-
Notifications
You must be signed in to change notification settings - Fork 7
API: Honeypot
elsif2 edited this page Nov 5, 2023
·
2 revisions
Access to methods in this module are limited to members of the honeypot group.
Honeypot CVE statistics.
Fields:
apikey : string : your api key
date : string : date (YYYY-MM-DD) or range (YYYY-MM-DD:YYYY-MM-DD)
limit : number : limit number of results (optional)
Response:
JSON Lines output
python3 call-api.py honeypot/common-vulnerabilities '{"date":"2022-07-05","limit":10}' binary
{"class":"web-app-framework","type":"http-scan","product":"Lucee Server","vulnerability":"CVE-2021-21307","vendor":"Lucee","unique_ips":1,"date":"2022-07-05"}
{"type":"http-scan","class":"database","vulnerability":"CVE-2019-0193","vendor":"Apache","product":"Solr","unique_ips":3,"date":"2022-07-05"}
{"date":"2022-07-05","unique_ips":3,"vendor":"WSO2","product":"WSO2 multiple products","vulnerability":"CVE-2022-29464","class":"security-management-platform","type":"http-scan"}
{"type":"http-scan","class":"router","unique_ips":2,"date":"2022-07-05","vulnerability":"EDB-49955","product":"ONT1GEW","vendor":"OptiLink"}
{"vulnerability":"CVE-2015-2051","vendor":"D-Link","product":"D-Link DIR-645, DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-6","unique_ips":141,"date":"2022-07-05","type":"http-scan","class":"router"}
{"unique_ips":1,"date":"2022-07-05","vendor":"LG","product":"SuperSign CMS","vulnerability":"CVE-2018-17173","type":"http-scan","class":"cms"}
{"type":"http-scan","class":"other-software","product":"Unomi","vendor":"Apache","vulnerability":"CVE-2020-13942","unique_ips":1,"date":"2022-07-05"}
{"vendor":"Zyxel/Billion","vulnerability":"CVE-2017-18368","product":"ZyXEL P660HN-T1A v1, ZyXEL P660HN-T1A v2, Billion 5200W-T","unique_ips":380,"date":"2022-07-05","type":"http-scan","class":"router"}
{"date":"2022-07-05","unique_ips":1,"vendor":"D-Link","vulnerability":"CVE-2020-25506","product":"DNS-320","type":"http-scan","class":"nas"}
{"product":"RE6500 Series","vulnerability":"CVE-2020-35713","vendor":"Linksys","unique_ips":2,"date":"2022-07-05","class":"wireless-extender","type":"http-scan"}
Lists the honeypot exploited vulnerabilities in descending order of number of IPs for a given day.
The output is similar to the exploited vulnerabilities page on the dashboard including the additional details pop-up.
Required Field:
apikey : string : your api key
Optional Fields:
date : string : date (YYYY-MM-DD)
iot : string : "yes" or "no"
kev : string : "yes" or "no"
geo : list : two letter country code
limit : integer : maximum number of records to return
Response:
JSON Lines output
python3 call-api.py honeypot/exploited-vulnerabilities '{"limit":10}' binary
{"vulnerability_severity":"High","product":"Huawei Home Gateway HG532","connections":3542,"cisa_kev":"no","iot":"yes","type":"http-scan","30d_avg":2285,"vulnerability":"CVE-2017-17215","vulnerability_score":8.8,"90d_avg":2980,"1d":"1029","vulnerability_class":"CVSS","vendor":"Huawei","class":"router","7d_avg":2206}
{"30d_avg":2006,"vulnerability_score":null,"vulnerability":"CVE-2014-8361","cisa_kev":"no","iot":"yes","type":"http-scan","connections":1477,"vulnerability_severity":null,"product":"Realtek SDK","vendor":"Realtek","vulnerability_class":null,"class":"embedded-system","7d_avg":3046,"1d":"236","90d_avg":2335}
{"1d":"92","vendor":"Microsoft","vulnerability_class":"CVSS","class":"email","7d_avg":143,"90d_avg":110,"cisa_kev":"yes","iot":"no","type":"http-scan","30d_avg":157,"vulnerability_score":8.8,"vulnerability":"CVE-2022-41082","vulnerability_severity":"High","product":"Exchange","connections":165}
{"90d_avg":89,"vulnerability_class":"CVSS","vendor":"Belkin","7d_avg":51,"class":"embedded-system","1d":"79","connections":91,"vulnerability_severity":"Critical","product":"Wemo","30d_avg":82,"vulnerability_score":9.8,"vulnerability":"CVE-2019-12780","iot":"yes","cisa_kev":"no","type":"http-scan"}
{"type":"http-scan","cisa_kev":"yes","iot":"no","vulnerability":"CVE-2023-35081","vulnerability_score":7.2,"30d_avg":21,"product":"Endpoint Manager Mobile (EPMM), formerly MobileIron Core","vulnerability_severity":"High","connections":5570,"1d":"78","7d_avg":28,"class":"mobile-device-management","vendor":"Ivanti","vulnerability_class":"CVSS","90d_avg":7}
