API Reference — Rikune

Authentication身份验证

Most endpoints require API key authentication via the X-API-Key header. If the API_KEY environment variable is not set, authentication is disabled. 大多数端点需要通过 X-API-Key 请求头进行 API 密钥认证。如果未设置 API_KEY 环境变量，则禁用认证。

curl -H "X-API-Key: your-api-key" http://localhost:18080/api/v1/...

Health Check

GET /api/v1/health

Check server health, version, and uptime. 检查服务器健康状态、版本和运行时间。

{
  "ok": true,
  "data": {
    "status": "healthy",
    "version": "1.0.0-beta.3",
    "timestamp": "2026-03-24T10:00:00.000Z"
  }
}

Samples

POST /api/v1/samples

Upload a sample file for analysis. Accepts multipart/form-data. 上传样本文件进行分析。接受 multipart/form-data 格式。

curl -X POST http://localhost:18080/api/v1/samples \
  -H "X-API-Key: your-api-key" \
  -F "file=@sample.exe" \
  -F "filename=sample.exe" \
  -F "source=api_upload"

{
  "ok": true,
  "data": {
    "sample_id": "sha256:abc123...",
    "filename": "sample.exe",
    "size": 1048576,
    "uploaded_at": "2026-03-24T10:00:00.000Z",
    "existed": false,
    "file_type": ".exe"
  }
}

GET /api/v1/samples/:id

Retrieve sample metadata. Add ?download=true to download the binary. 获取样本元数据。添加 ?download=true 下载二进制文件。

{
  "ok": true,
  "data": {
    "sample_id": "sha256:abc123...",
    "filename": "sample.exe",
    "size": 1048576,
    "sha256": "abc123...",
    "file_type": ".exe",
    "analyses": [
      {
        "id": "analysis-123",
        "stage": "triage",
        "status": "completed"
      }
    ]
  }
}

Artifacts

GET /api/v1/artifacts

List artifacts. Filter by ?sample_id=sha256:... 列出产物。通过 ?sample_id=sha256:... 过滤。

GET /api/v1/artifacts/:id

Get artifact metadata. Add ?download=true or ?content=true. 获取产物元数据。可添加 ?download=true 或 ?content=true。

DELETE /api/v1/artifacts/:id

Delete an artifact. 删除指定产物。

Upload Sessions

POST /api/v1/uploads/:token

Complete an upload session with the given token. 使用给定 token 完成上传会话。

GET /api/v1/uploads/:token/status

Check the status of an upload session. 检查上传会话状态。

MCP Resources

The server exposes helper scripts as MCP resources. Clients discover them via resources/list and read content via resources/read. 服务器将辅助脚本作为 MCP 资源暴露。客户端通过 resources/list 发现资源，通过 resources/read 读取内容。

Available Resources可用资源

URI	Type	Description
`script://frida/api_trace.js`	Frida	Windows API tracing
`script://frida/string_decoder.js`	Frida	Runtime string decryption
`script://frida/anti_debug_bypass.js`	Frida	Anti-debug bypass
`script://frida/crypto_finder.js`	Frida	Cryptographic API detection
`script://frida/file_registry_monitor.js`	Frida	File/registry monitoring
`script://ghidra/ExtractFunctions.java`	Ghidra	Function extraction
`script://ghidra/DecompileFunction.java`	Ghidra	Function decompilation
`script://ghidra/ExtractCFG.java`	Ghidra	CFG extraction
`script://ghidra/AnalyzeCrossReferences.java`	Ghidra	Cross-reference analysis
`script://ghidra/SearchFunctionReferences.java`	Ghidra	Function reference search

MCP Progress Notifications

Long-running tools support progress reporting via MCP notifications/progress. Include _meta.progressToken in the tool call. 长时间运行的工具支持通过 MCP notifications/progress 报告进度。在工具调用中包含 _meta.progressToken。

{
  "method": "notifications/progress",
  "params": {
    "progressToken": "my-progress-1",
    "progress": 50,
    "total": 100,
    "message": "Enriching static analysis..."
  }
}

Error Handling错误处理

Status	Error	Description描述
400	Bad Request	Invalid request format or parameters无效的请求格式或参数
401	Unauthorized	Invalid or missing API key无效或缺失的 API 密钥
403	Forbidden	API key missing when required需要 API 密钥但未提供
404	Not Found	Resource not found资源未找到
409	Conflict	Resource already exists资源已存在
413	Payload Too Large	File exceeds size limit文件超过大小限制
500	Internal Error	Server error服务器错误

Dashboard API看板 API

The built-in web dashboard exposes JSON API endpoints on the same HTTP port (18080 by default).内置 Web 看板在相同 HTTP 端口（默认 18080）上公开 JSON API 端点。

Method方法	Path路径	Description描述
GET	`/dashboard`	Web Dashboard UIWeb 看板界面
GET	`/api/v1/dashboard/overview`	Uptime, version, tool/plugin/sample counts, memory运行时间、版本、工具/插件/样本计数、内存
GET	`/api/v1/dashboard/tools`	All tools grouped by category按类别分组的全部工具
GET	`/api/v1/dashboard/plugins`	Plugin status (loaded/skipped/error)插件状态（loaded/skipped/error）
GET	`/api/v1/dashboard/samples`	Sample list with pagination样本列表（分页）
GET	`/api/v1/dashboard/workers`	Process & system resource stats进程与系统资源统计
GET	`/api/v1/dashboard/config`	Configuration validation report配置校验报告
GET	`/api/v1/dashboard/system`	CPU, memory, hostname, Node.js versionCPU、内存、主机名、Node.js 版本
GET	`/api/v1/events`	SSE real-time event streamSSE 实时事件流
DELETE	`/api/v1/artifacts/:id`	Delete a specific artifact删除指定产物

Upload Workflow上传工作流

Two upload patterns are supported — direct upload and durable session upload for large or resumable transfers.支持两种上传模式 — 直接上传和适用于大文件或可恢复传输的持久会话上传。

Direct Upload直接上传

curl -X POST http://localhost:18080/api/v1/samples \
  -H "X-API-Key: YOUR_KEY" \
  -F "file=@malware.exe"

Durable Session Upload持久会话上传

For large files, use an upload session which provides a resumable token:对于大文件，使用上传会话提供可恢复的令牌：

# 1. Create upload session → get upload_token
POST /api/v1/samples  (init session)

# 2. Upload via token
POST /api/v1/uploads/:token

# 3. Check session status
GET  /api/v1/uploads/:token

API ReferenceAPI 参考