Changelog
🔑 GET YOUR FREE API KEY🤖 AI Assistant
Start typing to search…

{ New} - Directory Tree Field

by Dan Benchetrit

Added dir_tree Field to API (additional_fields)

We’ve added a new optional field in the additional_fields array of our API:
📂 dir_tree

This field provides the full directory tree structure of a compromised machine, giving deep visibility into its file system layout.

  • Field name: "dir_tree"
  • Field type: string (enum value within additional_fields)
  • Description: Adds the complete directory tree of the compromised machine, which can help uncover sensitive file locations, misconfigurations, or other potential attack vectors.

What it does:

  • Retrieves and displays the directory hierarchy, including subdirectories and nested files.
  • Useful for spotting exposed configuration files, backup folders, logs, and other assets that could be leveraged in further attacks.

Request Body Example:

curl --request POST \
     --url https://api.hudsonrock.com/json/v3/search-by-domain \
     --header 'accept: application/json' \
     --header 'api-key: <API_KEY>' \
     --header 'content-type: application/json' \
     --data '
{
  "domains": [
    "tesla.com",
    "teslamotors.com"
  ],
  "types": ["employees"],
  "keywords": ["sso"],
  "keywords_match": "any",
  "filter_credentials": true,
  "additional_fields": ["dir_tree"]
}
'

Response Example:

{
    "_id": "67a08ccd465561f4625e840f",
    "stealer": "...",
    "stealer_family": "Lumma",
    "date_uploaded": "2025-02-03T09:30:52.468Z",
    "employeeAt": [
        {
            "..."
        }
    ],
    "clientAt": [
        {
            "..."
        }
    ],
    "date_compromised": "2025-01-25T12:03:26.000Z",
    "ip": "...",
    "computer_name": "...",
    "operating_system": "...",
    "malware_path": "...",
    "antiviruses": [
        {
            "..."
        }
    ],
    "credentials": [
        {
            "url": "https://sso.tesla.com/adfs/ls",
            "domain": "tesla.com",
            "username": "••••••••••,@tesla.com",
            "password": "••••••••••",
            "type": "employee",
            "password_strength": {
                "contains": [
                    "lowercase",
                    "symbol"
                ],
                "length": 10,
                "id": 1,
                "value": "Weak"
            }
        }
    ],
    "dir_tree": {
        "name": "<REDACTED>",
        "type": "directory",
        "children": [
            {
                "name": "Applications",
                "type": "directory",
                "children": [
                    {
                        "name": "Steam",
                        "type": "directory",
                        "children": [
                            {
                                "name": "Tokens.txt",
                                "type": "file"
                            }
                        ]
                    },
                    {
                        "name": "AnyDesk",
                        "type": "directory",
                        "children": [
                            {
                                "name": "service.conf",
                                "type": "file"
                            },
                            {
                                "name": "user.conf",
                                "type": "file"
                            },
                            {
                                "name": "system.conf",
                                "type": "file"
                            }
                        ]
                    },
                    {
                        "name": "Discord",
                        "type": "directory",
                        "children": [
                            {
                                "name": "DiscordTokens.txt",
                                "type": "file"
                            }
                        ]
                    }
                ]
            },
            {
                "name": "All Passwords.txt",
                "type": "file"
            },
            {
                "name": "Brute.txt",
                "type": "file"
            },
            {
                "name": "System.txt",
                "type": "file"
            },
            {
                "name": "Software.txt",
                "type": "file"
            },
            {
                "name": "Processes.txt",
                "type": "file"
            },
            {
                "name": "GoogleAccounts",
                "type": "directory",
                "children": [
                    {
                        "name": "Restore_Chrome_Default.txt",
                        "type": "file"
                    }
                ]
            },
            {
                "name": "DomainDetect.txt",
                "type": "file"
            },
            {
                "name": "Cookies",
                "type": "directory",
                "children": [
                    {
                        "name": "Cookies_Brave_Default.txt",
                        "type": "file"
                    },
                    {
                        "name": "Cookies_Edge_Default.txt",
                        "type": "file"
                    },
                    {
                        "name": "Cookies_Chrome_Default.txt",
                        "type": "file"
                    }
                ]
            },
            {
                "name": "Chrome",
                "type": "directory",
                "children": [
                    {
                        "name": "Default",
                        "type": "directory",
                        "children": [
                            {
                                "name": "History.txt",
                                "type": "file"
                            },
                            {
                                "name": "Autofills.txt",
                                "type": "file"
                            },
                            {
                                "name": "Cookies.txt",
                                "type": "file"
                            },
                            {
                                "name": "Passwords.txt",
                                "type": "file"
                            }
                        ]
                    }
                ]
            },
            {
                "name": "Edge",
                "type": "directory",
                "children": [
                    {
                        "name": "Default",
                        "type": "directory",
                        "children": [
                            {
                                "name": "History.txt",
                                "type": "file"
                            },
                            {
                                "name": "Cookies.txt",
                                "type": "file"
                            }
                        ]
                    }
                ]
            },
            {
                "name": "Opera GX Stable",
                "type": "directory",
                "children": [
                    {
                        "name": "Opera GX Stable",
                        "type": "directory",
                        "children": [
                            {
                                "name": "History.txt",
                                "type": "file"
                            }
                        ]
                    }
                ]
            },
            {
                "name": "Brave",
                "type": "directory",
                "children": [
                    {
                        "name": "Default",
                        "type": "directory",
                        "children": [
                            {
                                "name": "History.txt",
                                "type": "file"
                            },
                            {
                                "name": "Cookies.txt",
                                "type": "file"
                            }
                        ]
                    }
                ]
            },
            {
                "name": "Wallets",
                "type": "directory",
                "children": [
                    {
                        "name": "Phantom_Chrome_Default",
                        "type": "directory",
                        "children": [
                            {
                                "name": "002373.log",
                                "type": "file"
                            },
                            {
                                "name": "LOG.old",
                                "type": "file"
                            },
                            {
                                "name": "MANIFEST-000001",
                                "type": "file"
                            },
                            {
                                "name": "CURRENT",
                                "type": "file"
                            },
                            {
                                "name": "LOG",
                                "type": "file"
                            },
                            {
                                "name": "002375.ldb",
                                "type": "file"
                            }
                        ]
                    }
                ]
            },
            {
                "name": "Important Files",
                "type": "directory",
                "children": [
                    {
                        "name": "Profile",
                        "type": "directory",
                        "children": [
                            {
                                "name": "Downloads",
                                "type": "directory",
                                "children": [
                                    {
                                        "name": "Beige Pass Board.pdf",
                                        "type": "file"
                                    }
                                ]
                            }
                        ]
                    },
                    {
                        "name": "Desktop",
                        "type": "directory",
                        "children": [
                            {
                                "name": "README.txt",
                                "type": "file"
                            },
                            {
                                "name": "Download Files",
                                "type": "directory",
                                "children": [
                                    {
                                        "name": "ReadMe.txt",
                                        "type": "file"
                                    }
                                ]
                            }
                        ]
                    }
                ]
            }
        ]
    }
}

{ New } - Sensitive Applications Field

by Dan Benchetrit

Added sensitive_applications Field to API (additional_fields)

We’ve added a new optional field in the additional_fields array of our API:
🔍 sensitive_applications

This field enriches external domain results with insight into potentially sensitive applications exposed within the compromised machine’s URL structure.

Field name: "sensitive_applications"

Field type: string (enum value within additional_fields)

Description: Adds detection of sensitive applications based on a predefined list of known high-risk web apps and services.

What it does:

Parses compromised URLs to identify references to sensitive applications (e.g. admin panels, security consoles, developer tools, cloud management platforms, etc.).

Flags presence of these apps to help prioritize remediation based on risk exposure.

Request Body Example:

curl --request POST \
     --url https://api.hudsonrock.com/json/v3/search-by-domain \
     --header 'accept: application/json' \
     --header 'api-key: <API_KEY>' \
     --header 'content-type: application/json' \
     --data '
{
  "domains": [
    "tesla.com",
    "teslamotors.com"
  ],
  "types": ["employees"],
  "keywords": ["sso"],
  "keywords_match": "any",
  "filter_credentials": true,
  "additional_fields": ["sensitive_applications"]
}
'

Response Example:

{
   "_id":"67a08ccd465561f4625e840f",
   "stealer":"...",
   "stealer_family":"Lumma",
   "date_uploaded":"2025-02-03T09:30:52.468Z",
   "employeeAt":[
      {
         "..."
      }
   ],
   "clientAt":[
      {
         "..."
      }
   ],
   "date_compromised":"2025-01-25T12:03:26.000Z",
   "ip":"...",
   "computer_name":"...",
   "operating_system":"...",
   "malware_path":"...",
   "antiviruses":[
      {
         "..."
      }
   ],
   "credentials":[
      {
         "url":"https://sso.tesla.com/adfs/ls",
         "domain":"tesla.com",
         "username":"••••••••••,@tesla.com",
         "password":"••••••••••",
         "type":"employee",
         "password_strength":{
            "contains":[
               "lowercase",
               "symbol"
            ],
            "length":10,
            "id":1,
            "value":"Weak"
         }
      }
   ],
   "sensitive_applications":[
      {
         "name":"adfs",
         "description":"Active Directory Federation Services, a software component developed by Microsoft, can run on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries."
      },
      {
         "name":"sso",
         "description":"Single sign-on is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-entering authentication factors."
      }
   ]
}

{ New } - Password Strength Analysis

by Dan Benchetrit

Added password_strength Field to API (additional_fields)

We’ve added support for a new optional field in the additional_fields array of our API:
🔐 password_strength

This field enables password strength analysis for each exposed credential returned in external domain results.
It helps assess the quality and security of compromised passwords, and identify weak credentials that may require proactive resets or policy enforcement.

