Skip to main content
GET
/
service
/
v2
/
victims
/
{log_id}
Get Victim Manifest (File Tree)
curl --request GET \
  --url https://oathnet.org/api/service/v2/victims/{log_id} \
  --header 'x-api-key: <api-key>'
{
  "log_id": "<string>",
  "log_name": "<string>",
  "victim_tree": {
    "id": "<string>",
    "name": "<string>",
    "size_bytes": 123,
    "children": "<array>"
  }
}

Overview

A victim manifest is the file-tree entry point for a specific log. It returns the log_id, optional log_name, and a recursive victim_tree of files and directories.

Response Format

This endpoint returns raw JSON, not the standard {success, data} envelope.
{
  "log_id": "abc123def456",
  "log_name": "victim_2024_01_15",
  "victim_tree": {
    "id": "root",
    "name": "/",
    "type": "directory",
    "children": [
      {
        "id": "dir_passwords",
        "name": "Passwords",
        "type": "directory",
        "children": [
          {
            "id": "f1",
            "name": "Chrome.txt",
            "type": "file",
            "size_bytes": 1024
          }
        ]
      }
    ]
  }
}

Key Fields

FieldDescription
log_idUnique identifier for the victim log
log_nameHuman-readable name when available
victim_treeRecursive file tree
victim_tree.idFile or directory ID
victim_tree.typefile or directory
victim_tree.size_bytesFile size in bytes for file nodes
victim_tree.childrenChild nodes for directories
This endpoint does not return a parsed summary of passwords, cookies, tokens, or system metadata. Use the file and archive endpoints to inspect the captured contents.

Accessing File Contents

Use the id from a file node with Get File Content, or download the full archive from Download Victim Archive.

Authorizations

x-api-key
string
header
required

API key for authentication (lowercase header name)

Path Parameters

log_id
string
required

Response

Raw manifest payload

log_id
string
log_name
string
victim_tree
object