-
Notifications
You must be signed in to change notification settings - Fork 15
API
ShellSweepX provides several API routes for various functionalities. Here's an overview of the main routes and how to use them:
Retrieves the current agent configuration.
Route: GET /api/agent_config
Curl Command:
curl -X GET http://localhost:8080/api/agent_config
Allows an agent to check in with the server.
Route: POST /api/agent_checkin
Curl Command:
curl -X POST -H "Content-Type: application/json" -d '{"agent_id": "unique_agent_id_123", "computer_name": "TestAgent"}' http://localhost:8080/api/agent_checkin
Allows agents to submit scan results to the server.
Route: POST /api/agent_results
Curl Command:
curl -X POST -H "Content-Type: application/json" -d '{
"agent_id": "unique_agent_id_123",
"computer_name": "TestAgent",
"results": [
{
"FilePath": "/path/to/file.php",
"Hash": "b641b64320b35ffc9fb3f5df30af63d8",
"LastModified": "2023-04-15T14:30:00Z",
"FileSize": 1234,
"Content": "base64_encoded_content_here"
}
]
}' http://localhost:8080/api/agent_results
Retrieves a list of all registered agents.
Route: GET /api/agents
Curl Command:
curl -X GET http://localhost:8080/api/agents
Updates the agent configuration.
Route: POST /api/agent_config
Curl Command:
curl -X POST -H "Content-Type: application/json" -d '{
"directory_paths": ["/var/www", "/opt/webapps"],
"exclude_paths": ["/var/www/uploads", "/opt/webapps/logs"],
"file_extensions": [".php", ".aspx", ".jsp"],
"ignore_hashes": ["hash1", "hash2"]
}' http://localhost:8080/api/agent_config
Adds a new YARA rule to the system.
Route: POST /add_yara_rule
Curl Command:
curl -X POST -H "Content-Type: application/json" -d '{
"filename": "new_rule.yar",
"content": "rule NewRule { condition: true }"
}' http://localhost:8080/add_yara_rule
Updates an existing YARA rule.
Route: POST /update_yara_rule
Curl Command:
curl -X POST -H "Content-Type: application/json" -d '{
"filename": "existing_rule.yar",
"content": "rule UpdatedRule { strings: $a = \"malicious\" condition: $a }"
}' http://localhost:8080/update_yara_rule
Deletes an existing YARA rule.
Route: POST /delete_yara_rule
Curl Command:
curl -X POST -H "Content-Type: application/json" -d '{
"filename": "rule_to_delete.yar"
}' http://localhost:8080/delete_yara_rule
Initiates a scan of the database using the current YARA rules.
Route: POST /scan_database_with_yara
Curl Command:
curl -X POST http://localhost:8080/scan_database_with_yara
Performs AI-based triage on a specific file.
Route: POST /triage_with_ai
Curl Command:
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'sha256=file_hash_here' http://localhost:8080/triage_with_ai
Retrieves the count of active agents.
Route: GET /api/active_agent_count
Curl Command:
curl -X GET http://localhost:8080/api/active_agent_count
Retrieves recent webshell detections.
Route: GET /api/recent_detections
Curl Command:
curl -X GET http://localhost:8080/api/recent_detections
Retrieves detection trends data for charting.
Route: GET /api/chart_data
Curl Command:
curl -X GET http://localhost:8080/api/chart_data
These API routes provide a comprehensive set of functionalities for managing agents, configuring scans, handling YARA rules, and retrieving various types of data from the ShellSweepX system. The curl commands demonstrate how to interact with these routes using a command-line interface.