API documentation only contains working and documented routes
- URL:
/config - Method:
POST - Tags:
config - Description: Configure the database.
- Request Body:
{ "name": "string", // Database name (default: "memgraph") "uri": "string" // Database URI (default: "bolt://localhost:7687") } - Response:
0if configured properly, error message otherwise.
- URL:
/cmd - Method:
POST - Tags:
config - Description: Execute remote commands.
- Request Body:
{ "command": "string" // Command to execute } - Response: Command output.
- URL:
/ - Method:
GET - Tags:
other - Description: Grab some cool ASCII art.
- Response: ASCII art.
- URL:
/documentation - Method:
GET - Tags:
other - Description: Get documentation in HTML format.
- Response: HTML documentation.
- URL:
/kerberos/asrep - Method:
POST - Tags:
kerberos - Description: Asrep roast users or get users that don't require preauth.
- Request Body:
{ "target": { "domain": "string", "dc": "string", "kerberos": "string", "ldap_ssl": "string", "user_name": "string", "dc_ip": "string" }, "kerb": { "get_hash": "string", } } - Response: JSON response with user and asrep data.
- URL:
/kerberos/kerbroast - Method:
POST - Tags:
kerberos - Description: Kerberoast users.
- Request Body:
{ "target": { "domain": "string", "dc": "string", "kerberos": "string", "ldap_ssl": "string", "user_name": "string", "dc_ip": "string" }, "kerb": { "password": "string", "user_hash": "string", "aeskey": "string", "get_hash": "string", "kdcHost": "string" }, "roast": { "target_user": "string", "no_preauth": "string" } } - Response: JSON response with user and kerb data.
- URL:
/kerberos/tgt - Method:
POST - Tags:
kerberos - Description: Grab a TGT for a user.
- Request Body:
{ "target": { "domain": "string", "dc": "string", "kerberos": "string", "ldap_ssl": "string", "user_name": "string", "dc_ip": "string" }, "kerb": { "password": "string", "user_hash": "string", "aeskey": "string", "get_hash": "string", "kdcHost": "string" }, "roast": { "target_user": "string", "no_preauth": "string" } } - Response: JSON response with user and TGT data.
- URL:
/kerberos/tgs - Method:
POST - Tags:
kerberos - Description: Grabs TGSs.
- Request Body:
{ "target": { "domain": "string", "dc": "string", "kerberos": "string", "ldap_ssl": "string", "user_name": "string", "dc_ip": "string" }, "kerb": { "password": "string", "user_hash": "string", "aeskey": "string", "get_hash": "string", "kdcHost": "string" }, "roast": { "target_user": "string", "no_preauth": "string" } } - Response: JSON response with user and TGS data.
- URL:
/kerberos/st - Method:
POST - Tags:
kerberos - Description: Grabs ST for a target user.
- Request Body:
{ "target": { "domain": "string", "dc": "string", "kerberos": "string", "ldap_ssl": "string", "user_name": "string", "dc_ip": "string" }, "kerb": { "password": "string", "user_hash": "string", "aeskey": "string", "get_hash": "string", "kdcHost": "string" }, "roast": { "target_user": "string", "no_preauth": "string" }, "st_data": { "spn": "string", "u2u": "string", "no_s4u2proxy": "string" } } - Response: JSON response with target and ST data.
- URL:
/kerberos/download_ticket - Method:
POST - Tags:
kerberos - Description: Download the ticket.
- Request Body:
{ "get_file": { "file_name": "string" } } - Response: File response.
- URL:
/kerberos/ticket_editor - Method:
POST - Tags:
kerberos - Description: Edit a ticket.
- Request Body:
{ "tickets": { "b64_encoded_ticket": "string", "spn": "string", "user_sid": "string", "target_user": "string", "groups": "string", "user_id": "string", "impersonate": "string", "request_ticket": "string" }, "target": { "domain": "string", "dc": "string", "kerberos": "string", "ldap_ssl": "string", "user_name": "string", "dc_ip": "string" }, "kerb": { "password": "string", "user_hash": "string", "aeskey": "string", "get_hash": "string", "kdcHost": "string" } } - Response: JSON response with edited ticket data.
- URL:
/kerberos/shadow/auto - Method:
POST - Tags:
kerberos - Description: Automatically shadow credentials.
