The Sandfly server provides a REST API to further expand its functionality.
The full list of calls for the Sandfly API are available at: https://api.sandflysecurity.com/
For additional development related information, see the Forensics Keyword List section of the documentation.
Example API Script
As a reference, we have provided a bash script that authenticates and pulls the Sandfly version via the API:
#!/usr/bin/env bash # Sandfly Security LTD www.sandflysecurity.com # Copyright (c) 2016-2021 Sandfly Security LTD, All Rights Reserved. # A reference example script of using the Sandfly API cat << EOF ****************************************************************************** Sandfly API Reference Script This script will output Sandfly version data to the screen. ****************************************************************************** EOF if ! command -v jq &> /dev/null then echo "the 'jq' command could not be found and is required to run this script." exit 1 fi if ! command -v curl &> /dev/null then echo "The 'curl' command could not be found and is required to run this script." exit 1 fi read -p "Hostname for Sandfly server: " HOSTNAME if [[ "$HOSTNAME" == "" ]]; then echo "Must supply a hostname." exit 1 fi read -s -p "Password for Sandfly admin user: " PASSWORD echo if [[ "$PASSWORD" == "" ]]; then echo "Must supply a password." exit 1 fi echo "Pulling data from: $HOSTNAME" ACCESS_TOKEN=$(curl -s -k --request POST --header "Content-Type: application/json" --url https://"$HOSTNAME"/v4/auth/login \ --data "{\"username\":\"admin\",\"password\":\"$PASSWORD\"}" | jq -r ".access_token") if [[ "$ACCESS_TOKEN" == "null" ]]; then echo "Couldn't get access token for REST API. Check hostname and credentials and try again." exit 1 fi echo "Password OK. Dumping data." SANDFLY_JSON=$(curl -s -k --request GET --header "Content-Type: application/json" --header "Authorization: Bearer $ACCESS_TOKEN" \ --url https://"$HOSTNAME"/v4/version | jq ".") if [[ "$SANDFLY_JSON" == "null" ]]; then echo "ERROR: Nothing to dump." exit 1 fi echo "$SANDFLY_JSON" echo "Done!"
NOTE: Required External Commands for the Reference Script This example script requires the use of the curl and jq commands. If either of them are not found, the script will indicate it. Install any missing commands as appropriate for your Operating System to allow this script to run.
This script can be used from any host that has access to the administrative web interface of your Sandfly server.
Previous Article: | Next Article: | ![]() |