Skip to content

DNM - Dark Net Monitoring

Monitor dark net activity including black market listings, botnets, PII exposures, instant messaging content, and suspicious content.

Commands

dnm overview

Display an overview of all DNM item types with record counts.

1
mysecutec dnm overview

API

1
POST /tam/v1/threats/aggregate

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
{
  "group_by": [
    { "path": "data.item_type", "alias": "item_type" }
  ],
  "select": [],
  "filters": {
    "license_module": ["dnm"],
    "jsonb_filters": []
  },
  "limit": 10,
  "offset": 0
}

Uses helper: client.DNMItemTypeAggregateRequest()

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
{
  "pagination": { "limit": 10, "offset": 0, "total": 5 },
  "results": [
    { "item_type": "BLACK_MARKET", "count": 12 },
    { "item_type": "BOTNET", "count": 45 },
    { "item_type": "PII_EXPOSURE", "count": 30 },
    { "item_type": "IM_CONTENT", "count": 8 },
    { "item_type": "SUSPICIOUS_CONTENT", "count": 5 }
  ],
  "total": 5
}

Output Example

1
2
3
4
5
6
7
Dark Net Monitoring Overview

Black Market Records: 12
Botnet Records:       45
PII Exposure Records: 30
IM Content Records:   8
Suspicious Content:   5

Item Types:

Type Description
BLACK_MARKET Black market listings
BOTNET Botnet credential entries
PII_EXPOSURE Personally identifiable information exposures
IM_CONTENT Instant messaging content mentions
SUSPICIOUS_CONTENT Other suspicious dark net content

dnm blackmarket

List black market entries.

1
mysecutec dnm blackmarket [flags]

Flags

Flag Type Default Description
--limit int 10 Maximum number of results
--offset int 0 Number of results to skip
--search string Search filter

API

1
GET /tam/v1/threats/?license_module=dnm&threat_type=BLACK_MARKET

The threat_type parameter filters server-side by the DNM item type.

Query Parameters:

Parameter Type Description
limit int Max results
offset int Skip results
search string Search filter
license_module string Module filter (dnm)
threat_type string DNM item type filter (BLACK_MARKET)

Request Example

1
mysecutec dnm blackmarket --limit 5

1
2
3
GET /tam/v1/threats/?license_module=dnm&threat_type=BLACK_MARKET&limit=5&offset=0
Authorization: Bearer <token>
Accept: application/json

Response

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{
  "pagination": {
    "limit": 5,
    "offset": 0,
    "total": 12
  },
  "threats": [
    {
      "id": "abc-123",
      "name": "stolen-credential@example.com",
      "system_status": "unsolved",
      "user_status": null,
      "first_seen_at": "2025-01-15T10:30:00Z",
      "tech_solution": {
        "tech_solution_slug": "dnm-scanner",
        "license_module_slug": "dnm",
        "source_data": {
          "item_type": "BLACK_MARKET",
          "price": "$15.00",
          "source": "darkweb-forum-xyz"
        }
      }
    }
  ]
}

Display Columns

Column Source
ASSET threat.name
PRICE threat.tech_solution.source_data.price
SOURCE threat.tech_solution.source_data.source
STATUS threat.user_status or threat.system_status
DISCOVERED threat.first_seen_at (formatted YYYY-MM-DD)

Source Data Model: DNMBlackMarketSourceData

Field Type Description
item_type string BLACK_MARKET
source string Dark net source/marketplace
price string Listed price

dnm botnet

List botnet credential entries.

1
mysecutec dnm botnet [flags]

Flags

Same as dnm blackmarket.

API

1
GET /tam/v1/threats/?license_module=dnm&threat_type=BOTNET

Request Example

1
mysecutec dnm botnet --limit 5 --search "malware"

1
2
3
GET /tam/v1/threats/?license_module=dnm&threat_type=BOTNET&limit=5&offset=0&search=malware
Authorization: Bearer <token>
Accept: application/json

Display Columns

Column Source
URL threat.name
USER threat.tech_solution.source_data.user
IP threat.tech_solution.source_data.ip
OS threat.tech_solution.source_data.os
COUNTRY threat.tech_solution.source_data.country
STATUS threat.user_status or threat.system_status
DISCOVERED threat.first_seen_at (formatted YYYY-MM-DD)

Source Data Model: DNMBotnetSourceData

Field Type Description
item_type string BOTNET
url string Compromised URL
user string Username
country string Country of origin

dnm pii

List PII exposure entries.

