We are restructuring the HoneyDB API to make it more intuitive, consistent, and powerful. This update introduces a new family of endpoints organized around IPs and ASNs, while retiring a number of older endpoints that have grown fragmented over time.

New Endpoints

  • ip - Returns full context for an IP. This includes network info, threat info, history of activity, known internet scanner, as well as reverse dns and cve data if available.

  • ip/geo - Returns Geo IP location information.

  • ip/netinfo - Returns AS number and ogranization as well as location data.

  • ip/threatinfo - Returns threat intel information.

  • ip/threatinfo/sansip - Returns threat details from the SANS IP list.

  • ip/threatinfo/project-honeypot - Returns threat details from Project Honeypot.

  • ip/threatinfo/threatfox - Returns threat details from ThreatFox.

  • ip/threatinfo/blocklist-net-ua - Returns threat details from Blocklist.net.ua.

  • ip/internet-scanner - Returns true or false based on if the IP is a known internet scanner.

  • ip/history - Returns history of interactions with the HoneyDB network.

  • ip/cve - Returns list of identified CVEs observed from the IP.

  • ip/cidr - Returns all IP addresses part of a network range based on provided CIDR.

  • asn - Returns AS number and organization name.

  • asn/prefixes - Returns all network prefixes associated with an AS number.

  • asns - Returns list of all ASNs, from the previous day, that have interacted with the HoneyDB honeypot network.

  • asns-7d - Returns list of all ASNs, from the last 7 days, that have interacted with the HoneyDB honeypot network.

See documentation for more details on these endpoints.

Deprecated Endpoints

  • payload-history/year

  • payload-history/year/month

  • payload-history/service

  • payload-history/hash

  • payload-history/remote-hosts

  • payload-history/hash/remote-hosts/year

  • payload-history/remote-hosts/remote-host

  • payload-history/attributes

  • payload-history/attributes/attribute

Deprecated Endpoints (replaced by ip endpoints noted above)

  • ipinfo, replaced by ip/threatinfo

  • ipinfo-bogon, replaced by ip/threatinfo

  • ipinfo-tor, replaced by ip/threatinfo

  • ipinfo-sansip, replaced by ip/threatinfo/sansip

  • ipinfo-ciarmy, replaced by ip/threatinfo

  • ipinfo-et-compromised, replaced by ip/threatinfo

  • ipinfo-project-honeypot, replaced by ip/threatinfo/project-honeypot

  • ipinfo-pallebone, replaced by ip/threatinfo

  • ipinfo-threatfox, replaced by ip/threatinfo/threatfox

  • ipinfo-blocklist_net_ua, replaced by ip/threatinfo/blocklist-net-ua

Deprecated Endpoints (replaced by ip and asn endpoints noted above)

  • netinfo-lookup, replaced by ip/netinfo and ip/geo

  • netinfo-network-addresses, replaced by ip/cidr

  • netinfo-geolocation, replaced by ip/geo

  • netinfo-as-name, replaced by asn

  • netinfo-prefixes, replaced by asn/prefixes

Deprecated endpoints will continue function for the foreseeable future, but are no longer included in documentation and may eventually be removed. We recommend updating any integrations to use the new endpoints as soon as possible.

Full documentation for all new endpoints is available in the HoneyDB API docs.

If you have questions, please contact us our contact form.