Created
September 25, 2021 09:13
-
-
Save klingerko/d11358d6612e1b6b7f6c78725aabe551 to your computer and use it in GitHub Desktop.
Quick and dirty script to get config task ids and examples for a given DETECTION name on CAPEv2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import json | |
import sys | |
import time | |
# create your api token with: curl -d "username=<USER>&password=<PASSWD>" https://capesandbox.com/apiv2/api-token-auth/ | |
headers = {"Authorization": "Token <token>"} | |
DETECTION = "Azorult" | |
# quick check for status api endpoint to see if api token works and we can reach the api | |
response = requests.get("https://www.capesandbox.com/apiv2/cuckoo/status/", headers=headers) | |
time.sleep(2) # sleep 2 seconds, we don't want to break anything | |
if response and response.status_code == 200: | |
response_dict = json.loads(response.content) | |
if response_dict.get("error", True): | |
print("[ERROR] api endpoint could be reached") | |
sys.exit() | |
# List of config extractors: https://github.com/kevoreilly/CAPEv2/tree/master/modules/processing/parsers | |
remcos_task_list = [] | |
data = { | |
"option": "detections", | |
"argument": DETECTION, | |
} | |
response = requests.post("https://www.capesandbox.com/apiv2/tasks/extendedsearch/", headers=headers, data=data) | |
time.sleep(2) # sleep 2 seconds, we don't want to break anything | |
task_list = [] | |
if response and response.status_code == 200: | |
response_dict = json.loads(response.content) | |
for task in response_dict.get("data", []): | |
if task.get("detections", "").lower() == DETECTION.lower() and task.get("info", {}).get("id", ""): | |
task_list.append(task.get("info", {}).get("id", "")) | |
print(task_list) | |
# go through task list and get config | |
for entry in task_list: | |
url = "https://www.capesandbox.com/apiv2/tasks/get/config/" + str(entry) + "/" | |
response = requests.get(url, headers=headers) | |
time.sleep(2) # sleep 2 seconds, we don't want to break anything | |
if response and response.status_code == 200: | |
response_dict = json.loads(response.content) | |
if response_dict.get("error", True): | |
# config not available | |
# print("[ERROR] " + response_dict.get("error_value", "unknown error")) | |
continue | |
else: | |
# config is available | |
for config in response_dict.get("configs", []): | |
print(config) | |
print(entry) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment