Tanner API¶
Tanner api provides various stats related to traffic captured by snare. It can be accessed at locahost:8092/?key=API_KEY
.
where, API_KEY
is a JWT-token created by a particular tanner-api, which can be found during tanner-api startup:
API_KEY for full access: 'API_KEY'
How to create an API_KEY with desired signature?¶
- By default tanner’s API_KEYs use the signature: ‘tanner_api_auth’
- This signature is veryfied on all the API requests.
- It is highly recommended that every tanner-owner set their own signature.
- This can be done by modifying tanner.config[‘API’][‘auth_signature’] to the desired one.
/?key=API_KEY¶
This is the index page which shows tanner api
.
/snares¶
This shows all the snares’ uuid.
/snare/<snare-uuid>?key=API_KEY¶
Replace <snare-uuid>
with a valid snare-uuid and it will show all the sessions related to that snare-uuid
and their details.
/snare-stats/<snare-uuid>?key=API_KEY¶
Replace <snare-uuid>
with a valid snare-uuid and it will show some stats.
- No of sessions in the sanre
- Total duration for which snare remains active
- Attack frequency, which shows no of sessions which face different attacks.
/<snare-uuid>/sessions?filters=<filters>&key=API_KEY¶
This shows all the sessions’ uuid which follow the filters.
Filters are sepatated by white-space
and name-value pair are separated by :
. E.g ?filters=filter1:value1 filter2:value2
.
It supports 5 filters:
- peer_ip – Sessions with given ip. E.g ``peer_ip:127.0.0.1 ``
- user-agent – Sessions with given user-agent. E.g
user-agent:Chrome
- attack_types – Sessions with given attack type such as lfi, rfi, xss, cmd_exec, sqli. E.g
attack_types:lfi
- possible_owners – Sessions with given owner type such as user, tool, crawler, attacker. E.g
possible_owners:attacker
- start_time – Sessions which started after start_time. E.g
start_time:1480560
- end_time – Sessions which ended before end_time. E.g
end_time:1480560
Multiple filters can be applied as peer_ip:127.0.0.1 start_time:1480560 possible_owners:attacker
/api/session/<sess-uuid>?key=API_KEY¶
It gives all information about the session with given uuid.
External hyperlinks, like Python_. .. _Python: http://www.python.org/