes md5 value of the PCAP file to download

Success Response:

  • Code: 200 Content: 
curl http://localhost:5000/api/pcap/download?md5=282e14c5b89ff2af63f4146fbd0a6c68 > f.pcap
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  280k    0  280k    0     0  8484k      0 --:--:-- --:--:-- --:--:-- 8484k

Error Response:

  • Code: 404 Not found Content: 
{"msg":"file/path not found!","status":"error"}

Method: Get modules list

  GET /api/core/list/modules

Success Response:

  • Code: 200 Content: 
["ftp/weak_password","ftp/strong_password","ics/veeder_root_guardian_ast","ssh/weak_password","ssh/strong_password","http/basic_auth_strong_password","http/basic_auth_weak_password","smtps/strong_password","smtp/strong_password"]

Few examples of the API

GET Count All Events

http://127.0.0.1:5000/api/events/count/all
{"count":16161952,"date":null}

GET Count All Events By Date

http://127.0.0.1:5000/api/events/count/all?date=2019-05-07
{"count":65925,"date":"2019-05-07"}

GET Count All Honeypot Events

http://127.0.0.1:5000/api/events/count/honeypot
{"count":53505,"date":null}

GET Count All Honeypot Events by Date

http://127.0.0.1:5000/api/events/count/honeypot?date=2019-05-07
{"count":190,"date":"2019-05-07"}

GET Count All Network Events

http://127.0.0.1:5000/api/events/count/network
{"count":16108401,"date":null}

GET Count All Network Events by Date

http://127.0.0.1:5000/api/events/count/network?date=2019-05-07
{"count":65735,"date":"2019-05-07"}

Date Types

Type 1

http://127.0.0.1:5000/api/events/count/network?date=2019-05-07
{"count":65735,"date":"2019-05-07"}

Type 2

http://127.0.0.1:5000/api/events/count/network?date=2019-04-07|2019-05-07
{"count":65735,"date":"2019-04-07|2019-05-07"}

Type 3

http://127.0.0.1:5000/api/events/count/network?date=2019-04-07 10:00:00
{"count":0,"date":"2019-04-07 10:00:00"}

Type 4

http://127.0.0.1:5000/api/events/count/network?date=2019-04-07 10:00:00|2019-05-07 12:00:00
{"count":65735,"date":"2019-04-07 10:00:00|2019-05-07 12:00:00"}

GET Top IPs Repeated in Honeypot Events

http://127.0.0.1:5000/api/events/count/groupby/honeypot/ip
[{"count":1691,"ip":"141.58.127.50"},{"count":12,"ip":"129.143.66.147"}]

http://127.0.0.1:5000/api/events/count/groupby/honeypot/ip?date=2019-05-07
[{"count":12,"ip":"129.143.66.147"}]

http://127.0.0.1:5000/api/events/count/groupby/honeypot/ip?date=2019-05-07&country=DE
[{"count":190,"ip":"129.143.66.147"}]

http://127.0.0.1:5000/api/events/count/groupby/honeypot/ip?country=DE
[{"count":1691,"ip":"141.58.127.50"},{"count":12,"ip":"129.143.66.147"}]

Or you can change the limit (default: 10) and/or skip (default: 0) in ALL Array-Based Results actions.

127.0.0.1:5000/api/events/explore/network?limit=1
[{"country":"US","date":"2019-05-07 11:50:36","ip":"35.164.130.113","machine_name":"stockholm_server_1","port":51834}]


http://127.0.0.1:5000/api/events/explore/network?limit=1&skip=1
[{"country":"DE","date":"2019-05-07 11:51:12","ip":"192.168.0.102","machine_name":"stockholm_server_1","port":443}]

GET Honeypot Events

http://127.0.0.1:5000/api/events/explore/honeypot
[{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:13","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80}]

http://127.0.0.1:5000/api/events/explore/honeypot?date=2019-05-07
[{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:12","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80},{"country_ip_dest":"DE","date":"2019-05-07 11:51:13","ip_dest":"192.168.0.102","machine_name":"stockholm_server_1","module_name":"http/basic_auth_weak_password","port":80}]

GET Explore PCAP File

http://localhost:5000/api/events/explore/pcap
[{"chunkSize":261120,"date":"2020-08-16 23:52:58","filename":"captured-traffic-1597614778.pcap","length":286720,"machine_name":"stockholm_server_1","md5":"282e14c5b89ff2af63f4146fbd0a6c68","splitTimeout":3600,"uploadDate":"Sun, 16 Aug 2020 21:53:15 GMT"}]

GET Download PCAP File

curl http://localhost:5000/api/pcap/download?md5=282e14c5b89ff2af63f4146fbd0a6c68 > f.pcap
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  280k    0  280k    0     0  8484k      0 --:--:-- --:--:-- --:--:-- 8484k

OWASP Honeypot's Wiki

Manuals

Miscellaneous

Clone this wiki locally