added
{ New} - Directory Tree Field
7 days ago by Dan Benchetrit
Added dir_tree Field to API (additional_fields)
dir_tree Field to API (additional_fields)We’ve added a new optional field in the additional_fields array of our API:
📂 dir_tree
This field provides the full directory tree structure of a compromised machine, giving deep visibility into its file system layout.
- Field name:
"dir_tree" - Field type:
string(enum value withinadditional_fields) - Description: Adds the complete directory tree of the compromised machine, which can help uncover sensitive file locations, misconfigurations, or other potential attack vectors.
What it does:
- Retrieves and displays the directory hierarchy, including subdirectories and nested files.
- Useful for spotting exposed configuration files, backup folders, logs, and other assets that could be leveraged in further attacks.
Request Body Example:
curl --request POST \
--url https://api.hudsonrock.com/json/v3/search-by-domain \
--header 'accept: application/json' \
--header 'api-key: <API_KEY>' \
--header 'content-type: application/json' \
--data '
{
"domains": [
"tesla.com",
"teslamotors.com"
],
"types": ["employees"],
"keywords": ["sso"],
"keywords_match": "any",
"filter_credentials": true,
"additional_fields": ["dir_tree"]
}
'Response Example:
{
"_id": "67a08ccd465561f4625e840f",
"stealer": "...",
"stealer_family": "Lumma",
"date_uploaded": "2025-02-03T09:30:52.468Z",
"employeeAt": [
{
"..."
}
],
"clientAt": [
{
"..."
}
],
"date_compromised": "2025-01-25T12:03:26.000Z",
"ip": "...",
"computer_name": "...",
"operating_system": "...",
"malware_path": "...",
"antiviruses": [
{
"..."
}
],
"credentials": [
{
"url": "https://sso.tesla.com/adfs/ls",
"domain": "tesla.com",
"username": "••••••••••,@tesla.com",
"password": "••••••••••",
"type": "employee",
"password_strength": {
"contains": [
"lowercase",
"symbol"
],
"length": 10,
"id": 1,
"value": "Weak"
}
}
],
"dir_tree": {
"name": "<REDACTED>",
"type": "directory",
"children": [
{
"name": "Applications",
"type": "directory",
"children": [
{
"name": "Steam",
"type": "directory",
"children": [
{
"name": "Tokens.txt",
"type": "file"
}
]
},
{
"name": "AnyDesk",
"type": "directory",
"children": [
{
"name": "service.conf",
"type": "file"
},
{
"name": "user.conf",
"type": "file"
},
{
"name": "system.conf",
"type": "file"
}
]
},
{
"name": "Discord",
"type": "directory",
"children": [
{
"name": "DiscordTokens.txt",
"type": "file"
}
]
}
]
},
{
"name": "All Passwords.txt",
"type": "file"
},
{
"name": "Brute.txt",
"type": "file"
},
{
"name": "System.txt",
"type": "file"
},
{
"name": "Software.txt",
"type": "file"
},
{
"name": "Processes.txt",
"type": "file"
},
{
"name": "GoogleAccounts",
"type": "directory",
"children": [
{
"name": "Restore_Chrome_Default.txt",
"type": "file"
}
]
},
{
"name": "DomainDetect.txt",
"type": "file"
},
{
"name": "Cookies",
"type": "directory",
"children": [
{
"name": "Cookies_Brave_Default.txt",
"type": "file"
},
{
"name": "Cookies_Edge_Default.txt",
"type": "file"
},
{
"name": "Cookies_Chrome_Default.txt",
"type": "file"
}
]
},
{
"name": "Chrome",
"type": "directory",
"children": [
{
"name": "Default",
"type": "directory",
"children": [
{
"name": "History.txt",
"type": "file"
},
{
"name": "Autofills.txt",
"type": "file"
},
{
"name": "Cookies.txt",
"type": "file"
},
{
"name": "Passwords.txt",
"type": "file"
}
]
}
]
},
{
"name": "Edge",
"type": "directory",
"children": [
{
"name": "Default",
"type": "directory",
"children": [
{
"name": "History.txt",
"type": "file"
},
{
"name": "Cookies.txt",
"type": "file"
}
]
}
]
},
{
"name": "Opera GX Stable",
"type": "directory",
"children": [
{
"name": "Opera GX Stable",
"type": "directory",
"children": [
{
"name": "History.txt",
"type": "file"
}
]
}
]
},
{
"name": "Brave",
"type": "directory",
"children": [
{
"name": "Default",
"type": "directory",
"children": [
{
"name": "History.txt",
"type": "file"
},
{
"name": "Cookies.txt",
"type": "file"
}
]
}
]
},
{
"name": "Wallets",
"type": "directory",
"children": [
{
"name": "Phantom_Chrome_Default",
"type": "directory",
"children": [
{
"name": "002373.log",
"type": "file"
},
{
"name": "LOG.old",
"type": "file"
},
{
"name": "MANIFEST-000001",
"type": "file"
},
{
"name": "CURRENT",
"type": "file"
},
{
"name": "LOG",
"type": "file"
},
{
"name": "002375.ldb",
"type": "file"
}
]
}
]
},
{
"name": "Important Files",
"type": "directory",
"children": [
{
"name": "Profile",
"type": "directory",
"children": [
{
"name": "Downloads",
"type": "directory",
"children": [
{
"name": "Beige Pass Board.pdf",
"type": "file"
}
]
}
]
},
{
"name": "Desktop",
"type": "directory",
"children": [
{
"name": "README.txt",
"type": "file"
},
{
"name": "Download Files",
"type": "directory",
"children": [
{
"name": "ReadMe.txt",
"type": "file"
}
]
}
]
}
]
}
]
}
}