{"90d_avg":491,"vulnerability_class":null,"vendor":"MVPower","class":"video-system","7d_avg":122,"1d":"68","connections":391,"vulnerability_severity":null,"product":"MVPower DVR","30d_avg":321,"vulnerability_score":null,"vulnerability":"EDB-41471","cisa_kev":"no","iot":"yes","type":"http-scan"}
{"cisa_kev":"yes","iot":"yes","type":"http-scan","30d_avg":197,"vulnerability_score":9.8,"vulnerability":"CVE-2018-10562","vulnerability_severity":"Critical","product":"Dasan GPON Home Router","connections":65,"1d":"39","vendor":"Dasan","vulnerability_class":"CVSS","7d_avg":79,"class":"router","90d_avg":361}
{"90d_avg":75,"vendor":"Zyxel/Billion","vulnerability_class":"CVSS","class":"router","7d_avg":62,"1d":"37","connections":116,"vulnerability_severity":"Critical","product":"ZyXEL P660HN-T1A v1, ZyXEL P660HN-T1A v2, Billion 5200W-T","30d_avg":69,"vulnerability":"CVE-2017-18368","vulnerability_score":9.8,"cisa_kev":"yes","iot":"yes","type":"http-scan"}
{"type":"http-scan","cisa_kev":"no","iot":"yes","vulnerability":"CVE-2016-10372","vulnerability_score":9.8,"30d_avg":156,"product":"Eir D1000","vulnerability_severity":"Critical","connections":86,"1d":"33","7d_avg":73,"class":"router","vendor":"Zyxel","vulnerability_class":"CVSS","90d_avg":189}
{"30d_avg":50,"vulnerability_score":null,"vulnerability":"CVE-2017-9841","iot":"no","cisa_kev":"yes","type":"http-scan","connections":7274,"vulnerability_severity":null,"product":"PHPUnit","vulnerability_class":null,"vendor":"PHPUnit - Sebastian Bergmann","7d_avg":64,"class":"other-software","1d":"31","90d_avg":43}
python3 call-api.py honeypot/exploited-vulnerabilities '{"geo":["no"],"limit":10}' binary
{"1d":"2","7d_avg":4,"class":"router","vendor":"Huawei","vulnerability_class":"CVSS","90d_avg":6,"type":"http-scan","iot":"yes","cisa_kev":"no","vulnerability":"CVE-2017-17215","vulnerability_score":8.8,"30d_avg":5,"product":"Huawei Home Gateway HG532","vulnerability_severity":"High","connections":2}
{"iot":"yes","cisa_kev":"no","type":"http-scan","30d_avg":1,"vulnerability":"CVE-2023-26801","vulnerability_score":9.8,"vulnerability_severity":"Critical","product":"LB-LINK BL-AC1900_2.0, LB-LINK BL-WR9000, LB-LINK BL-X26, LB-LINK BL-LTE300","connections":1,"1d":"1","vendor":"LB-LINK","vulnerability_class":"CVSS","class":"router","7d_avg":1,"90d_avg":0}
{"vulnerability_score":null,"vulnerability":"CVE-UNASSIGNED-2020-Zyxel-CPE-Command-Injection-RCE-01","30d_avg":1,"type":"http-scan","cisa_kev":"no","iot":"yes","connections":1,"product":"Multiple CPE","vulnerability_severity":null,"class":"router","7d_avg":1,"vendor":"Zyxel","vulnerability_class":null,"1d":"1","90d_avg":0}
Returns the number of unique IPs seen.
Required Field:
apikey : string : your api key
Optional Fields:
date : string : date (YYYY-MM-DD)
host_type : string : "src" or "dst"
vendor : string : vendor name
vulnerability : string : vulnerability name
event_type : string : type of event
geo : list : two letter country code
limit : integer : maximum number of records to return
Response:
JSON Lines output
Example query:
python3 call-api.py honeypot/vulnerability-count '{"host_type":"dst","date":"2023-08-24","vulnerability":"cve-2017-17215","limit":10}' binary
Example response:
{"type":"http-scan","geo":"OM","unique_ips":1,"vulnerability":"CVE-2017-17215","vendor":"Huawei"}
{"vendor":"Huawei","vulnerability":"CVE-2017-17215","unique_ips":1,"geo":"IM","type":"http-scan"}
{"vulnerability":"CVE-2017-17215","unique_ips":4,"geo":"NZ","type":"http-scan","vendor":"Huawei"}
{"type":"http-scan","geo":"PE","unique_ips":1,"vulnerability":"CVE-2017-17215","vendor":"Huawei"}
{"vendor":"Huawei","geo":"NL","type":"http-scan","vulnerability":"CVE-2017-17215","unique_ips":14}
{"unique_ips":23,"vulnerability":"CVE-2017-17215","type":"http-scan","geo":"DE","vendor":"Huawei"}
{"vendor":"Huawei","geo":"MA","type":"http-scan","vulnerability":"CVE-2017-17215","unique_ips":1}
{"geo":"UK","type":"http-scan","vulnerability":"CVE-2017-17215","unique_ips":19,"vendor":"Huawei"}
{"geo":"IE","type":"http-scan","vulnerability":"CVE-2017-17215","unique_ips":6,"vendor":"Huawei"}
{"geo":"NG","type":"http-scan","vulnerability":"CVE-2017-17215","unique_ips":4,"vendor":"Huawei"}