1
mysecutec dnm pii [flags]

Flags

Same as dnm blackmarket.

API

1
GET /tam/v1/threats/?license_module=dnm&threat_type=PII_EXPOSURE

Request Example

1
mysecutec dnm pii --search "email@example.com"

1
2
3
GET /tam/v1/threats/?license_module=dnm&threat_type=PII_EXPOSURE&limit=10&offset=0&search=email%40example.com
Authorization: Bearer <token>
Accept: application/json

Display Columns

Column Source
EMAIL threat.name
SOURCE threat.tech_solution.source_data.source
STATUS threat.user_status or threat.system_status
BREACH DATE threat.tech_solution.source_data.breach_date
DISCOVERED threat.first_seen_at (formatted YYYY-MM-DD)

Source Data Model: DNMPIIExposureSourceData

Field Type Description
item_type string PII_EXPOSURE
breach_date string Date of breach
is_employee bool Whether it's an employee
password_clear_text bool Whether password is in clear text

dnm im

List instant messaging content entries.

1
mysecutec dnm im [flags]

Flags

Same as dnm blackmarket.

API

1
GET /tam/v1/threats/?license_module=dnm&threat_type=IM_CONTENT

Request Example

1
mysecutec dnm im --search "keyword"

1
2
3
GET /tam/v1/threats/?license_module=dnm&threat_type=IM_CONTENT&limit=10&offset=0&search=keyword
Authorization: Bearer <token>
Accept: application/json

Display Columns

Column Source
SOURCE threat.tech_solution.source_data.source
STATUS threat.user_status or threat.system_status
DATETIME threat.first_seen_at (formatted YYYY-MM-DD)
CONTENT threat.tech_solution.source_data.content (truncated to 50 chars)

Source Data Model: DNMIMContentSourceData

Field Type Description
item_type string IM_CONTENT
source string Messaging platform source
content string Message content

dnm suspicious

List suspicious content entries.

1
mysecutec dnm suspicious [flags]

Flags

Same as dnm blackmarket.

API

1
GET /tam/v1/threats/?license_module=dnm&threat_type=SUSPICIOUS_CONTENT

Request Example

1
mysecutec dnm suspicious --search "phishing"

1
2
3
GET /tam/v1/threats/?license_module=dnm&threat_type=SUSPICIOUS_CONTENT&limit=10&offset=0&search=phishing
Authorization: Bearer <token>
Accept: application/json

Display Columns

Column Source
SOURCE threat.tech_solution.source_data.source
STATUS threat.user_status or threat.system_status
CONTENT threat.tech_solution.source_data.content (truncated to 50 chars)
DISCOVERED threat.first_seen_at (formatted YYYY-MM-DD)

Source Data Model: DNMSuspiciousContentSourceData

Field Type Description
item_type string SUSPICIOUS_CONTENT
source string Content source
content string Suspicious content

dnm mappings

Manage DNM mappings. Parent command with subcommands list, get, and add.

dnm mappings list

List all DNM mappings grouped by category.

1
mysecutec dnm mappings list

API

1
GET /dnm/v1/mappings

Response

1
2
3
4
5
{
  "category1": [
    { "my_id": "abc", "sr_id": "xyz", "name": "Example", "api_key": "key123" }
  ]
}

dnm mappings get

Get a specific DNM mapping.

1
mysecutec dnm mappings get <my_id>

API

1
GET /dnm/v1/mappings/{my_id}

Request Example

1
mysecutec dnm mappings get abc123

1
2
3
GET /dnm/v1/mappings/abc123
Authorization: Bearer <token>
Accept: application/json

dnm mappings add

Add a new DNM mapping.

1
mysecutec dnm mappings add [flags]

Flags

Flag Type Required Description
--my-id string Yes MySecutec ID
--sr-id string Yes Source reference ID
--name string Yes Mapping name
--api-key string Yes API key

API

1
POST /dnm/v1/mappings

Request Example

1
mysecutec dnm mappings add --my-id abc --sr-id xyz --name "Example" --api-key key123

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
POST /dnm/v1/mappings
Authorization: Bearer <token>
Content-Type: application/json

{
  "my_id": "abc",
  "sr_id": "xyz",
  "name": "Example",
  "api_key": "key123"
}

Model: DNMMapping

Field Type Description
my_id string MySecutec ID
sr_id string Source reference ID
name string Mapping name
api_key string API key mapping