Skip to main content

Base URL

All API endpoints are served from the FastAPI backend running locally: 
http://localhost:8000
Custom ports are supported via ./run.sh --port <PORT>.

Interactive Documentation

FastAPI automatically generates two interactive API explorers:
URLDescription
http://localhost:8000/docsSwagger UI — try requests directly in browser
http://localhost:8000/redocReDoc — clean read-only reference
Both are always available and reflect the live route definitions.

Authentication

There is no API authentication. The server binds to localhost:8000 and relies on network-level isolation. CORS policy is fully open: 
allow_origins=["*"]
allow_methods=["*"]
allow_headers=["*"]
This allows the frontend and any local tooling to call the API freely.

Request / Response Format

  • All endpoints accept and return JSON (Content-Type: application/json).
  • Endpoints that accept file uploads use multipart/form-data.
  • Every response includes a "status" field: "success" or "error".

Error Responses

Errors follow a consistent shape across all endpoints: 
{
  "status": "error",
  "message": "Human-readable description of what went wrong"
}
Standard HTTP status codes are used:
CodeMeaning
200Success
400Bad request — missing or invalid parameters
404Resource not found
500Internal server error

API Categories

Network Info

Store and retrieve the operator’s working environment: local IP, domain, DC host/IP, external IP, and authentication method.

Scans

Launch and manage Nmap and Masscan host/port discovery scans. Track status, kill running scans, bulk-delete history, and import results.

Credentials

Capture, store, and export credentials from every source: Responder, netexec, LSA secrets, Kerberoast/AS-REP hashes, and manual entry.

Hosts

Manage the discovered hosts database. Import from Nmap XML, filter by host type, bulk-delete, and retrieve port/service details.

Scope

Define the target IP/CIDR/range list. Import from file or manual entry, track scan status per target.

Users / Groups

Domain user and group enumeration results from RID brute, LDAP user export, and local groups.

Domain Info

DC host/IP, MAQ, domain SID, password policy, and delegation data collected via netexec LDAP.

Vulnerabilities

Run targeted checks: Zerologon, Coerce authentication, PrintNightmare, EternalBlue, noPAC, SMBGhost, NTLM reflection.

AD Attacks

Authenticated AD attack chains: BloodHound collection, Kerberoasting, AS-REP roasting, ADCS enumeration and ESC1 exploitation.

Layer 2 Tools

Long-running background processes with live output streaming: Responder, mitm6, and ASRepCatcher.

Endpoint Quick Reference

Network Info

MethodPathDescription
GET/api/network-infoGet stored network info
GET/api/network-interfacesList network interfaces
POST/api/network-info/updateUpdate network info
POST/api/network-info/detect-authDetect DC auth method
POST/api/kerberos/acquire-tgtAcquire Kerberos TGT
GET/api/ccache/listList ccache files

Scans

MethodPathDescription
POST/api/scans/nmapLaunch Nmap scan
POST/api/scans/masscanLaunch Masscan scan
GET/api/scansList all scan records
GET/api/scan-status/{scan_id}Poll scan status
POST/api/scans/killKill a running scan
POST/api/scans/bulk-deleteDelete scan records
POST/api/hosts/import-xmlImport Nmap XML

Nuclei / SMB Signing

MethodPathDescription
POST/api/network/nuclei/scanNuclei scan from DB XML
POST/api/network/nuclei/scan-directNuclei scan on explicit targets
POST/api/network/nuclei/stop/{scan_id}Stop Nuclei scan
GET/api/network/nuclei/xml-filesList available Nmap XML files
POST/api/smb-signing/scanSMB signing check
POST/api/smbsigning/runSMB signing with target array

Credentials

MethodPathDescription
GET/api/credentialsList all credentials
POST/api/credentials/addAdd credential manually
DELETE/api/credentials/{cred_id}Delete credential by ID
POST/api/credentials/bulk-deleteBulk delete credentials
POST/api/credentials/import/netexecImport from netexec workspaces
POST/api/credentials/import-lsa-secretsImport LSA secrets dump
POST/api/credentials/import/fileImport from uploaded file
GET/api/credentials/responderGet Responder-captured creds
GET/api/credentials/kerberoastGet Kerberoast hashes
GET/api/credentials/asreproastGet AS-REP hashes

AD Attacks

MethodPathDescription
POST/api/bloodhound/runBloodHound collection
POST/api/kerberoast/runKerberoasting
POST/api/asreproast/runAS-REP roasting
POST/api/adcs/runADCS enumeration
GET/api/adcs/vulnsGet ADCS vulnerabilities
POST/api/adcs/esc1/runESC1 attack chain
GET/api/adcs/esc1/statusESC1 attack status
POST/api/domain-info/runDomain info collection
POST/api/domain-info/delegation/runKerberos delegation enum
GET/api/domain-info/delegation/dataGet delegation data
GET/api/domain-infoGet stored domain info
GET/api/password-policyGet password policy
POST/api/users/rid-bruteRID cycling enum
POST/api/users/exportDomain user export
POST/api/zerologon/runZerologon check
POST/api/coerce/runCoerce authentication

Layer 2

MethodPathDescription
POST/api/responder/startStart Responder
POST/api/responder/stopStop Responder
GET/api/responder/outputStream Responder output
GET/api/responder/statusResponder process status
GET/api/responder/configRead Responder.conf
POST/api/responder/configWrite Responder.conf
POST/api/mitm6/startStart mitm6
POST/api/mitm6/stopStop mitm6
GET/api/mitm6/outputStream mitm6 output
GET/api/mitm6/statusmitm6 process status
POST/api/asrepcatcher/startStart ASRepCatcher
POST/api/asrepcatcher/stopStop ASRepCatcher
GET/api/asrepcatcher/outputStream ASRepCatcher output
GET/api/asrepcatcher/statusASRepCatcher process status

Build docs developers (and LLMs) love

Get started for freeTalk to us