# Factory
Sometimes you want to automate the creation of Canarytokens across your fleet. Perhaps you want every EC2 instance to reach out and fetch a token on creation (or startup). The Canary Console API allows for the automation, but it seems a bad idea to use your API key on every host.
The Canarytoken factory gives you a limited use key that is able to create other tokens. You can leave this key on a host knowing that even if an attacker were able to grab it, he'd be able to create new tokens but not remove (or alter) anything else.
# List Canarytokens available via Canarytoken Factory
TIP
The values returned by this Canarytokens Factory API correspond to the kind
parameter used to create
Canarytokens via the Canarytokens Factory. As an example, if you wanted to create a Cloned Web Canarytoken, you would check the
response to this Canarytoken Factory API and use cloned-web
to define the Canarytoken type you wish to create via the Canarytoken Factory.
GET /api/v1/canarytokens/factory/list
Lists the Canarytokens available via your Canarytokens Factory.
Required Parameters
Response
A JSON structure with result indicator and Canarytokens Factory information.
Example
{
"factory_canarytokens":{
"aws-id":"Amazon API Key",
"cloned-web":"Cloned Website",
"dns":"DNS",
"doc-msword":"MS Word .docx Document",
"fast-redirect":"Fast HTTP Redirect",
"http":"Web",
"msexcel-macro":"MS Excel .xlsm Document",
"msword-macro":"MS Word .docm Document",
"pdf-acrobat-reader":"Acrobat Reader PDF Document",
"qr-code":"QR Code",
"signed-exe":"Signed Exe",
"slack-api":"Slack API Key",
"slow-redirect":"Slow HTTP Redirect",
"web-image":"Remote Web Image",
"windows-dir":"Windows Directory Browsing"
},
"result":"success"
}
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# Create Canarytokens Using Factory
POST /api/v1/canarytoken/factory/create
Create Canarytokens using a Canarytokens Factory auth string
Required Parameters
Optional Parameters
-F 'doc=@upload-me.docx; type=application/vnd.openxmlformats-officedocument.wordprocessingml.document'
-F pdf=@upload-me.pdf; type=application/pdf
Response
A JSON structure with the generated Canarytoken.
Example
{
"canarytoken": {
"access_key_id": "<access_key_id>",
"canarytoken": "<token_code>",
"created": "1586246956.323499",
"created_printable": "2020-04-07 08:09:16 (UTC)",
"enabled": true,
"factory_auth": "<factory_auth_token>",
"flock_id": "flock:default",
"hostname": "<token_hostname>",
"key": "canarydrop:<key>",
"kind": "aws-id",
"memo": "Example Memo",
"renders": {
"aws-id": "\n [default]\n aws_access_key_id = <aws_access_key>\n aws_secret_access_key = <aws_secret_access_key>"
},
"secret_access_key": "<aws_secret_access_key>",
"triggered_count": 0,
"updated_id": 14,
"url": "<token_url>",
"username": "<token_user_name>"
},
"result": "success"
}
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# Download Canarytoken using Factory Auth String
GET /api/v1/canarytoken/factory/download
Download the generated file (if one exists) for the supplied Canarytoken using the Factory auth string
Required Parameters
Response
A file if the Canarytoken supports file generation, otherwise an error.
Example
$ ls -l
-rw-r--r-- 1 user thinkst 5095 Apr 7 12:29 <filename>
2
# Create Canarytoken Factory Auth String
POST /api/v1/canarytoken/create_factory
Create an auth string for the Canarytoken Factory endpoint.
Required Parameters
Optional Parameters
Response
A JSON structure with auth string and Canarytoken factory endpoint.
Example
{
"factory_auth": "<factory_auth_token>",
"factory_url": "/api/v1/canarytoken/factory",
"result": "success"
}
2
3
4
5
# Delete Canarytoken Factory Auth String
DELETE /api/v1/canarytoken/delete_factory
Delete an auth string for the Canarytoken Factory endpoint.
Required Parameters
Response
A JSON structure with result indicator.
Example
{
"msg": "TokenFactory auth string deleted",
"result": "success"
}
2
3
4