- Request Body:
{ "dc_ip": "string", "domain": "string", "username": "string", "hashes": "string", "password": "string", "ns": "string", "kerberos": "string", "target_ip": "string", "scheme": "string", "kdcHost": "string", "target_account": "string" } - Response: JSON response with status.
- URL:
/ldap/collect - Method:
POST - Tags:
ldap - Description: Collect LDAP data.
- Request Body:
{ "target": { "domain": "string", "dc": "string", "kerberos": "string", "ldap_ssl": "string", "user_name": "string", "dc_ip": "string" }, "kerb": { "password": "string", "user_hash": "string", "aeskey": "string", "get_hash": "string", "kdcHost": "string" } } - Response: JSON response with collection status.
-
URL:
/ldap/objeditor -
Method:
POST -
Tags:
ldap -
Description: Edit LDAP object using various operations like adding a computer, member, editing password, deleting object, and more.
-
Request Body:
{ "target": { "domain": "string", "dc": "string", "kerberos": "string", "ldap_ssl": "string", "user_name": "string", "dc_ip": "string" }, "kerb": { "password": "string", "user_hash": "string", "aeskey": "string", "get_hash": "string", "kdcHost": "string" }, "ops": { "option": "string", "computer_name": "string", "computer_pass": "string", "target_obj": "string", "new_pass": "string", "group": "string", "ou": "string", "service": "string", "property_modify": "string", "source_account": "string" } } -
Request Body Description:
target:domain: The domain name.dc: The domain controller.kerberos: Indicates if Kerberos authentication is used ("True" or "False").ldap_ssl: Indicates if LDAP SSL is used ("True" or "False").user_name: The username for authentication.dc_ip: The IP address of the domain controller.
kerb:password: The password for authentication.user_hash: The NTLM hash of the user.aeskey: The AES key for Kerberos authentication.get_hash: Option to get hash (not used in the method).kdcHost: The KDC host (not used in the method).
ops:option: The action to perform (e.g., "add_computer", "add_member", "edit_pass", "delete_group_member", "delete", "add_rbcd").computer_name: The name of the computer to add.computer_pass: The password for the computer to add.target_obj: The target object to modify.new_pass: The new password for the object.
group: The name of the group.ou: The organizational unit.
service: The service name.property_modify: The properties to modify (in JSON string format).source_account: The source account for DACL edit.
-
Response: JSON response with the status of the edit operation.
{ "response": "string" }
- URL:
/ldap/update_graph - Method:
POST - Tags:
ldap - Request Body:
{ "target": { "domain": "string", "dc": "string", "kerberos": "string", "ldap_ssl": "string", "user_name": "string", "dc_ip": "string" }, "kerb": { "password": "string", "user_hash": "string", "aeskey": "string", "get_hash": "string", "kdcHost": "string" }, "update": { "target_object": "string", "obj_type": "string" } }
Create a new LDAP account.
- URL:
/ldap/account/create - Method:
POST - Tags:
ldap - Request Body:
AccountCerts - Response: JSON object containing the result of the account creation.
{
"dc_ip": "192.168.1.1",
"domain": "example.com",
"username": "admin",
"hashes": "hashed_value",
"password": "password",
"ns": "string",
"kerberos": "False",
"target_ip": "192.168.1.2",
"scheme": "ldaps",
"kdcHost": "",
"target_account": "target_user",
"dns": "",
"upn": "",
"sam": "",
"spns": "",
"passw": "",
"group": ""
}{
"response": "Account created successfully"
}Delete an existing LDAP account.
- URL:
/ldap/account/delete - Method:
POST - Tags:
ldap - Request Body:
AccountCerts - Response: JSON object containing the result of the account deletion.
{
"dc_ip": "192.168.1.1",
"domain": "example.com",
"username": "admin",
"hashes": "hashed_value",
"password": "password",
"ns": "string",
"kerberos": "False",
"target_ip": "192.168.1.2",
"scheme": "ldaps",
"kdcHost": "",
"target_account": "target_user",
}{
"response": "Account deleted successfully"
}Modify an existing LDAP account.
- URL:
/ldap/account/modify - Method:
POST - Tags:
ldap - Request Body:
AccountCerts - Response: JSON object containing the result of the account modification.
{
"dc_ip": "192.168.1.1",
"domain": "example.com",
"username": "admin",
"hashes": "hashed_value",
"password": "password",
"ns": "string",
"kerberos": "False",
"target_ip": "192.168.1.2",
"scheme": "ldaps",
"kdcHost": "",
"target_account": "target_user",
"dns": "",
"upn": "",
"sam": "",
"spns": "",
"passw": "",
"group": ""
}{
"response": "Account modified successfully"
}Retrieve information about an LDAP account.
- URL:
/ldap/account/get - Method:
POST - Tags:
ldap - Request Body:
AccountCerts - Response: JSON object containing the account information.
{
"dc_ip": "192.168.1.1",
"domain": "example.com",
"username": "admin",
"hashes": "hashed_value",
"password": "password",
"ns": "string",
"kerberos": "False",
"target_ip": "192.168.1.2",
"scheme": "ldaps",
"kdcHost": "",
"target_account": "target_user",
}{
"response": "Account information retrieved successfully"
}Each endpoint includes a try-except block to catch any exceptions that occur during the execution of the request. If an exception is caught, the response will contain the error message.
- URL:
/mssql/query - Method:
POST - Tags:
mssql - Description: Run MSSQL query on target.
- Request Body:
{ "q": { "target_ip": "string", "domain": "string", "user_name": "string", "password": "string", "kerberos": "string", "aeskey": "string", "dc": "string", "dc_ip": "string", "kdcHost": "string", "DB": "string", "nthash": "string", "lmhash": "string", "windows_auth": "string", "query": "string" } } - Response: JSON response with query result.
- URL:
/mssql/xp - Method:
POST - Tags:
mssql - Description: Execute XP command on target.
- Request Body:
{ "xp": { "op": "string", "command": "string" }, "q": { "target_ip": "string", "domain": "string", "user_name": "string", "password": "string", "kerberos": "string", "aeskey": "string", "dc": "string", "dc_ip": "string", "kdcHost": "string", "DB": "string", "nthash": "string", "lmhash": "string", "windows_auth": "string", "query": "string" } } - Response: JSON response with command result.
- URL:
/smb/list_shares - Method:
POST - Tags:
smb - Description: List SMB shares.
- Request Body:
{ "smb_model": { "target_ip": "string", "share": "string", "path": "string" }, "target": { "domain": "string", "dc": "string", "kerberos": "string", "ldap_ssl": "string", "user_name": "string", "dc_ip": "string" }, "auth": { "password": "string", "user_hash": "string", "aeskey": "string", "get_hash": "string", "kdcHost": "string" } } - Response: JSON response with known shares.
- URL:
/smb/get_file_contents - Method:
POST - Tags:
smb - Description: Get file contents from SMB.
- Request Body:
{ "smb_model": { "target_ip": "string", "share": "string", "path": "string" }, "target": { "domain": "string", "dc": "string", "kerberos": "string", "ldap_ssl": "string", "user_name": "string", "dc_ip": "string" }, "auth": { "password": "string", "user_hash": "string", "aeskey": "string", "get_hash": "string", "kdcHost": "string" } } - Response: JSON response with file contents.
- URL:
/smb/list_dirs - Method:
POST - Tags:
smb - Description: List directories in an SMB share.
- Request Body:
{ "smb_model": { "target_ip": "string", "share": "string", "path": "string" }, "target": { "domain": "string", "dc": "string", "kerberos": "string", "ldap_ssl": "string", "user_name": "string", "dc_ip": "string" }, "auth": { "password": "string", "user_hash": "string", "aeskey": "string", "get_hash": "string", "kdcHost": "string" } } - Response: JSON response with directories.
- URL:
/winrm/cmd - Method:
POST - Tags:
winrm - Description: Execute command via WinRM.
- Request Body:
{ "winrm_model": { "target_ip": "string", "command": "string", "ssl": "string" }, "target": { "domain": "string", "dc": "string", "kerberos": "string", "ldap_ssl": "string", "user_name": "string", "dc_ip": "string" }, "auth": { "password": "string", "user_hash": "string", "aeskey": "string", "get_hash": "string", "kdcHost": "string" } } - Response: JSON response with command output.
- URL:
/graphing/query - Method:
POST - Tags:
Memgraph - Description: Run a query on Memgraph.
- Request Body:
{ "q": { "query": "string" } } - Response: JSON response with query result.
- URL:
/graphing/admin_paths - Method:
GET - Tags:
Memgraph - Description: Get shortest paths to admins.
- Response: JSON response with paths.