Field name: "password_strength"

Field type: string (enum value within additional_fields)

Description: Adds strength analysis for each password using entropy and pattern checks.

Implementation details:

Categorizes each password as one of: Too weak, Weak, Medium, or Strong.

Formula:

[
  {
    id: 0,
    value: "Too weak",
    minDiversity: 0,
    minLength: 0
  },
  {
    id: 1,
    value: "Weak",
    minDiversity: 2,
    minLength: 8
  },
  {
    id: 2,
    value: "Medium",
    minDiversity: 4,
    minLength: 10
  },
  {
    id: 3,
    value: "Strong",
    minDiversity: 4,
    minLength: 12
  }
]

{ New } - MCP Server

by Dan Benchetrit

🚀 MCP Server

We’re excited to announce the official launch of the MCP Server - a powerful tool for interacting with AI agents through a structured protocol!

📄 Documentation: MCP Server API Docs

🔍 What is MCP?

MCP (Model Context Protocol) is a server that allows you to:

  • Send structured prompts and system instructions to AI agents
  • Manage multiple agent contexts and sessions
  • Chain agent reasoning steps using history
  • Build powerful AI workflows with fine-grained control

🧠 Key Features

  • Full REST API interface
  • Supports multi-turn conversations
  • Integrated system/user/assistant role structure
  • Agent state persistence
  • Fast and lightweight server ideal for production and experimentation

📦 Use Cases

  • AI research & prompt engineering
  • Autonomous agent orchestration
  • Server-side inference pipelines
  • Custom AI assistants and LLM-based tools

⚙️ Setup

Add to~/.cursor/mcp.json:

{
  "mcpServers": {
    "cavalier-api": {
      "url": "https://docs.hudsonrock.com/mcp"
    }
  }
}

We're actively improving it, so please check out the docs and give us your feedback. Contributions and ideas welcome!

Explore the MCP Docs

{ New } - IPv6 Support

by Dan Benchetrit

IPv6 Support in /search-by-ip Endpoint

Endpoint: POST search-by-ip

  • Added support for IPv6 addresses in the /search-by-ip endpoint.
  • You can now query using both IPv4 and IPv6 formats.

Example IPv6 Query:

curl --request POST \
     --url https://api.hudsonrock.com/json/v3/search-by-ip \
     --header 'accept: application/json' \
     --header 'api-key: <API_KEY>' \
     --header 'content-type: application/json' \
     --data '{"ips": ["0400:1a00:b090:1c47:4e2:3b62:8e86:ecf6"]}'

{ New } - Infection Analysis Endpoint

by Dan Benchetrit

Docs: POST search-by-stealer/infection-analysis

  • Added a new endpoint: POST /infection-analysis
  • Purpose: Provides a detailed AI-generated analysis of how a specific identity was likely compromised.
  • Response includes:
    • likely_infection_url: Most probable infection source URL.
    • infection_confidence: Confidence score (0–1) indicating the likelihood of that URL being the infection point.
    • infection_reasoning: Explanation of the inferred infection path.
    • infection_flow: Chronological breakdown of visited URLs leading up to the infection.
    • analyst_summary: AI-written narrative summarizing the infection incident.

This new capability enhances incident investigation workflows by offering immediate, explainable insights into breach origins.

Example Request:

curl --request POST \
     --url https://api.hudsonrock.com/json/v3/search-by-stealer/infection-analysis \
     --header 'accept: application/json' \
     --header 'api-key: <API_KEY>' \
     --header 'content-type: application/json' \
     --data '{"stealer": "[IN]175.101.37.65"}'

{ New } - Sensitive Applications Field in Domains Overview Endpoint

by Dan Benchetrit

[Added] - Sensitive Applications Field in Domains Overview Endpoint

Endpoint: POST /search-by-domain/overview

Added a new field: sensitive_applications

  • Type: array of strings
  • Description: Identifies sensitive applications within the compromised URL structure, based on a predefined list of sensitive apps.

This enhancement provides greater visibility into high-risk application exposures associated with compromised domains.

Sensitive applications list:

  • +cscoe+
  • cscoe
  • active-directory
  • adfs
  • auth
  • bitbucket
  • ciscovpn
  • citrix
  • confluence
  • cpanel
  • dana-na
  • extranet
  • ftp
  • git
  • github
  • gitlab
  • hipchat
  • imap
  • jira
  • kaspersky
  • okta
  • oracle
  • owa
  • pentaho
  • ping
  • rlogin
  • roundcube
  • salesforce
  • sap
  • sharepoint
  • ssh
  • sso
  • st
  • sts
  • twilio
  • vpn
  • webex
  • webmail
  • webvpn
  • zendesk
  • zimbra
  • zoom