driftnet

Driftnet API

A comprehensive RESTful JSON API.

Getting StartedInternet ScansScan ContentOpen PortsDomain ScansForward DNSReverse DNSIP RegistrationsDomain RegistrationsCertificate TransparencyJARM FingerprintsFavicon Fingerprints
Getting StartedInternet ScansScan ContentOpen PortsDomain ScansForward DNSReverse DNSIP RegistrationsDomain RegistrationsCertificate TransparencyJARM FingerprintsFavicon Fingerprints

Open Ports

Overview

Calls to scan/protocols and scan/protocols/body return results when Driftnet is able to perform a protocol-level exchange. Driftnet also records the simple fact-of an open TCP port, even when protocol data could not be obtained.

Searching by IP

To get a simple summary of open TCP ports on an IP address, call scan/ports:

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/scan/ports?ip=8.8.8.8' \
  | jq .
{
  "other": 0,
  "values": {
    "443": 10,
    "53": 4,
    "853": 1
  }
}

The results are similar to those obtained when using the summarize= parameter.

The returned object may also contain an additional key "honeypot": true. The presence of this key indicates that the IP address exhibits unusual open-port behavior and may be a network monitoring device or scan honeypot.