- URL:
/graphing/kerberoastable - Method:
GET - Tags:
Memgraph - Description: Get Kerberoastable users.
- Response: JSON response with users.
- URL:
/graphing/asreproastable - Method:
GET - Tags:
Memgraph - Description: Get ASREPRoastable users.
- Response: JSON response with users.
- URL:
/graphing/pwned - Method:
POST - Tags:
Memgraph - Description: Mark an object as pwned.
- Request Body:
{ "pwn": { "obj": "string", "password": "string" } } - Response: JSON response with status.
- URL:
/graphing/clear - Method:
GET - Tags:
Memgraph - Description: Clear Memgraph database.
- Response: JSON response with status.
- URL:
/adcs/templates/get - Method:
POST - Tags:
certs - Description: Get AD CS templates.
- Request Body:
{ "dc_ip": "string", "domain": "string", "username": "string", "hashes": "string", "password": "string", "kdcHost": "string", "ns": "string", "kerberos": "string", "target_ip": "string", "scheme": "string", "vulnerable": "string", "dc_only": "string", "graph": "string" } - Response: JSON response with templates.
- URL:
/adcs/templates/config - Method:
POST - Tags:
certs - Description: Get AD CS template config.
- Request Body:
{ "dc_ip": "string", "domain": "string", "username": "string", "hashes": "string", "password": "string", "ns": "string", "kerberos": "string", "target_ip": "string", "kdcHost": "string", "scheme": "string", "template_name": "string" } - Response: JSON response with config.
- URL:
/adcs/templates/set - Method:
POST - Tags:
certs - Description: Set AD CS template config.
- Request Body:
{ "dc_ip": "string", "domain": "string", "username": "string", "hashes": "string", "password": "string", "ns": "string", "kerberos": "string", "target_ip": "string", "scheme": "string", "kdcHost": "string", "template_name": "string", "config_data": {} } - Response: JSON response with status.
- URL:
/adcs/templates/enable - Method:
POST - Tags:
certs - Description: Enable AD CS template.
- Request Body:
{ "dc_ip": "string", "domain": "string", "username": "string", "hashes": "string", "password": "string", "ns": "string", "kerberos": "string", "target_ip": "string", "scheme": "string", "kdcHost": "string", "template_name": "string", "certificate_authority": "string" } - Response: JSON response with status.
- URL:
/adcs/templates/disable - Method:
POST - Tags:
certs - Description: Disable AD CS template.
- Request Body:
{ "dc_ip": "string", "domain": "string", "username": "string", "hashes": "string", "password": "string", "ns": "string", "kerberos": "string", "target_ip": "string", "scheme": "string", "kdcHost": "string", "template_name": "string", "certificate_authority": "string" } - Response: JSON response with status.
- URL:
/adcs/officers/add - Method:
POST - Tags:
certs - Description: Add a certificate officer.
- Request Body:
{ "dc_ip": "string", "domain": "string", "username": "string", "hashes": "string", "password": "string", "ns": "string", "kerberos": "string", "target_ip": "string", "scheme": "string", "kdcHost": "string", "officer_name": "string", "certificate_authority": "string" } - Response: JSON response with status.
- URL:
/adcs/officers/delete - Method:
POST - Tags:
certs - Description: Delete a certificate officer.
- Request Body:
{ "dc_ip": "string", "domain": "string", "username": "string", "hashes": "string", "password": "string", "ns": "string", "kerberos": "string", "target_ip": "string", "scheme": "string", "kdcHost": "string", "officer_name": "string", "certificate_authority": "string" } - Response: JSON response with status.
- URL:
/adcs/managers/add - Method:
POST - Tags:
certs - Description: Add a certificate manager.
- Request Body:
{ "dc_ip": "string", "domain": "string", "username": "string", "hashes": "string", "password": "string", "ns": "string", "kerberos": "string", "target_ip": "string", "scheme": "string", "kdcHost": "string", "manager_name": "string", "certificate_authority": "string" } - Response: JSON response with status.
- URL:
/adcs/managers/delete - Method:
POST - Tags:
certs - Description: Delete a certificate manager.
- Request Body:
{ "dc_ip": "string", "domain": "string", "username": "string", "hashes": "string", "password": "string", "ns": "string", "kerberos": "string", "target_ip": "string", "scheme": "string", "kdcHost": "string", "manager_name": "string", "certificate_authority": "string" } - Response: JSON response with status.