└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # htb_api 2 | A lot of endpoints for the HackTheBox API. 3 | 4 | Since there is no documentation about the HackTheBox API, and I needed it to make my Discord bot (here : https://github.com/mxrch/HackTheBot), I manually searched inside the requests and in the .js used by those requests, for endpoint APIs, and found quite a few. 5 | 6 | I leave it here, it's not documented, feel free to contribute, document and add new finds. 7 | Hope you'll do great things ! ❤ 8 | 9 |
10 | 11 | 12 | ### Some stuff 13 | ● POST /api/alert/read + api_token\ 14 | ● POST /api/suggestions/post + api_token + data = { "text" : feedbackText }\ 15 | ● GET /api/vouchers + api_token + voucherCode\ 16 | ● POST /api/testimonials/publish + data = { "name" : name, "text" : text, "rating" : rating (int between 0 and 5), "publish" : publish (true / false) }\ 17 | ● POST /api/features/vote + api_token + data = {feature: id, vote: vote} 18 | 19 | ### Subscriptions 20 | ● GET /api/subscriptions/recurly/balance + api_token\ 21 | ● POST /api/subscriptions/snippet + api_token 22 | 23 | ### VPN Stats 24 | ● POST /api/vpnserver/freeslots + api_token\ 25 | ● GET /api/vpnserver/status/all + api_token 26 | 27 | ### Conversations 28 | ● POST /api/conversations/list/ + api_token\ 29 | ● POST /api/conversations/total/ + api_token 30 | 31 | ### Admin 32 | ● GET /api/admin/support/topics + api_token\ 33 | ● GET /api/admin/support/issues/+id + api_token\ 34 | ● POST /api/admin/support/topics + api_token { "name": name }\ 35 | ● POST /api/admin/support/subtopics + api_token { "name": name }\ 36 | ● GET /api/admin/tags/machines + api_token\ 37 | ● GET /api/admin/tags/categories + api_token\ 38 | ● POST /api/admin/tags/machines/remove + api_token + data = { "tag": id, "machine": id }\ 39 | ● POST /api/admin/tags/machines/add + api_token + data = { "tag": id, "machine": id }\ 40 | ● POST /api/admin/tags/categories/new + api_token + data = { "category": name }\ 41 | ● POST /api/admin/tags/new + api_token + data = { "category": id, "tag": "name" }\ 42 | ● POST /api/admin/tags/categories/delete + api_token + data = { "category": id }\ 43 | ● POST /api/admin/tags/delete + api_token + data = { "tag": id } 44 | 45 | ### Machines 46 | ● GET /api/machines/get/all + api_token\ 47 | ● GET /api/machines/get/+id + api_token\ 48 | ● GET /api/machines/get/matrix/+id+/ + api_token\ 49 | ● POST /api/machines/get/owns + api_token\ 50 | ● POST /api/machines/vpnping/57 + api_token + data = {"id" : machine_id}\ 51 | ● POST /api/machines/rate/+id+/+rating + api_token\ 52 | ● POST /api/machines/rate/matrix + data = { "machine_id": id, "real": real, "cve" : cve, "enum": enumeration }\ 53 | ● POST /api/machines/own/root/+id+/ + api_token + data = { "hash" : hash, "diff" : diff }\ 54 | ● POST /api/machines/own/user/+id+/ + api_token + data = { "hash" : hash, "diff" : diff }\ 55 | ● GET /api/machines/difficulty + api_token\ 56 | ● GET /api/machines/reviews + api_token\ 57 | ● GET /api/machines/todo + api_token\ 58 | ● POST /api/machines/todo/update + api_token + data = { ? }\ 59 | ● GET /api/machines/expiry + api_token\ 60 | ● GET /api/machines/spawned + api_token\ 61 | ● GET /api/machines/terminating + api_token\ 62 | ● GET /api/machines/assigned + api_token\ 63 | ● GET /api/machines/resetting + api_token\ 64 | ● POST /api/machines/ping/+t + api_token\ 65 | ● POST /api/machines/tutorial + api_token\ 66 | ● GET /api/machines/get/resets/+labname + api_token\ 67 | ● POST /api/machines/reset/cancel + api_token + data = { ? } 68 | 69 | ### Starting Points 70 | ● GET /api/startingpoint/writeup/+id + api_token\ 71 | ● GET /api/startingpoint/machines + api_token\ 72 | ● GET /api/startingpoint/owns + api_token\ 73 | ● GET /api/startingpoint/reset + api_token\ 74 | ● GET /api/startingpoint/flag + api_token + data = { ? }\ 75 | ● POST /api/startingpoint/step/+? + api_token + data = { ? }\ 76 | ● GET /api/startingpoint/writeup/+id + api_token 77 | 78 | ### VM actions 79 | ● POST /api/vm/reset/+id + api_token\ 80 | ● POST /api/vm/vip/assign/+id + api_token\ 81 | ● POST /api/vm/vip/remove/+id + api_token\ 82 | ● POST /api/vm/vip/cancel/+id + api_token\ 83 | ● POST /api/vm/vip/transfer/+id + api_token\ 84 | ● POST /api/vm/vip/extend/+id + api_token 85 | 86 | ### Teams 87 | ● POST /api/teams/respect/+team_id + api_token 88 | 89 | ### Challenges 90 | ● POST /api/challenges/rate/+id+/+rating+ + api_token (rating pro = 1, rating sucks = 0)\ 91 | ● POST /api/challenges/own/ + api_token + data = { "challenge_id" : id, "flag" : flag, "difficulty": difficulty }\ 92 | ● POST /api/challenges/start + api_token + data = { "challenge_id": id, }\ 93 | ● POST /api/challenges/stop + api_token + data = { "challenge_id": id, } 94 | 95 | ### Charts 96 | ● GET /api/charts/users/scores/ + api_token\ 97 | ● GET /api/charts/teams/scores/ + api_token\ 98 | ● GET /api/charts/universities/scores/ + api_token\ 99 | ● GET /api/charts/countries/scores/ + api_token\ 100 | ● GET /api/charts/vip/scores/ + api_token 101 | 102 | ### Stats 103 | ● POST /api/stats/global\ 104 | ● POST /api/stats/daily/owns/+days 105 | 106 | ### Careers 107 | ● POST /api/careers/apply + api_token + data = { "name" : name, "email" : email, "phone" : phone, "cv" : cv, "id" : id }\ 108 | ● POST /api/careers/application/track/+offer_id + api_token 109 | 110 | ### Users 111 | ● GET /api/users/identifier/+account_identifier\ 112 | ● POST /api/user/id + api_token + data = { "username" : name }\ 113 | ● POST /api/users/find + api_token + data = { "name" : query }\ 114 | ● POST /api/users/respect/+user_id + api_token\ 115 | ● POST /api/users/disrespect/+user_id + api_token\ 116 | ● POST /api/users/htb/connection/status + api_token\ 117 | ● POST /api/users/htb/fortress/connection/status + api_token\ 118 | ● POST /api/users/htb/endgame/connection/status + api_token\ 119 | ● POST /api/users/htb/private/connection/status/ + api_token\ 120 | ● POST /api/users/htb/pro/connection/status/ + api_token\ 121 | ● POST /api/users/beta/invite + api_token + data = { "code" : code } 122 | 123 | ### Endgames 124 | ● POST /api/endgame/+id+/progress + api_token\ 125 | ● POST /api/endgame/own + api_token + data = { "flag" : flag } 126 | 127 | ### Fortress 128 | ● POST /api/fortress/+id+/progress + api_token\ 129 | ● POST /api/fortress/own/ + api_token + data = { "flag" : flag }\ 130 | ● GET /api/fortress/+id+/ping + api_token 131 | 132 | ### Labs 133 | ● POST /api/labs/switch/+id + api_token\ 134 | ● POST /api/labs/pro/resetrequest + api_token + data = { "resettext" : resettext }\ 135 | ● POST /api/labs/pro/get/progress/+lab_id + api_token\ 136 | ● POST /api/labs/pro/submit/flag/ + api_token + data = { "flag" : flag }\ 137 | ● POST /api/labs/pro/feedback + api_token + data = { "text" : text, "lab" : lab_id, "rating" : proRating, "difficulty" : proDifficulty } 138 | 139 | ### Shoutbox 140 | ● POST /api/shouts/get/single/+id + api_token\ 141 | ● POST /api/shouts/new/ + api_token + data = { "text" : text }\ 142 | ● POST /api/shouts/get/initial/html/+num + api_token\ 143 | ● POST /api/shouts/team/get/html/+num + api_token\ 144 | ● POST /api/shouts/team/new/ + api_token + data = { "text" : text }\ 145 | ● POST /api/shouts/support/get/html/+t + api_token\ 146 | ● POST /api/shouts/support/new/ + api_token + data = { "text" : text } 147 | 148 | ### Map 149 | ● GET /vendor/d3/world-50m.v1.json\ 150 | ● GET /storage/current.png 151 | --------------------------------------------------------------------------------