Skip to content

Instantly share code, notes, and snippets.

@berggren
Last active October 3, 2016 11:27
Show Gist options
  • Save berggren/365d4e6a74eb245f6f6a019c43a8103c to your computer and use it in GitHub Desktop.
Save berggren/365d4e6a74eb245f6f6a019c43a8103c to your computer and use it in GitHub Desktop.
Minimal Timesketch API client in Python
import requests
import BeautifulSoup
class TimesketchApiClient():
def __init__(self, host, username, password):
self.host = host
self.host_url = u'http://{0:s}:5000'.format(self.host)
self.session = self._CreateSession(username, password)
def _CreateSession(self, username, password):
session = requests.Session()
session.verify = False # Depending on SSL cert is verifiable
# Get the CSRF token from the response
response = session.get(self.host_url)
soup = BeautifulSoup.BeautifulSoup(response.text)
csrf_token = soup.find(id='csrf_token').get('value')
session.headers.update({'x-csrftoken': csrf_token, 'referer': self.host})
# Do a POST to the login handler to set up the session cookies
data = {u'username': username, u'password': password}
session.post(u'{0:s}/login/'.format(self.host_url), data=data)
return session
def CreateSketch(self, name, description):
resource_url = u'{0:s}/api/v1/sketches/'.format(self.host_url)
form_data = {u'name': name, u'description': description}
response = self.session.post(resource_url, json=form_data)
response_dict = response.json()
sketch_id = response_dict[u'objects'][0]['id']
return sketch_id
def UploadTimeline(self, timeline_name, plaso_storage_path):
resource_url = u'{0:s}/api/v1/upload/'.format(self.host_url)
files = {'file': open(plaso_storage_path, 'rb')}
data = {u'name': timeline_name}
response = self.session.post(resource_url, files=files, data=data)
response_dict = response.json()
index_id = response_dict[u'objects'][0]['id']
return index_id
def AddTimelineToSketch(self, sketch_id, index_id):
resource_url = u'{0:s}/api/v1/sketches/{0:d}/'.format(self.host_url, sketch_id)
form_data = {u'timelines': [index_id]}
response = self.session.post(resource_url, json=form_data)
if __name__ == '__main__':
timesketch = TimesketchApiClient(host=u'127.0.0.1', username=u'foo', password=u'bar')
# Create new sketch
sketch_id = timesketch.CreateSketch(name=u'foo', description=u'bar')
# Upload and index a new timeline
index_id = timesketch.UploadTimeline(name=u'foobar timeline', plaso_storage_path=u'/tmp/foo.plaso')
# Add the newly created timeline to the sketch
timesketch.AddTimelineToSketch(sketch_id, index_id)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment