Bulk Importing IP Ranges through the API

This article will guide you through the steps necessary to use the API to statically import a large list of ranges.

The first step is to make sure you have the sufficient API credentials: you should start by creating a new API Client ID and use it through the built-in Swagger UI to fetch back the authentication token to use in your scripted request.

The <TOKEN_BEARER> authentication token can be seen when using the created Client ID to authorize towards your instance's API:

  • Navigate at https://<YOUR_INSTANCE>.wardenscanner.com/api/v2/spec#/
  • Use the "Authorize" button to allow your Client ID and create this token
  • Then execute any GET call from the Swagger UI interface (using the "Try it out", followed by the "Execute" buttons):

try_it_out-1

 

The <TEAM> in which the ranges need to be added can be fetched from from the URL when navigating the interface in the same team.

This request needs to be tested with only one range prior to running it on a big number of ranges.

Please note that the format of the range needs to be respected: XXX.XXX.XXX.XXX/XX

Here is the bash snippet that can be used to work from a CSV list of ranges to import them using the Delve'S API.

for i in `cat ranges_list.txt | sed 's/,;//g' | tr '\r' ' '`; do curl -X POST "https://<INSTANCE>.wardenscanner.com/api/v2/ranges" -H "accept: application/json" -H "authorization: Bearer <TOKEN_BEARER>" -H "Content-Type: application/json" -d "{\"teamId\": \"<TEAM>\", \"url\": \"$i\", \"kind\": \"range\"}";done;

 

This part of the command removes trailing characters so that your file only has one domain per line:

sed 's/,;//g'

 

This part of the command removes the potential trailing Windows CR character.

tr '\r' ' '

 

The API will return different responses depending if the call works or not.

If one of the fields has bad characters or invalid JSON data:

{"apiVersion":"2.0","detail":"The data provided within the request are not in a valid JSON format.","instance":null,"provided_data":" {\"teamId\": \"XXX\", \"url\": \"XXXXXX\", \"kind\": \"range\"}","request_json":null,"status":400,"title":"Invalid input data provided","type":null}

 

If a mandatory field is missing (here "kind" is missing):

{"apiVersion":"2.0","detail":"The data provided within the request do not follow the awaited format. The format must represent a valid 'range' object. More details about the problem : {'kind': ['Missing data for required field.']}","instance":null,"request_json":{"teamId":"XXX","range":"xxx.xxx.xxx.xxx/xx"},"status":400,"title":"Invalid input data provided","type":null}

 

If it works the following message should be displayed for every added range:

{"creationDate":"2019-02-06T15:41:14+00:00","edgeServiceId":"0","id":"33411","isActive":false,"isDiscovered":false,"kind":"range","tags":[],"range":"xxx.xxx.xxx.xxx/xx"}