Last active
October 3, 2016 11:27
-
-
Save berggren/365d4e6a74eb245f6f6a019c43a8103c to your computer and use it in GitHub Desktop.
Minimal Timesketch API client in Python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import BeautifulSoup | |
class TimesketchApiClient(): | |
def __init__(self, host, username, password): | |
self.host = host | |
self.host_url = u'http://{0:s}:5000'.format(self.host) | |
self.session = self._CreateSession(username, password) | |
def _CreateSession(self, username, password): | |
session = requests.Session() | |
session.verify = False # Depending on SSL cert is verifiable | |
# Get the CSRF token from the response | |
response = session.get(self.host_url) | |
soup = BeautifulSoup.BeautifulSoup(response.text) | |
csrf_token = soup.find(id='csrf_token').get('value') | |
session.headers.update({'x-csrftoken': csrf_token, 'referer': self.host}) | |
# Do a POST to the login handler to set up the session cookies | |
data = {u'username': username, u'password': password} | |
session.post(u'{0:s}/login/'.format(self.host_url), data=data) | |
return session | |
def CreateSketch(self, name, description): | |
resource_url = u'{0:s}/api/v1/sketches/'.format(self.host_url) | |
form_data = {u'name': name, u'description': description} | |
response = self.session.post(resource_url, json=form_data) | |
response_dict = response.json() | |
sketch_id = response_dict[u'objects'][0]['id'] | |
return sketch_id | |
def UploadTimeline(self, timeline_name, plaso_storage_path): | |
resource_url = u'{0:s}/api/v1/upload/'.format(self.host_url) | |
files = {'file': open(plaso_storage_path, 'rb')} | |
data = {u'name': timeline_name} | |
response = self.session.post(resource_url, files=files, data=data) | |
response_dict = response.json() | |
index_id = response_dict[u'objects'][0]['id'] | |
return index_id | |
def AddTimelineToSketch(self, sketch_id, index_id): | |
resource_url = u'{0:s}/api/v1/sketches/{0:d}/'.format(self.host_url, sketch_id) | |
form_data = {u'timelines': [index_id]} | |
response = self.session.post(resource_url, json=form_data) | |
if __name__ == '__main__': | |
timesketch = TimesketchApiClient(host=u'127.0.0.1', username=u'foo', password=u'bar') | |
# Create new sketch | |
sketch_id = timesketch.CreateSketch(name=u'foo', description=u'bar') | |
# Upload and index a new timeline | |
index_id = timesketch.UploadTimeline(name=u'foobar timeline', plaso_storage_path=u'/tmp/foo.plaso') | |
# Add the newly created timeline to the sketch | |
timesketch.AddTimelineToSketch(sketch_id, index_id) | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment