Automating a HackTheBox todo list in with APIs

Mickey De Baets
3 min readJun 26, 2021

As a student Cloud & Cyber Security, I am ofcourse passionate about platforms such as HackTheBox and TryHackMe. Besides this I find a cool article here and then an interesting course there and then suddenly I’m overloaded with a wishlist/todo list of items I want to go through. I decided to create a better overview using, a cloud-based collaboration and project management tool. Also big shout out to the PyHackTheBox project for making the HackTheBox part way easier.

My goal was simple, I wanted to get a better overview of all the hacking stuff I wanted to do. However, a side goal was also to put in as little effort as possible in mainting this overview. This is why I thought of using the API of both platforms so I didn’t have to add a new entry every time a new machine came out. Below you can see the finished product.

The automation of this process consists out of three main steps:
1. Getting active machines that interest me
2. Comparing active machines to the ones already in my list
3. Adding new machines to the list

💻 Getting active machines

This part consists out of obtaining an access code and actually finding out which machines are available on HackTheBox. Using the API we can obtain an access token by providing our credentials. After this we can get a JSON overview of all the currently active machines.

✔️ Getting current tasks

Before we can compare if an active machine is already in our to do list, we’ll have to get an overview of the tasks that already exist on our board. This query will be a bit more complicated than the one for HackTheBox since uses a GraphQL API. The used query obtains the name of every item from a specified board.

⚖️ Comparing HackTheBox with Monday

To compare active machines with my tasks in monday, I used the previously shown functions. I stored the names of my monday tasks in an array and made a dictionary for the HackTheBox machines and their properties. This way i could easily check if a name was already in my to do list on and if this wasn’t the case, create a new entry with the right properties.

🆕 Adding new machines

To add new machines to Monday, I first check wether or not the name of the machine is already in the monday tasks list. When it is not, I check the properties of the machine and add the corresponding values for my overview on Currently I’m only interested in easy and medium difficulty, so I only add these to my dashboard.

🚀 Conclusion

It takes a bit of time to get used to working with these APIs, especially when you have to go and switch to’s GraphQL API. Once you get the hang of it however, it’s a pretty simple project that can really help get a better overview on your to hack list. To make the best out of it you can create a simple cron job on a free tier EC2 instance to run it daily or even weekly.