All endpoints (except /api/login and stager delivery) require a valid JWT in the Authorization: Bearer <token> header.
Content-Type: application/json
{ "username": "admin", "password": "yourpassword" }
Returns { "token": "..." }.
| Method | Endpoint | Description |
|---|
| GET | /api/sessions | List all sessions |
| GET | /api/sessions/{id} | Get session detail |
| DELETE | /api/sessions/{id} | Delete session |
| PATCH | /api/sessions/{id} | Update tags, notes, detection status |
| Method | Endpoint | Description |
|---|
| POST | /api/sessions/{id}/task | Send a task |
| GET | /api/sessions/{id}/tasks | List task history |
| Method | Endpoint | Description |
|---|
| POST | /api/sessions/{id}/upload | Stage a file for upload |
| GET | /api/sessions/{id}/download/{filename} | Download exfiltrated file |
| Method | Endpoint | Description |
|---|
| POST | /api/stager | Create a stager token |
| GET | /api/stager | List active tokens |
| DELETE | /api/stager/{token} | Revoke a token |
| Method | Endpoint | Description |
|---|
| POST | /api/report | Generate report |
Body: { "session_ids": [...], "format": "md|html|pdf", "start": "ISO date", "end": "ISO date" }
| Method | Endpoint | Description |
|---|
| GET | /api/topology | Get full network topology graph |
Real-time updates are pushed over WebSocket at /ws. Events include:
agent_checkin — new beacon checked intask_result — task output availablepty_output — PTY data chunktunnel_status — SOCKS5 tunnel state changechat_message — operator chat message
