├── .gitignore ├── LICENSE ├── README.md ├── deepviz ├── __init__.py ├── intel.py ├── result.py └── sandbox.py ├── examples └── sandbox_test.py ├── requirements.txt ├── setup.cfg └── setup.py /.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | *.idea -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Saferbytes s.r.l.s. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # python-deepviz 2 | python-deepviz is a Python wrapper for deepviz.com REST APIs 3 | 4 | # Install 5 | 6 | python-deepviz is hosted by PyPi 7 | 8 | ```python 9 | pip install python-deepviz 10 | ``` 11 | 12 | # Usage 13 | To use Deepviz API sdk you will need an API key you can get by 14 | subscribing the service free at https://account.deepviz.com/register/ 15 | 16 | The complete Deepviz REST APIs documentation can be found at https://api.deepviz.com/docs/ 17 | 18 | # Sandbox SDK API 19 | 20 | To upload a sample: 21 | 22 | ```python 23 | from deepviz import sandbox 24 | sbx = sandbox.Sandbox() 25 | result = sbx.upload_sample(path="path\\to\\file.exe", api_key="my-api-key") 26 | print result 27 | ``` 28 | 29 | To upload a folder: 30 | 31 | ```python 32 | from deepviz import sandbox 33 | sbx = sandbox.Sandbox() 34 | result = sbx.upload_folder(path="path\\to\\files", api_key="my-api-key") 35 | print result 36 | ``` 37 | 38 | To download a sample: 39 | 40 | ```python 41 | from deepviz import sandbox 42 | sbx = sandbox.Sandbox() 43 | result = sbx.download_sample(md5="MD5-hash", api_key="my-api-key", path="output\\directory\\") 44 | print result 45 | ``` 46 | 47 | To send a bulk download request and download the related archive: 48 | 49 | ```python 50 | from deepviz.sandbox import Sandbox 51 | from deepviz.result import * 52 | 53 | sbx = Sandbox() 54 | md5_list = [ 55 | "a6ca3b8c79e1b7e2a6ef046b0702aeb2", 56 | "34781d4f8654f9547cc205061221aea5", 57 | "a8c5c0d39753c97e1ffdfc6b17423dd6" 58 | ] 59 | 60 | result = sbx.bulk_download_request(md5_list=md5_list, api_key="my-api-key") 61 | if result.status == SUCCESS: 62 | print result 63 | while True: 64 | result2 = sbx.bulk_download_retrieve(id_request=result.msg['id_request'], api_key="my-api-key", path="output\\directory\\") 65 | if result2.status != PROCESSING: 66 | print result2 67 | break 68 | 69 | time.sleep(1) 70 | ``` 71 | 72 | To retrieve full scan report for a specific MD5 73 | 74 | ```python 75 | from deepviz import sandbox 76 | sbx = sandbox.Sandbox() 77 | result = sbx.sample_report(md5="MD5-hash", api_key="my-api-key") 78 | print result 79 | ``` 80 | 81 | # Threat Intelligence SDK API 82 | 83 | To retrieve scan result of a specific MD5 84 | 85 | ```python 86 | from deepviz import intel 87 | ThreatIntel = intel.Intel() 88 | result = ThreatIntel.sample_result(md5="MD5-hash", api_key="my-api-key") 89 | classification = result.msg['classification'] 90 | 91 | print "Classification: %s" % (classification) 92 | ``` 93 | 94 | To retrieve only specific parts of the report of a specific MD5 scan 95 | 96 | ```python 97 | from deepviz import intel 98 | ThreatIntel = intel.Intel() 99 | result = ThreatIntel.sample_info(md5="MD5-hash", api_key="my-api-key", filters=["classification","rules"]) 100 | print result 101 | ``` 102 | 103 | To retrieve intel data about an IP: 104 | 105 | ```python 106 | from deepviz import intel 107 | ThreatIntel = intel.Intel() 108 | result = ThreatIntel.ip_info(api_key="my-api-key", ip="8.8.8.8", filters=["generic_info"]) 109 | print result 110 | ``` 111 | 112 | To retrieve intel data about one domain: 113 | 114 | ```python 115 | from deepviz import intel 116 | ThreatIntel = intel.Intel() 117 | result = ThreatIntel.domain_info(api_key="my-api-key", domain="google.com") 118 | print result 119 | ``` 120 | 121 | To run generic search based on strings 122 | (find all IPs, domains, samples related to the searched keyword): 123 | 124 | ```python 125 | from deepviz import intel 126 | ThreatIntel = intel.Intel() 127 | result = ThreatIntel.search(api_key="my-api-key", search_string="justfacebook.net") 128 | print result 129 | ``` 130 | 131 | To run advanced search based on parameters 132 | (find all MD5 samples connecting to a domain and determined as malicious): 133 | 134 | ```python 135 | from deepviz import intel 136 | ThreatIntel = intel.Intel() 137 | result = ThreatIntel.advanced_search(api_key="my-api-key", domain=["justfacebook.net"], classification="M") 138 | print result 139 | ``` 140 | -------------------------------------------------------------------------------- /deepviz/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/saferbytes/python-deepviz/9a6ee1d63929c010f5b933dcbd12673157387b68/deepviz/__init__.py -------------------------------------------------------------------------------- /deepviz/intel.py: -------------------------------------------------------------------------------- 1 | import inspect 2 | import requests 3 | from deepviz.result import * 4 | 5 | try: 6 | import json 7 | except: 8 | import simplejson as json 9 | 10 | 11 | URL_INTEL_REPORT = "https://api.deepviz.com/intel/report" 12 | URL_INTEL_SEARCH = "https://api.deepviz.com/intel/search" 13 | URL_INTEL_IP = "https://api.deepviz.com/intel/network/ip" 14 | URL_INTEL_DOMAIN = "https://api.deepviz.com/intel/network/domain" 15 | URL_INTEL_SEARCH_ADVANCED = "https://api.deepviz.com/intel/search/advanced" 16 | 17 | 18 | class Intel: 19 | 20 | def __init__(self): 21 | pass 22 | 23 | def sample_info(self, md5=None, api_key=None, filters=None): 24 | if not api_key: 25 | return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String") 26 | 27 | if not md5: 28 | return Result(status=INPUT_ERROR, msg="MD5 cannot be null or empty String") 29 | 30 | if not filters: 31 | return Result(status=INPUT_ERROR, msg="filters cannot be null or empty") 32 | 33 | if len(filters) > 10: 34 | return Result(status=INPUT_ERROR, msg="Parameter 'filters' takes at most 10 values ({count} given).".format(count=len(filters))) 35 | 36 | body = json.dumps( 37 | { 38 | "md5": md5, 39 | "api_key": api_key, 40 | "output_filters": filters 41 | } 42 | ) 43 | 44 | try: 45 | r = requests.post(URL_INTEL_REPORT, data=body) 46 | except Exception as e: 47 | return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e) 48 | 49 | try: 50 | data = json.loads(r.content) 51 | except Exception as e: 52 | return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e) 53 | 54 | if r.status_code == 428: 55 | return Result(status=PROCESSING, msg="Analysis is running") 56 | else: 57 | try: 58 | data = json.loads(r.content) 59 | except Exception as e: 60 | return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e) 61 | 62 | if r.status_code == 200: 63 | return Result(status=SUCCESS, msg=data['data']) 64 | else: 65 | if r.status_code >= 500: 66 | return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 67 | else: 68 | return Result(status=CLIENT_ERROR, msg="{status_code} - Client error: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 69 | 70 | def sample_result(self, md5=None, api_key=None): 71 | if not api_key: 72 | return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String") 73 | 74 | if not md5: 75 | return Result(status=INPUT_ERROR, msg="MD5 cannot be null or empty String") 76 | 77 | return self.sample_info(md5, api_key, ["classification"]) 78 | 79 | def ip_info(self, api_key=None, ip=None, filters=None): 80 | if not api_key: 81 | return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String") 82 | 83 | if not ip: 84 | msg = "Parameters missing or invalid. You must specify an IP" 85 | return Result(status=INPUT_ERROR, msg=msg) 86 | 87 | if not isinstance(ip, str): 88 | msg = "You must provide the IP in a string" 89 | return Result(status=INPUT_ERROR, msg=msg) 90 | 91 | if filters is not None: 92 | if not isinstance(filters, list): 93 | msg = "You must provide one or more output filters in a list" 94 | return Result(status=INPUT_ERROR, msg=msg) 95 | elif not filters: 96 | msg = "You must provide at least one filter" 97 | return Result(status=INPUT_ERROR, msg=msg) 98 | 99 | if filters is not None: 100 | body = json.dumps( 101 | { 102 | "api_key": api_key, 103 | "ip": ip, 104 | "output_filters": filters 105 | } 106 | ) 107 | else: 108 | body = json.dumps( 109 | { 110 | "api_key": api_key, 111 | "ip": ip, 112 | } 113 | ) 114 | 115 | try: 116 | r = requests.post(URL_INTEL_IP, data=body) 117 | except Exception as e: 118 | return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e) 119 | 120 | try: 121 | data = json.loads(r.content) 122 | except Exception as e: 123 | return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e) 124 | 125 | if r.status_code == 200: 126 | return Result(status=SUCCESS, msg=data['data']) 127 | else: 128 | if r.status_code >= 500: 129 | return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 130 | else: 131 | return Result(status=CLIENT_ERROR, msg="{status_code} - Client error: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 132 | 133 | 134 | def domain_info(self, api_key=None, domain=None, filters=None): 135 | if not api_key: 136 | return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String") 137 | 138 | if not domain: 139 | msg = "Parameters missing or invalid. You must specify a domain" 140 | return Result(status=INPUT_ERROR, msg=msg) 141 | elif not isinstance(domain, str): 142 | msg = "You must provide one a domain in a string" 143 | return Result(status=INPUT_ERROR, msg=msg) 144 | 145 | if filters is not None: 146 | if not isinstance(filters, list): 147 | msg = "You must provide one or more output filters in a list" 148 | return Result(status=INPUT_ERROR, msg=msg) 149 | elif not filters: 150 | msg = "You must provide at least one filter" 151 | return Result(status=INPUT_ERROR, msg=msg) 152 | 153 | if filters: 154 | body = json.dumps( 155 | { 156 | "api_key": api_key, 157 | "domain": domain, 158 | "output_filters": filters, 159 | } 160 | ) 161 | else: 162 | body = json.dumps( 163 | { 164 | "api_key": api_key, 165 | "domain": domain, 166 | } 167 | ) 168 | 169 | try: 170 | r = requests.post(URL_INTEL_DOMAIN, data=body) 171 | except Exception as e: 172 | msg = "Error while connecting to Deepviz: %s" % e 173 | return Result(status=NETWORK_ERROR, msg=msg) 174 | 175 | try: 176 | data = json.loads(r.content) 177 | except Exception as e: 178 | return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e) 179 | 180 | if r.status_code == 200: 181 | return Result(status=SUCCESS, msg=data['data']) 182 | else: 183 | if r.status_code >= 500: 184 | return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 185 | else: 186 | return Result(status=CLIENT_ERROR, msg="{status_code} - Client error: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 187 | 188 | 189 | def search(self, api_key=None, search_string=None, start_offset=None, elements=None): 190 | if not api_key: 191 | return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String") 192 | 193 | if not search_string: 194 | return Result(status=INPUT_ERROR, msg="String to be searched cannot be null or empty") 195 | 196 | if start_offset is not None and elements is not None: 197 | result_set = ["start=%d" % start_offset, "rows=%d" % elements] 198 | body = json.dumps( 199 | { 200 | "result_set": result_set, 201 | "string": search_string, 202 | "api_key": api_key, 203 | } 204 | ) 205 | else: 206 | body = json.dumps( 207 | { 208 | "string": search_string, 209 | "api_key": api_key, 210 | } 211 | ) 212 | 213 | try: 214 | r = requests.post(URL_INTEL_SEARCH, data=body) 215 | except Exception as e: 216 | return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e) 217 | 218 | try: 219 | data = json.loads(r.content) 220 | except Exception as e: 221 | return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e) 222 | 223 | if r.status_code == 200: 224 | return Result(status=SUCCESS, msg=data['data']) 225 | else: 226 | if r.status_code >= 500: 227 | return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 228 | else: 229 | return Result(status=CLIENT_ERROR, msg="{status_code} - Client error: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 230 | 231 | 232 | def advanced_search(self, api_key=None, sim_hash=None, created_files=None, imp_hash=None, url=None, strings=None, 233 | ip=None, asn=None, classification=None, rules=None, country=None, never_seen=None, 234 | time_delta=None, result_set=None, ip_range=None, domain=None): 235 | 236 | if not api_key: 237 | return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String") 238 | 239 | frame = inspect.currentframe() 240 | args, _, _, values = inspect.getargvalues(frame) 241 | 242 | body = { 243 | 'api_key': api_key 244 | } 245 | 246 | for i in args: 247 | if values[i] and i != "self" and i != "api_key": 248 | if i == "sim_hash" or i == "created_files" or i == "imp_hash" or i == "url" or i == "strings" or i == "ip" or i == "asn" or i == "rules" or i == "country" or i == "result_set" or i == "domain": 249 | if isinstance(values[i], list): 250 | body[i] = values[i] 251 | else: 252 | msg = "Value '%s' must be in a list form" % i 253 | return Result(status=INPUT_ERROR, msg=msg) 254 | else: 255 | if isinstance(values[i], str): 256 | body[i] = values[i] 257 | else: 258 | msg = "Value '%s' must be in a string form" % i 259 | return Result(status=INPUT_ERROR, msg=msg) 260 | 261 | final_body = json.dumps(body) 262 | 263 | try: 264 | r = requests.post(URL_INTEL_SEARCH_ADVANCED, data=final_body) 265 | except Exception