Contents

HoneypotDB's new API

HoneypotDB now has an API 😀🎉🎉

I’ve been working on it all this week and I’m proud to present that HoneypotDB API v0.2.1 is live at https://honeypotdb.com/api along will full usage documentation, so please do give it a go.

HoneypotDB also has a fancy new landing page, https://honeypotdb.com/ !

API features

Right now, HoneypotDB API has as 2 main functionalities.

Lists API

The main goal for HoneypotDB is to provide a way for people to use the data collected to strengthen their cyber defence, the lists API is perfect for that!

The lists API allows you to get a list of all unique, IP addresses, usernames and passwords seen by the platform in the last 7 days, generated every day!

For example the IPs list at https://honeypotdb.com/api/lists/ips is a perfect addition to any IP blacklist, blocking many know attacking servers and reconnaissance bots.

The usernames and passwords lists at https://honeypotdb.com/api/lists/usernames and https://honeypotdb.com/api/lists/passwords are perfect for compiling a password dictionary for penetration testing or preventing your users from using actively attacked credentials. 👍

Search API

I’m especially proud of the search API, it allows you to query HoneypotDB directly for data. For example, if you wanted to find out exactly what an IP on the IPs list has been doing simply submit a query, https://honeypotdb.com/api/search?ip=190.223.26.38&days=6&size=3

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
{
    "data": {
        "hits": [
            {
                "GeoLocation": {
                    "country_iso_code": "PE"
                },
                "ip": "190.223.26.38",
                "message": "Connection lost after 2 seconds",
                "session": "ed21d26b0f3b",
                "timestamp": "2020-09-14T23:40:42.551Z",
                "type": "cowrie.session.closed"
            },
            {
                "GeoLocation": {
                    "country_iso_code": "PE"
                },
                "ip": "190.223.26.38",
                "message": "login attempt [root/cowboy] failed",
                "password": "cowboy",
                "session": "ed21d26b0f3b",
                "timestamp": "2020-09-14T23:40:41.550Z",
                "type": "cowrie.login.failed",
                "username": "root"
            },
            {
                "GeoLocation": {
                    "country_iso_code": "PE"
                },
                "ip": "190.223.26.38",
                "message": "SSH client hassh fingerprint: 51cba57125523ce4b9db67714a90bf6e",
                "session": "d2d2376c5250",
                "timestamp": "2020-09-14T23:38:20.447Z",
                "type": "cowrie.client.kex"
            }
        ],
        "meta": {
            "from_datetime": "2020-09-14T21:21:41.000Z",
            "generation_time": "2020-09-20T21:21:41.000Z",
            "items": 3,
            "query": "ip=190.223.26.38&days=6&size=3",
            "size": 3,
            "to_datetime": "2020-09-20T21:21:41.000Z"
        }
    },
    "error": 0,
    "message": "Search completed successfully.",
    "meta": {
        "items": 2
    },
    "success": true
}

Awesome! 😀

You can search up to the last 7 days for any combination of:

  • IP Address
  • Username
  • Password
  • Session ID
  • Event UUID

More details on how to use the search API can be found at https://honeypotdb.com/api#search .

How to use the API

I’d really like you to try out the API, and consider integrating it into your own cyber defence strategy.

The API is currently in beta, so things will be subject to change and improve 😀 However, as it is in beta, it doesn’t require any special API keys or authentication, and you can submit up to 30 requests per minuet!

Once the API reaches v1.0, I may implement an API key system to unlock more frequent and larger API requests and member only endpoints with advanced queries!

Future plans

I’m currently working on adding pagination to the search API, which will allow me to create a HoneypotDB Search Console GUI 😀! This Search Console will be available to anyone to query, analyse and visualise the HoneypotDB’s data! More to come!