API Reference¶

Stentor exposes a REST API and WebSocket protocol for programmatic access to all C2 operations. Use the API to build custom dashboards, automate engagement workflows, integrate with external tools (SIEM, ticketing, reporting), and orchestrate multi-server operations.

Quick Start

Get up and running with the Stentor API in three steps:

1. Authenticate:

TOKEN=$(curl -s -X POST https://stentor.app/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "[email protected]", "password": "your-password"}' \
  | jq -r '.access_token')

2. List active beacons:

curl -s https://stentor.app/api/v1/c2/beacons \
  -H "Authorization: Bearer $TOKEN" | jq

3. Enqueue a task on a beacon:

curl -s -X POST "https://stentor.app/api/v1/c2/beacons/$BEACON_ID/task" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"command": "shell", "args": {"command": "whoami"}}'

In This Section¶

REST API Reference -- Complete endpoint catalog with 200+ endpoints across 20+ resource groups. Covers authentication, listeners, relays, payloads, beacons, sessions, credentials, cockpit operations, phishing campaigns, scripting, extensions, and more. Includes request/response schemas and curl examples for high-traffic endpoints.
WebSocket Protocol -- Real-time event streaming via CockpitHub (operator UI) and RelayHub (relay agents). Documents connection setup with ticket-based authentication, message formats with sequence numbers, event types (beacon check-in, task output, operator notifications, file transfers), and reconnection handling with exponential backoff.
Multi-Server Management -- Connect to multiple Stentor instances from a single UI. Aggregate beacon data across servers, coordinate operations between engagement teams, and switch between server contexts without re-authenticating.