Skip to content

Instantly share code, notes, and snippets.

@m0wn1ka
Created December 13, 2023 14:38
Show Gist options
  • Save m0wn1ka/33338e874016db033af213d472ee7e69 to your computer and use it in GitHub Desktop.
Save m0wn1ka/33338e874016db033af213d472ee7e69 to your computer and use it in GitHub Desktop.
"""
MOBSF REST API Python Requests
"""
import json
import requests
from requests_toolbelt.multipart.encoder import MultipartEncoder
SERVER = "http://127.0.0.1:8000"
FILE2='app-release.apk'
FILE1 = 'diva-beta.apk'
APIKEY = '<API_KEY>'
def upload(x):
"""Upload File"""
print("Uploading file")
multipart_data = MultipartEncoder(fields={'file': (x, open(x, 'rb'), 'application/octet-stream')})
headers = {'Content-Type': multipart_data.content_type, 'Authorization': APIKEY}
response = requests.post(SERVER + '/api/v1/upload', data=multipart_data, headers=headers)
print(response.text)
return response.text
def scan(data):
"""Scan the file"""
print("Scanning file")
post_dict = json.loads(data)
headers = {'Authorization': APIKEY}
response = requests.post(SERVER + '/api/v1/scan', data=post_dict, headers=headers)
print(response.text)
def compare(hash1,hash2):
headers = { 'Authorization': APIKEY}
data={"hash1":hash1,"hash2":hash2}
print("in comparinsg data is ",data)
response = requests.post(SERVER + '/api/v1/compare', data=data, headers=headers)
return response.text
def pdf(data):
"""Generate PDF Report"""
print("Generate PDF report")
headers = {'Authorization': APIKEY}
data = {"hash": json.loads(data)["hash"]}
response = requests.post(SERVER + '/api/v1/download_pdf', data=data, headers=headers, stream=True)
with open("report.pdf", 'wb') as flip:
for chunk in response.iter_content(chunk_size=1024):
if chunk:
flip.write(chunk)
print("Report saved as report.pdf")
def json_resp(data):
"""Generate JSON Report"""
print("Generate JSON report")
headers = {'Authorization': APIKEY}
data = {"hash": json.loads(data)["hash"]}
response = requests.post(SERVER + '/api/v1/report_json', data=data, headers=headers)
print(response.text)
def delete(data):
"""Delete Scan Result"""
print("Deleting Scan")
headers = {'Authorization': APIKEY}
data = {"hash": json.loads(data)["hash"]}
response = requests.post(SERVER + '/api/v1/delete_scan', data=data, headers=headers)
print(response.text)
def recent_scans():
"""get recent scans"""
print("printing recent scans")
headers = {'Authorization': APIKEY}
response = requests.get(SERVER + '/api/v1/scans', headers=headers)
print("response of recent scans is ",response.content)
def score_card(hash):
headers = {'Authorization': APIKEY}
post_dict = json.loads(hash)
response = requests.post(SERVER + '/api/v1/scan', data=post_dict, headers=headers)
print("response of scorecard is ",response.text)
def suppress_by_rule(hash,rule='app_allowbackup',type='manifest'):
#type can be manifest or code
#rule can be android_logging ,app_allowbackup
"""supress a check by some rule id"""
print("supresing by rule")
hash=json.loads(hash)["hash"]
data={"hash":hash,"rule":rule,"type":type}
headers = {'Authorization': APIKEY}
response = requests.post(SERVER + '/api/v1/suppress_by_rule', data=data, headers=headers)
return response.text
def suppress_by_file(hash,type,rule="android_logging"):
#type can be or code
#rule can be android_logging ,app_allowbackup
"""supress a check by some rule id"""
print("supresing by file")
hash=json.loads(hash)["hash"]
data={"hash":hash,"rule":rule,"type":type}
headers = {'Authorization': APIKEY}
response = requests.post(SERVER + '/api/v1/suppress_by_files', data=data, headers=headers)
return response.text
def view_suppressions(data):
print("checking which are suppresdd..")
data = json.loads(data)
headers = {'Authorization': APIKEY}
response = requests.post(SERVER + '/api/v1/list_suppressions', data=data, headers=headers)
return response.text
def delete_suppressions(data,type="code",rule="android_sql_raw_query",kind="file"):
print("removing suppresions..")
hash = json.loads(data)["hash"]
headers = {'Authorization': APIKEY}
data={"hash":hash,"type":type,"rule":rule,"kind":kind}
response = requests.post(SERVER + '/api/v1/delete_suppression', data=data, headers=headers)
return response.text
RESP = upload(FILE1)
scan(RESP)
RESP2=upload(FILE2)
scan(RESP2)
print(compare(json.loads(RESP)["hash"],json.loads(RESP2)["hash"]))
json_resp(RESP)
pdf(RESP)
print("displaying recent scans")
recent_scans()
print("suppress by rule")
res=suppress_by_rule(RESP)
print(res)
print("score card")
score_card(RESP)
print("suppress by file")
res=suppress_by_file(RESP,"code")
print("view suppressions")
view_suppressions(RESP)
print("delete suppressions")
delete_suppressions(RESP)
delete(RESP)
delete(RESP2)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment