NAV
shell

Introduction

Welcome to Kartos' API! You can use our API to access Kartos endpoints, which can get information on your domains and lists. We have language bindings in Shell, but we are working to offer you libraries in different languages. You can view code examples in the dark area to the right.

Authentication

To authorize, use this code:

# With shell, you can just pass the correct header with each request
curl "api_endpoint_here" \
      --header "api_key: meowmeowmeow"

Make sure to replace meowmeowmeow with your API key.

Kartos uses API keys to allow access to the API. You can request your API key from the Kartos´ panel if you have a enterprise licence.

Kartos expects that the API key is included in all API requests to the server in a header that looks like the following:

api_key: meowmeowmeow

Content Profiles

Get Content Profiles

curl --request GET \
     --url 'https://api.kartos.enthec.com/content?page=1&limit=25' \
     --header 'api_key: meowmeowmeow'

The above command returns JSON structured like this:

{
  "metadata": {
    "page": 1,
    "limit": 25,
    "total": 4,
    "page_size": 4
  },
  "contents": [
    {
      "_id": "<ID>",
      "name": "Content Profile 1",
      "description": "Content Profile 1 description",
      "domains_total": 5,
      "domains_used_total": 4,
      "domains_unique_total": 3
    },
    {
      "_id": "<ID>",
      "name": "Technical Department ",
      "description": "Domains related to our technical service",
      "domains_total": 2,
      "domains_used_total": 0,
      "domains_unique_total": 0
    },
    ...
  ]
}

This endpoint returns the information of all the content profiles it owns.

HTTP Request

GET https://api.kartos.enthec.com/content

URL Parameters

This call is paged and requires the following parameters

Parameter Default Description
page 1 Page number
limit 25 The size of elements you want to bring from the call (Between 25 and 200)

Get Content Profile Detail

curl --request GET \
     --url 'https://api.kartos.enthec.com/content/<ID>' \
     --header 'api_key: meowmeowmeow'

The above command returns JSON structured like this:

{
  "_id": "<ID>",
    "name": "Content Profile 1",
    "client": "Client <ID>",
    "product": "Product <ID>",
    "domains_total": 6,
    "domains_used_total": 5,
    "created_at": "2022-10-27T08:19:55.000Z",
    "description": "Content Profile 1 description",
    "domains_unique_total": 5
}

This endpoint returns the information of the content profile specified.

HTTP Request

GET https://api.kartos.enthec.com/content/<ID>

URL Parameters

This call is paged and requires the following parameters

Parameter Default Description
ID The ID of the content profile

Get used domains from the content profile

curl --request GET \
     --url 'https://api.kartos.enthec.com/content/domains/<ID>?page=1&limit=25&filter=fak' \
     --header 'api_key: meowmeowmeow'

The above command returns JSON structured like this:

{
    "metadata": {
    "page": 1,
    "limit": 25,
    "total": 5,
    "page_size": 25
    },
    "data": [
      {
        "_id": "<ID>",
        "domain": "fak3.com",
      },
      {
        "_id": "<ID>",
        "domain": "fake1.es",
      },
      ...
    ]
}

This endpoint returns all the domains used in the content profile.

HTTP Request

GET https://api.kartos.enthec.com/content/domains/<ID>

URL Parameters

This call is paged and requires the following parameters

Parameter Default Description
ID The ID of the domain
page 1 Page number
limit 25 The size of elements you want to bring from the call (Between 25 and 200)
filter Filter is used to match with domains in content

Get unique domains from the content profile

curl --request GET \
     --url 'https://api.kartos.enthec.com/content/unique/<ID>?page=1&limit=25&filter=fak' \
     --header 'api_key: meowmeowmeow'

The above command returns JSON structured like this:

{
    "metadata": {
    "page": 1,
    "limit": 25,
    "total": 5,
    "page_size": 25
    },
    "data": [
      {
        "_id": "<ID>",
        "domain": "fak3.com",
      },
      {
        "_id": "<ID>",
        "domain": "fake1.es",
      },
      ...
    ]
}

This endpoint returns all the unique domains in the content profile.

HTTP Request

GET https://api.kartos.enthec.com/content/unique/<ID>

URL Parameters

This call is paged and requires the following parameters

Parameter Default Description
ID The ID of the domain
page 1 Page number
limit 25 The size of elements you want to bring from the call (Between 25 and 200)
filter Filter is used to match with domains in content

Lists

curl "api_endpoint_here" \
      --header "api_key: meowmeowmeow"
      --header "content: <Content Profile ID>"\

At these endpoints we must specify in the headers the content profile to which the lists belong.

Kartos expects that the content ID is included in all List requests to the server in a header that looks like the following:

api_key: meowmeowmeow

content: <Content Profile ID>

Get Lists

curl --request GET \
     --url 'https://api.kartos.enthec.com/list?page=1&limit=25' \
     --header 'api_key: meowmeowmeow'
     --header 'content: <Content Profile ID>'

The above command returns JSON structured like this:

{
  "metadata": {
    "page": 1,
    "limit": 25,
    "total": 14,
    "page_size": 14
  },
  "lists": [
    {
      "_id": "<ID>",
      "name": "List 1"
    },
    {
      "_id": "<ID>",
      "name": "List 3"
    },
    ...
  ]
}

This endpoint returns the name and identifier of all the lists it owns.

HTTP Request

GET https://api.kartos.enthec.com/list

URL Parameters

This call is paged and requires the following parameters

Parameter Default Description
page 1 Page number
limit 25 The size of elements you want to bring from the call (Between 25 and 200)

Create New List

curl --request POST \
     --url 'https://api.kartos.enthec.com/list' \
     --header 'Content-Type: application/json' \
     --header 'api_key: meowmeowmeow' \
     --header 'content: <Content Profile ID>' \
     --data '{ "name": "new List" }'

The above command returns JSON structured like this:

{
  "message": "List created successfully"
}

This endpoint create a new list.

HTTP Request

POST https://api.kartos.enthec.com/list

Body Parameters

Body Description
name Name you want to assign to the new list

Change List Name

curl --request PUT \
     --url 'https://api.kartos.enthec.com/list/<ID>' \
     --header 'Content-Type: application/json' \
     --header 'api_key: meowmeowmeow' \
     --header 'content: <Content Profile ID>' \
     --data '{ "name": "new name for the list" }'

The above command returns JSON structured like this:

{
  "message": "List updated successfully"
}

This endpoint renames a list.

HTTP Request

PUT https://api.kartos.enthec.com/list/<ID>

URL Parameters

Parameter Description
ID The ID of the list

Body Parameters

Body Description
name New name for the list

Get Domains From the List

curl --request GET \
     --url 'https://api.kartos.enthec.com/list/<ID>?page=1&limit=25&order=domain:1&filter=fak' \
     --header 'api_key: meowmeowmeow'
     --header 'content: <Content Profile ID>'

The above command returns JSON structured like this:

{
  "_id": "<ID>",
  "name": "Demo",
  "domains": {
    "metadata": {
    "page": 1,
    "limit": 25,
    "total": 190,
    "page_size": 25
    },
    "data": [
      {
        "_id": "<ID>",
        "domain": "fak3.com",
        "country": "UK",
        "industry": "security",
        "name": "Fake 3",
        "size": "big",
        "security": 81.745,
        "reputation": 99.48,
        "dailyVariation": -2.23
      },
      {
        "_id": "<ID>",
        "domain": "fake1.es",
        "country": "ES",
        "industry": "security",
        "name": "Fake 1",
        "size": "medium",
        "security": 90.54,
        "reputation": 98.72,
        "dailyVariation": -0.00
      },
      ...
    ]
  } 
}

This endpoint returns all the domains in the list with the current domain score.

HTTP Request

GET https://api.kartos.enthec.com/list/<ID>

URL Parameters

This call is paged and requires the following parameters

Parameter Default Description
ID The ID of the domain
page 1 Page number
limit 25 The size of elements you want to bring from the call (Between 25 and 200)
order domain:1 Order is used to sort the result-set. It's a String with fieldName:number (1 ascending -1 descending ), you can combine multiple orders by adding ',' between each one.
filter Filter is used to match with domains in list

Add Domain to List

curl --request POST \
     --url 'https://api.kartos.enthec.com/list/<ID>/domain' \
     --header 'Content-Type: application/json' \
     --header 'api_key: meowmeowmeow' \
     --header 'content: <Content Profile ID>' \
     --data '{ "hostname": "enthec.com", "name": "Enthec Solutions", size: "big", industry: "technology", country: "ES" }'

The above command returns JSON structured like this:

{
  "message": "Hostname added succefull"
}

This endpoint add domains to your list

HTTP Request

POST https://api.kartos.enthec.com/list/<ID>/domain

URL Parameters

Parameter Description
ID The ID of the list

Body Parameters

Body Description Valid values
hostname Domain you want to add to the list Should follow this format: enthec.com
name Company name associated with the domain
size Company size "big", "medium", "small"
industry Company industry 'defense', 'auto', 'insurance', 'education', 'fintech' 'goverment','gambling', 'gaming', 'pharmaceutical', 'information', 'energy', 'healthcare', 'transport', 'entertainment', 'construction', 'manufacturing', 'hospitality', 'legal', 'technology', 'financial', 'services', 'retail', 'food', 'messaging', 'mkt', 'security', 'telecommunication'
country Company country ISO 3166-1 alpha-2 codes

Remove Domain from List

curl --request DELETE \
     --url 'https://api.kartos.enthec.com/list/<ID_1>/domain/<ID_2>' \
     --header 'api_key: meowmeowmeow'
     --header 'content: <Content Profile ID>'

The above command returns JSON structured like this:

{
  "message": "Hostname removed successfully"
}

This endpoint remove domains to your list

HTTP Request

DELETE 'https://api.kartos.enthec.com/list/<ID_1>/domain/<ID_2>

URL Parameters

Parameter Description
ID_1 The ID of the list
ID_2 The ID of the domain

Delete List

curl --request DELETE \
      --url 'https://api.kartos.enthec.com/list/<ID>' \
     --header 'api_key: meowmeowmeow'
     --header 'content: <Content Profile ID>'

The above command returns JSON structured like this:

{
  "message": "List deleted successfully"
}

This endpoint deletes a list and all domains in it

HTTP Request

DELETE 'https://api.kartos.enthec.com/list/<ID>

URL Parameters

Parameter Description
ID The ID of the list

Domains

curl "api_endpoint_here" \
      --header "api_key: meowmeowmeow"
      --header "content: <Content Profile ID>"\

In these endpoints we must specify in the headers the content profile to which the domains belong.

Kartos expects that the content ID is included in all Domain requests to the server in a header that looks like the following:

api_key: meowmeowmeow

content: <Content Profile ID>

Get All Categories and Vulnerabilities

curl --request GET \
     --url "https://api.kartos.enthec.com/domain" \
     --header 'api_key: meowmeowmeow'
     --header 'content: <Content Profile ID>'

The above command returns a JSON structured like this:

{
    "categories": ["network",...],
    "vulnerability": {
      "network": ["mongodb",...],
      .
      .
      .
    }
}

This endpoint returns all categories name and vulnerabilities name by categories.

HTTP Request

GET https://api.kartos.enthec.com/domain

Get General Domain Information

  curl --request GET \
       --url "https://api.kartos.enthec.com/domain/<ID>" \
       --header 'api_key: meowmeowmeow'
       --header 'content: <Content Profile ID>'

The above command returns a JSON structured like this:

{
  "_id": "<ID>",
  "name": "Enthec Solutions, S.L.",
  "domain": "enthec.com",
  "country": "ES",
  "size": "small",
  "industry": "security"
}

This endpoint returns the general information about the domain.

HTTP Request

GET https://api.kartos.enthec.com/domain/<ID>

URL Parameters

Parameter Description
ID The ID of the domain

Get Domain Score

curl --request GET \
     --url "https://api.kartos.enthec.com/domain/<ID>/score \
     --header 'api_key: meowmeowmeow'
     --header 'content: <Content Profile ID>'

The above command returns a JSON structured like this:

{

    "score": {
    "general": {
            "security": 59.88,
            "reputation": 61.55
        },
        "network": {
            "security": 100,
            "reputation": 100
        },
        "dataLeak": {
            "security": 94,
            "reputation": 100
        },
      .
      .
      .
        "patch": {
            "security": 87,
            "reputation": 100
        },
        "dailyVariation": {
            "reputation": 0,
            "security": 0
        }
    },
  "dnsHealth": {
        "squatting": 5,
        "subdomains": 6,
        "scam": 2,
        "fraud": 2,
        "phishing": 1,
        "suspicious": 10
    },
    "network": {
        "mongodb": 0,
        "elastic": 0,
    .
    .
    .
    },
    .
    .
    .
    "socialMedia": {
        "threat": 2,
        "hackcomm": 0,
        "hacktivistcomm": 0,
        "scam": 0,
        "fraud": 25,
        "phishing": 0
    }
}

This endpoint returns the domain's complete score.

HTTP Request

GET https://api.kartos.enthec.com/domain/<ID>/score

URL Parameters

Parameter Description
ID The ID of the domain

Get the Details of Domain Vulnerability

curl --request GET \
     --url "https://api.kartos.enthec.com/domain/<ID>/<Category>/<Vulnerability>?page=1&limit=25&details=on&lang=en \
     --header 'api_key: meowmeowmeow'
     --header 'content: <Content Profile ID>'

The above command with the category "network" and vulnerability "beast" returns a JSON structured like this:

{
  "_id": "<ID>",
  "domain": "fake1.com",
  "category": "network",
  "vulnerability": "beast",
  "query": {
        "metadata": {
            "page": 1,
            "limit": 25,
            "total": 2,
            "page_size": 2
        },
    "data": [
     {
                "id": "output_bot2-13-158531",
        "port": 443,
        "ip": "34.249.234.126",
        "source": "coffee.ops.fake1.com",
        "desc": "Unknown"
            },
            {
                "id": "output_bot2-13-158621",
        "port": 443,
        "ip": "34.251.55.235",
        "source": "coffee.ops.fake1.com",
        "desc": "Golang net/http server"

            },
      ...
    ]
  },
  "details": {
        "type": "Security",
        "severity": "Medium",
        "details": "Browser Exploit Against SSL/TLS.",
        "countermeds": "The BEAST attack can also be prevented by removing all CBC ciphers from the list of allowed ciphers, leaving only the RC4 cipher, which is widely supported by most websites.",
        "problem": "A vulnerability that, using a Java applet, can violate same-origin policy restrictions, due to a widely known CBC vulnerability of TLS 1.0."
    }
}

This endpoint returns all details of a specified vulnerability for the domain.

HTTP Request

GET https://api.kartos.enthec.com/domain/<ID>/<Category>/<Vulnerability>

URL Parameters

Parameter Default Description
ID The ID of the domain
Category Name of the category
Vulnerability Name of the vulnerability you want to see in more detail
page 1 Page number
limit 25 The size of elements you want to bring from the call (Between 25 and 200)
filter Filter is used to match with documents format (pdf, doc, xls, docx, xlsx, ppt, pptx)
details Details is used to show details about the vulnerability. To enable it, its value must be set to "on".
lang en Lang is used to choose the language of the detail ("en", "es", "pt"). The default value is "en".

Reports

Get Executive Report

curl --request POST \
     --url "https://api.kartos.enthec.com/report/pdf/generate/<ID>/executive/<Lang>" \
     --header 'api_key: meowmeowmeow'
     --header 'content: <Content Profile ID>'

The above command returns JSON structured like this:

{
    "message": "The report will be sent to your email in a few minutes."
}

This endpoint generates a pdf report, and sends the report to email

HTTP Request

POST https://api.kartos.enthec.com/report/pdf/generate/<ID>/executive/<Lang>

URL Parameters

Parameter Description Valid Values
ID The ID of the domain
Lang ISO code of the report language currently only available in ES and EN

Body Parameters

Body Description Valid values
email email where the report will be sent should have a valid email format

RRSS

Get All RRSS and URL Base

curl --request GET \
     --url "https://api.kartos.enthec.com/domain/sn/types" \
     --header 'api_key: meowmeowmeow'
     --header 'content: <Content Profile ID>'

The above command returns a JSON structured like this:

{   
    "data": [
    {
            "id": 2,
            "name": "twitter",
            "url_base": "https://twitter.com"
        },
    {
            "id": 3,
            "name": "facebook",
            "url_base": "https://facebook.com"
        },
    {
      .
      .
      .
    }
    ],
    "metadata": {
      "total": 4,
          "page": 1,
          "size": 25
    }
}

This endpoint returns all rrss names and their url.

HTTP Request

GET https://api.kartos.enthec.com/domain/sn/types

Get Active RRSS Information

  curl --request GET \
       --url "https://api.kartos.enthec.com/domain/sn/active/<ID>" \
     --header 'api_key: meowmeowmeow'
     --header 'content: <Content Profile ID>'

The above command returns a JSON structured like this:

{
  "data": [
    {
            "id": 1,
            "domain": "fakedomain.com",
            "type": "twitter",
            "sn_url": "https://twitter.com/FakeDomain"
        }
  ],
  "metadata": {
      "total": 1,
          "page": 1,
          "size": 25
    }
}

This endpoint returns the active social networks that are set for the domain.

HTTP Request

GET https://api.kartos.enthec.com/domain/sn/active/<ID>

URL Parameters

Parameter Description
ID The ID of the domain

Get Missing And Empty RRSS

curl --request GET \
     --url "https://api.kartos.enthec.com/domain/sn/active/empty/<ID>" \
     --header 'api_key: meowmeowmeow'
     --header 'content: <Content Profile ID>'

The above command returns a JSON structured like this:

{
  "data": [
    {
            "id": 2,
            "domain": "fakedomain.com",
            "type": "twitter",
            "sn_url": "https://twitter.com/FakeDomain"
        }
  ],
  "metadata": {
      "total": 1,
          "page": 1,
          "size": 25
    }
}

This endpoint returns your missing and empty social networks.

HTTP Request

GET https://api.kartos.enthec.com/domain/sn/active/empty/<ID>

URL Parameters

Parameter Description
ID The ID of the domain

Post new RRSS associated with the domain

curl --request POST \
     --url "https://api.kartos.enthec.com/domain/sn/active/<ID>" \
     --header 'api_key: meowmeowmeow'
     --header 'content: <Content Profile ID>'

The above command returns a JSON structured like this:

{
    "id": 5,
    "domain_id": 1,
    "type_id": 2,
    "domain_sn_id": 5
}

This endpoint returns information about your new rrss associated with the domain.

HTTP Request

POST https://api.kartos.enthec.com/domain/sn/active/<ID>

URL Parameters

Parameter Default Description
ID The ID of the domain

Body Parameters

Body Description
url The url of the social network profile to add
type The type refers to the name of the social network

Errors

The above returns JSON structured like this:

{
  "message": "Description of the error and the reasons for it"
}

The Kartos API uses the following error codes:

Error Code Meaning
400 Bad Request -- Your request is invalid.
401 Unauthorized -- Your API key is wrong.
404 Not Found -- The specified endpoint could not be found.
405 Method Not Allowed -- You tried to access a Kartos with an invalid method.
429 Too Many Requests -- You have reached the maximum number of requests this month.
500 Internal Server Error -- We had a problem with our server. Try again later.
shell