m0wn1ka/mobsf-rest-api-python.py

## mobsf-rest-api-python.py
"""
MOBSF REST API Python Requests
"""

import json
import requests
from requests_toolbelt.multipart.encoder import MultipartEncoder

SERVER = "http://127.0.0.1:8000"

FILE2='app-release.apk'
FILE1 = 'diva-beta.apk'
APIKEY = '<API_KEY>'


def upload(x):
    """Upload File"""
    print("Uploading file")
    multipart_data = MultipartEncoder(fields={'file': (x, open(x, 'rb'), 'application/octet-stream')})
    headers = {'Content-Type': multipart_data.content_type, 'Authorization': APIKEY}
    response = requests.post(SERVER + '/api/v1/upload', data=multipart_data, headers=headers)
    print(response.text)
    return response.text


def scan(data):
    """Scan the file"""
    print("Scanning file")
    post_dict = json.loads(data)
    headers = {'Authorization': APIKEY}
    response = requests.post(SERVER + '/api/v1/scan', data=post_dict, headers=headers)
    print(response.text)
def compare(hash1,hash2):

	headers = { 'Authorization': APIKEY}
	data={"hash1":hash1,"hash2":hash2}
	print("in comparinsg data is ",data)
	response = requests.post(SERVER + '/api/v1/compare', data=data, headers=headers)

	return response.text


def pdf(data):
    """Generate PDF Report"""
    print("Generate PDF report")
    headers = {'Authorization': APIKEY}
    data = {"hash": json.loads(data)["hash"]}
    response = requests.post(SERVER + '/api/v1/download_pdf', data=data, headers=headers, stream=True)
    with open("report.pdf", 'wb') as flip:
        for chunk in response.iter_content(chunk_size=1024):
            if chunk:
                flip.write(chunk)
    print("Report saved as report.pdf")


def json_resp(data):
    """Generate JSON Report"""
    print("Generate JSON report")
    headers = {'Authorization': APIKEY}
    data = {"hash": json.loads(data)["hash"]}
    response = requests.post(SERVER + '/api/v1/report_json', data=data, headers=headers)
    print(response.text)


def delete(data):
    """Delete Scan Result"""
    print("Deleting Scan")
    headers = {'Authorization': APIKEY}
    data = {"hash": json.loads(data)["hash"]}
    response = requests.post(SERVER + '/api/v1/delete_scan', data=data, headers=headers)
    print(response.text)
def recent_scans():
	"""get recent scans"""
	print("printing recent scans")
	headers = {'Authorization': APIKEY}
	response = requests.get(SERVER + '/api/v1/scans', headers=headers)
	print("response of recent scans is ",response.content)
def score_card(hash):
	headers = {'Authorization': APIKEY}
	post_dict = json.loads(hash)
	response = requests.post(SERVER + '/api/v1/scan', data=post_dict, headers=headers)
	print("response of scorecard is ",response.text)
def suppress_by_rule(hash,rule='app_allowbackup',type='manifest'):
#type can be manifest or code
#rule can be android_logging ,app_allowbackup
	"""supress a check by some rule id"""
	print("supresing by rule")
	hash=json.loads(hash)["hash"]
	data={"hash":hash,"rule":rule,"type":type}
	headers = {'Authorization': APIKEY}
	response = requests.post(SERVER + '/api/v1/suppress_by_rule', data=data, headers=headers)
	return response.text
def suppress_by_file(hash,type,rule="android_logging"):
#type can be  or code
#rule can be android_logging ,app_allowbackup
	"""supress a check by some rule id"""
	print("supresing by file")
	hash=json.loads(hash)["hash"]
	data={"hash":hash,"rule":rule,"type":type}
	headers = {'Authorization': APIKEY}
	response = requests.post(SERVER + '/api/v1/suppress_by_files', data=data, headers=headers)
	return response.text
def view_suppressions(data):
	print("checking which are suppresdd..")
	data = json.loads(data)
	headers = {'Authorization': APIKEY}
	response = requests.post(SERVER + '/api/v1/list_suppressions', data=data, headers=headers)
	return response.text
def delete_suppressions(data,type="code",rule="android_sql_raw_query",kind="file"):
	print("removing suppresions..")
	hash = json.loads(data)["hash"]
	headers = {'Authorization': APIKEY}
	data={"hash":hash,"type":type,"rule":rule,"kind":kind}
	response = requests.post(SERVER + '/api/v1/delete_suppression', data=data, headers=headers)
	return response.text
RESP = upload(FILE1)
scan(RESP)

RESP2=upload(FILE2)


scan(RESP2)
print(compare(json.loads(RESP)["hash"],json.loads(RESP2)["hash"]))


json_resp(RESP)
pdf(RESP)
print("displaying recent scans")
recent_scans()
print("suppress by rule")
res=suppress_by_rule(RESP)
print(res)
print("score card")
score_card(RESP)
print("suppress by file")
res=suppress_by_file(RESP,"code")
print("view suppressions")
view_suppressions(RESP)
print("delete suppressions")
delete_suppressions(RESP)
delete(RESP)
delete(RESP2)
	"""
	MOBSF REST API Python Requests
	"""

	import json
	import requests
	from requests_toolbelt.multipart.encoder import MultipartEncoder

	SERVER = "http://127.0.0.1:8000"

	FILE2='app-release.apk'
	FILE1 = 'diva-beta.apk'
	APIKEY = '<API_KEY>'


	def upload(x):
	"""Upload File"""
	print("Uploading file")
	multipart_data = MultipartEncoder(fields={'file': (x, open(x, 'rb'), 'application/octet-stream')})
	headers = {'Content-Type': multipart_data.content_type, 'Authorization': APIKEY}
	response = requests.post(SERVER + '/api/v1/upload', data=multipart_data, headers=headers)
	print(response.text)
	return response.text


	def scan(data):
	"""Scan the file"""
	print("Scanning file")
	post_dict = json.loads(data)
	headers = {'Authorization': APIKEY}
	response = requests.post(SERVER + '/api/v1/scan', data=post_dict, headers=headers)
	print(response.text)
	def compare(hash1,hash2):

	headers = { 'Authorization': APIKEY}
	data={"hash1":hash1,"hash2":hash2}
	print("in comparinsg data is ",data)
	response = requests.post(SERVER + '/api/v1/compare', data=data, headers=headers)

	return response.text


	def pdf(data):
	"""Generate PDF Report"""
	print("Generate PDF report")
	headers = {'Authorization': APIKEY}
	data = {"hash": json.loads(data)["hash"]}
	response = requests.post(SERVER + '/api/v1/download_pdf', data=data, headers=headers, stream=True)
	with open("report.pdf", 'wb') as flip:
	for chunk in response.iter_content(chunk_size=1024):
	if chunk:
	flip.write(chunk)
	print("Report saved as report.pdf")


	def json_resp(data):
	"""Generate JSON Report"""
	print("Generate JSON report")
	headers = {'Authorization': APIKEY}
	data = {"hash": json.loads(data)["hash"]}
	response = requests.post(SERVER + '/api/v1/report_json', data=data, headers=headers)
	print(response.text)


	def delete(data):
	"""Delete Scan Result"""
	print("Deleting Scan")
	headers = {'Authorization': APIKEY}
	data = {"hash": json.loads(data)["hash"]}
	response = requests.post(SERVER + '/api/v1/delete_scan', data=data, headers=headers)
	print(response.text)
	def recent_scans():
	"""get recent scans"""
	print("printing recent scans")
	headers = {'Authorization': APIKEY}
	response = requests.get(SERVER + '/api/v1/scans', headers=headers)
	print("response of recent scans is ",response.content)
	def score_card(hash):
	headers = {'Authorization': APIKEY}
	post_dict = json.loads(hash)
	response = requests.post(SERVER + '/api/v1/scan', data=post_dict, headers=headers)
	print("response of scorecard is ",response.text)
	def suppress_by_rule(hash,rule='app_allowbackup',type='manifest'):
	#type can be manifest or code
	#rule can be android_logging ,app_allowbackup
	"""supress a check by some rule id"""
	print("supresing by rule")
	hash=json.loads(hash)["hash"]
	data={"hash":hash,"rule":rule,"type":type}
	headers = {'Authorization': APIKEY}
	response = requests.post(SERVER + '/api/v1/suppress_by_rule', data=data, headers=headers)
	return response.text
	def suppress_by_file(hash,type,rule="android_logging"):
	#type can be or code
	#rule can be android_logging ,app_allowbackup
	"""supress a check by some rule id"""
	print("supresing by file")
	hash=json.loads(hash)["hash"]
	data={"hash":hash,"rule":rule,"type":type}
	headers = {'Authorization': APIKEY}
	response = requests.post(SERVER + '/api/v1/suppress_by_files', data=data, headers=headers)
	return response.text
	def view_suppressions(data):
	print("checking which are suppresdd..")
	data = json.loads(data)
	headers = {'Authorization': APIKEY}
	response = requests.post(SERVER + '/api/v1/list_suppressions', data=data, headers=headers)
	return response.text
	def delete_suppressions(data,type="code",rule="android_sql_raw_query",kind="file"):
	print("removing suppresions..")
	hash = json.loads(data)["hash"]
	headers = {'Authorization': APIKEY}
	data={"hash":hash,"type":type,"rule":rule,"kind":kind}
	response = requests.post(SERVER + '/api/v1/delete_suppression', data=data, headers=headers)
	return response.text
	RESP = upload(FILE1)
	scan(RESP)

	RESP2=upload(FILE2)


	scan(RESP2)
	print(compare(json.loads(RESP)["hash"],json.loads(RESP2)["hash"]))


	json_resp(RESP)
	pdf(RESP)
	print("displaying recent scans")
	recent_scans()
	print("suppress by rule")
	res=suppress_by_rule(RESP)
	print(res)
	print("score card")
	score_card(RESP)
	print("suppress by file")
	res=suppress_by_file(RESP,"code")
	print("view suppressions")
	view_suppressions(RESP)
	print("delete suppressions")
	delete_suppressions(RESP)
	delete(RESP)
	delete(RESP2)