Get Opendir Listing Stats
Get Opendir Listing Stats allows users to query and gather statistics within the hunt database of tracked open directories.
These statistics can be useful for analyzing the current state of exposed open directories, or can be used to craft additional queries to query specific types of open directories within Hunt.
How To Make a Request
Opendir listing stats can be obtained by performing a GET request to the following API.
https://api.hunt.io/v1/attackcapture/listing/stats
Requests can be made using any tool capable of performing GET requests and specifying an authorization token.
Examples are provided below for both curl
and python
.
Curl
curl --request GET \
--url https://api.hunt.io/v1/attackcapture/listing/stats \
--header 'accept: application/json' \
--header 'token: <your-token>'
Python
import requests
url = "https://api.hunt.io/v1/attackcapture/listing/stats"
headers = {
"accept": "application/json",
"token": "<your-token>"
}
response = requests.get(url, headers=headers)
print(response.text)
Default Lookback and Timeframes
Requests will default to 90
days of lookback time when no days
parameter is specified.
Users can include the days
parameter to expand or reduce the lookback period.
For example, the below requests sets the days
parameter to 180, which provides 6 months of lookback time.
curl --request GET \
--url https://api.hunt.io/v1/attackcapture/listing/stats?days=180 \
--header 'accept: application/json' \
--header 'token: <your-token>'
Specific Lookback Periods and Exact Timeframes
The start_date
and end_date
parameters can be used to obtain open directory stats on a specific timeframe.
Dates are specified using a YYYY-MM-DD
format.
For example, we can obtain open directory stats for the date range of 2024-11-01
TO 2024-11-22
using a curl request.
curl --request GET \
--url https://api.hunt.io/v1/attackcapture/listing/stats?start_date=2024-11-01&end_date=2024-11-22 \
--header 'accept: application/json' \
--header 'token: <your-token>'
Returned Data
Returned data will contain the following fields as a json
object.
Field | Desc |
---|---|
hostnames | Array of hostnames where open directories were seen |
ports | Array of Ports and Number of Times that port has been observed |
tags | Tags used to classify files observed in open directories |
mitre_tags | Mitre Tactics of files observed in open directories |
github_tags | Github tags - where an directory file has been taken from github. |
Returned Data Example
A subset of a successful request is provided below for reference. Note that this example has been snipped and typical responses will contain significantly more data.
{
"hostnames": [
"http://1.12.233.124:11111",
"http://1.14.7.84:88",
"http://1.83.169.103:9999",
"http://154.44.26.68:8868",
"http://154.64.60.137:80",
],
"ports": [
{
"port": 80,
"count": 582
},
{
"port": 443,
"count": 203
},
{
"port": 8000,
"count": 127
},
{
"port": 8080,
"count": 85
},
],
"tags": [
{
"name": "pentesting",
"count": 124
},
{
"name": "red-team",
"count": 113
},
{
"name": "adversarial-attacks",
"count": 86
},
{
"name": "C2",
"count": 86
},
],
"mitre_tags": [
{
"name": "t1614.001",
"description": "System Language Discovery",
"count": 590
},
{
"name": "t1082",
"description": "System Information Discovery",
"count": 551
},
{
"name": "t1012",
"description": "Query Registry",
"count": 419
},
],
"github_tags": [
{
"name": "SharpCollection",
"count": 35
},
{
"name": "VNCDLL",
"count": 20
},
{
"name": "sqlmap",
"count": 7
},
]
}
Updated 11 days ago