Skip to main content
TantoC2 Documentation
  1. Documentation/
  2. Reference/

REST API

Table of Contents
All endpoints are prefixed with /api/v1/. Authentication required for all except login.

Include the access token as Authorization: Bearer <token>.

Authentication
#

MethodEndpointDescription
POST/auth/loginLogin with {"username", "password"}. Returns {access_token, refresh_token, expires_at, user_id, username, role}.
POST/auth/refreshRefresh tokens with {"refresh_token"}. Returns new token pair. Old refresh token is consumed.
POST/auth/logoutRevoke current access token.
POST/auth/force-logoutAdmin only. Revoke all tokens for {"operator_id"}.

Example
#

1
2
3
4
5

curl -X POST http://localhost:8443/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"username": "admin", "password": "password"}'

# Returns: {"access_token": "...", "refresh_token": "...", ...}

Engagements
#

MethodEndpointDescription
POST/engagements/Create {"name", "description", "passphrase"}. Admin.
GET/engagements/List (filtered by access).
GET/engagements/<id>Detail.
PUT/engagements/<id>/activateActivate. Admin.
PUT/engagements/<id>/deactivateDeactivate. Admin.
POST/engagements/<id>/archiveArchive {"passphrase", "output_path?"}. Admin.
POST/engagements/importImport {"archive_path", "passphrase", "name?"}. Admin.

Operators
#

MethodEndpointDescription
POST/operators/Create {"username", "password", "role?"}. Admin.
GET/operators/List all. Admin.
GET/operators/<id>Detail. Admin or self.
PUT/operators/<id>Update {"role?", "is_active?", "password?"}. Admin.
DELETE/operators/<id>Delete. Admin. Last admin protected.
POST/operators/<id>/grant-accessGrant {"engagement_id"}. Admin.
DELETE/operators/<id>/revoke-accessRevoke {"engagement_id"}. Admin.

Agents
#

MethodEndpointDescription
GET/agents/List. Filter: ?status=active|dormant|dead|killed.
GET/agents/<id>Detail.
POST/agents/<id>/tasksCreate task {"task_type", "payload?"}. Operator+.
GET/agents/<id>/tasksList tasks. Filter: ?status=.
GET/agents/<id>/tasks/<tid>/resultTask result.
GET/agents/<id>/tasks/<tid>/resultsAll results for task (supports streaming/multiple results).
POST/agents/<id>/killKill agent. Operator+.
PATCH/agents/<id>/tagsUpdate tags {"tags": [...]}. Operator+.
PATCH/agents/<id>/notesUpdate notes {"notes": "..."}. Operator+.

Agent Capabilities & Modules
#

MethodEndpointDescription
GET/agents/<id>/capabilitiesAgent package capabilities (module formats, built-in commands, daemonize/relay support).
GET/agents/<id>/modules/loadedList modules loaded in agent. Filter: ?status=.
POST/agents/<id>/modules/loadLoad module {"module_name", "module_format", "daemonize?", "options?"}. Operator+.
POST/agents/<id>/modules/unloadUnload managed module {"loaded_module_id"}. Operator+.

P2P Relay & Topology
#

MethodEndpointDescription
GET/agents/topologyGet current P2P topology (all active links).
POST/agents/<id>/relaySet relay {"relay_agent_id"}. Operator+.
DELETE/agents/<id>/relayRemove relay (switch to direct). Operator+.
GET/agents/<id>/chainGet full relay chain path.

File Transfers
#

MethodEndpointDescription
POST/agents/<id>/files/uploadUpload {"file_data" (base64), "remote_path"}. Operator+.
POST/agents/<id>/files/downloadRequest download {"remote_path"}. Operator+.
GET/agents/<id>/files/List transfers. Filter: ?direction=&status=.
GET/agents/<id>/files/<tid>Transfer details.
GET/agents/<id>/files/<tid>/contentDownload stored file content.

Server Modules
#

MethodEndpointDescription
GET/modules/List all server modules with metadata.
GET/modules/<name>Module detail.
POST/modules/<name>/executeExecute {"agent_id", "options?"}. Operator+.
POST/modules/refreshHot-reload server modules. Operator+.

Agent Modules
#

MethodEndpointDescription
GET/agent-modules/List all agent-loadable modules with metadata.
GET/agent-modules/<name>Agent module detail.
GET/agent-modules/compatible/<agent_id>List modules compatible with agent (filtered by format/platform/arch).
POST/agent-modules/refreshRefresh agent module registry. Operator+.

Credentials
#

MethodEndpointDescription
GET/credentials/List. Filter: ?cred_type=&username=&domain=&source_host=&source_module=&limit=&offset=.
GET/credentials/<id>Detail with decrypted secret.
POST/credentials/Create {"cred_type", "username", "secret", "domain?", "notes?"}. Operator+.
PATCH/credentials/<id>Update fields. Operator+.
DELETE/credentials/<id>Delete. Operator+.
GET/credentials/exportExport all. ?format=json|csv|hashcat&cred_type=&username=&domain=.

Listeners
#

MethodEndpointDescription
POST/listeners/Create {"name", "transport_type", "host", "port", "tls_enabled?", "tls_cert_file?", "tls_key_file?", "callback_protocol?", "options?"}. Operator+.
GET/listeners/List. Filter: ?engagement_id=.
GET/listeners/<id>Detail.
POST/listeners/<id>/startStart. Operator+.
POST/listeners/<id>/stopStop. Operator+.
DELETE/listeners/<id>Remove. Operator+.

Builds
#

MethodEndpointDescription
GET/builds/packagesList buildable packages with templates.
GET/builds/packages/<name>/templatesTemplates for a package.
GET/builds/packages/<name>/schemaBuild config schema.
POST/builds/Create {"package_name", "template_name", "callbacks", "kill_date", "beacon_interval?", "beacon_jitter?"}. Operator+.
GET/builds/List build records.
GET/builds/<id>Build detail.
GET/builds/<id>/downloadDownload binary. Operator+.

Tools
#

MethodEndpointDescription
GET/agentless/modules/List modules.
GET/agentless/modules/<name>Module detail.
POST/agentless/modules/<name>/executeExecute {"operation", "targets", "options?", "proxy_config_id?"}. Operator+.
POST/agentless/modules/refreshHot-reload. Operator+.
GET/agentless/executions/List executions.
GET/agentless/executions/<id>Execution with results.

Interactive Sessions
#

MethodEndpointDescription
POST/agentless/sessionsCreate session {"target_host", "target_port", "username", "password?", "private_key?", "credential_id?", "proxy_config_id?", "module_name?"}. Operator+.
GET/agentless/sessionsList active sessions.
DELETE/agentless/sessions/<id>Close session. Operator+.
GET/agentless/sessions/<id>/outputPoll for output (drains buffer).
POST/agentless/sessions/<id>/inputSend input {"data"}.

Proxy Configuration
#

MethodEndpointDescription
GET/agentless/proxies/List proxies.
POST/agentless/proxies/Create {"name", "proxy_type", "host", "port"}. Operator+. Types: socks4, socks5, ssh_tunnel.
GET/agentless/proxies/<id>Proxy detail.
PATCH/agentless/proxies/<id>Update proxy. Operator+.
DELETE/agentless/proxies/<id>Delete proxy. Operator+.

Agent Filesystem
#

MethodEndpointDescription
GET/agents/<id>/filesystemGet agent filesystem tree (from cached ls results).

Collection Requests
#

MethodEndpointDescription
POST/collection-requests/Create request {"agent_id", "remote_path", "justification?"}. Collector+.
GET/collection-requests/List requests. Filter: ?status=pending|approved|denied.
GET/collection-requests/<id>Request detail.
POST/collection-requests/<id>/approveApprove request. Operator+.
POST/collection-requests/<id>/denyDeny request {"reason?"}. Operator+.
GET/collection-requests/pending-countCount of pending requests.

Plugins
#

MethodEndpointDescription
GET/plugins/List all registered plugins.
POST/plugins/refreshRefresh all plugin registries. Operator+.

Audit Log
#

MethodEndpointDescription
GET/audit/Query. Required: ?engagement_id=. Optional: principal=, action=, since=, until=, security_only=, limit=, offset=.

Task Archival
#

MethodEndpointDescription
POST/tasks/archiveTrigger archival {"engagement_id", "older_than?"}. Admin.
GET/tasks/archivedList ?engagement_id=&agent_id=.
GET/tasks/archived/<id>Detail ?engagement_id=.

Collector Grants
#

MethodEndpointDescription
POST/collectors/grantsGrant {"collector_id", "permission", "agent_ids?", "expires_at?"}. Operator+.
DELETE/collectors/grants/<grant_id>Revoke. Operator+.
GET/collectors/grants/<collector_id>List active grants.

System
#

MethodEndpointDescription
GET/versionReturns {"version": "...", "name": "TantoC2"}.
GET/healthReturns {"status": "ok"}.