Driftnet API

A comprehensive RESTful JSON API.

Open Ports


Calls to scan/protocols and scan/protocols/body return results when Driftnet is able to perform a protocol-level exchange. Driftnet also records the simple fact-of an open TCP port, even when protocol data could not be obtained.

Searching by IP

To get a simple summary of open TCP ports on an IP address, call scan/ports:

curl -s -H 'Authorization: Bearer <your-api-token>' \
     'https://api.driftnet.io/v1/scan/ports?ip=' \
  | jq .
  "other": 0,
  "values": {
    "443": 10,
    "53": 4,
    "853": 1

The results are similar to those obtained when using the summarize= parameter.

The returned object may also contain an additional key "honeypot": true. The presence of this key indicates that the IP address exhibits unusual open-port behavior and may be a network monitoring device or scan honeypot.