as e: 266 | return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e) 267 | 268 | try: 269 | data = json.loads(r.content) 270 | except Exception as e: 271 | return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e) 272 | 273 | if r.status_code == 200: 274 | msg = data['data'] 275 | return Result(status=SUCCESS, msg=msg) 276 | else: 277 | if r.status_code >= 500: 278 | return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 279 | else: 280 | return Result(status=CLIENT_ERROR, msg="{status_code} - Client error: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) -------------------------------------------------------------------------------- /deepviz/result.py: -------------------------------------------------------------------------------- 1 | SUCCESS = "DEEPVIZ_STATUS_SUCCESS" # Request successfully submitted 2 | INPUT_ERROR = "DEEPVIZ_STATUS_INPUT_ERROR" 3 | SERVER_ERROR = "DEEPVIZ_STATUS_SERVER_ERROR" # Http 5xx 4 | CLIENT_ERROR = "DEEPVIZ_STATUS_CLIENT_ERROR" # Http 4xx 5 | NETWORK_ERROR = "DEEPVIZ_STATUS_NETWORK_ERROR" # Cannot contact Deepviz 6 | INTERNAL_ERROR = "DEEPVIZ_STATUS_INTERNAL_ERROR" 7 | PROCESSING = "DEEPVIZ_STATUS_PROCESSING" # Result is not ready yet 8 | 9 | 10 | class Result: 11 | status = None 12 | msg = None 13 | 14 | def __init__(self, status, msg): 15 | self.status = status 16 | self.msg = msg 17 | 18 | def __repr__(self): 19 | return "Result(status='{status}', msg='{data}')".format(status=self.status, data=self.msg) -------------------------------------------------------------------------------- /deepviz/sandbox.py: -------------------------------------------------------------------------------- 1 | import os 2 | import requests 3 | from deepviz.result import * 4 | 5 | try: 6 | import json 7 | except: 8 | import simplejson as json 9 | 10 | URL_SAMPLE_REPORT = "https://api.deepviz.com/general/report" 11 | URL_UPLOAD_SAMPLE = "https://api.deepviz.com/sandbox/submit" 12 | URL_DOWNLOAD_SAMPLE = "https://api.deepviz.com/sandbox/sample" 13 | URL_DOWNLOAD_BULK = "https://api.deepviz.com/sandbox/sample/bulk/retrieve" 14 | URL_REQUEST_BULK = "https://api.deepviz.com/sandbox/sample/bulk/request" 15 | 16 | 17 | class Sandbox: 18 | 19 | def __init__(self): 20 | pass 21 | 22 | def sample_report(self, md5=None, api_key=None): 23 | if not api_key: 24 | return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String") 25 | 26 | if not md5: 27 | return Result(status=INPUT_ERROR, msg="MD5 cannot be null or empty String") 28 | 29 | body = json.dumps( 30 | { 31 | "md5": md5, 32 | "api_key": api_key 33 | } 34 | ) 35 | 36 | try: 37 | r = requests.post(URL_SAMPLE_REPORT, data=body) 38 | except Exception as e: 39 | return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e) 40 | 41 | try: 42 | data = json.loads(r.content) 43 | except Exception as e: 44 | return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e) 45 | 46 | if r.status_code == 428: 47 | return Result(status=PROCESSING, msg="Analysis is running") 48 | else: 49 | try: 50 | data = json.loads(r.content) 51 | except Exception as e: 52 | return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e) 53 | 54 | if r.status_code == 200: 55 | return Result(status=SUCCESS, msg=data['data']) 56 | else: 57 | if r.status_code >= 500: 58 | return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 59 | else: 60 | return Result(status=CLIENT_ERROR, msg="{status_code} - Client error: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 61 | 62 | 63 | def upload_sample(self, path=None, api_key=None): 64 | if not path: 65 | return Result(status=INPUT_ERROR, msg="File path cannot be null or empty String") 66 | 67 | if not api_key: 68 | return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String") 69 | 70 | if not os.path.exists(path): 71 | return Result(status=INPUT_ERROR, msg="File does not exists") 72 | 73 | if os.path.isdir(path): 74 | return Result(status=INPUT_ERROR, msg="Path is a directory instead of a file") 75 | 76 | try: 77 | _file = open(path, "rb") 78 | except Exception as _: 79 | msg = "Cannot open file '%s'" % path 80 | return Result(status=INTERNAL_ERROR, msg=msg) 81 | 82 | body = { 83 | "api_key": api_key, 84 | "source": "python_deepviz" 85 | } 86 | 87 | try: 88 | r = requests.post( 89 | URL_UPLOAD_SAMPLE, 90 | data=body, 91 | files={ 92 | "file": _file 93 | } 94 | ) 95 | except Exception as e: 96 | msg = "Error while connecting to Deepviz: %s" % e 97 | return Result(status=NETWORK_ERROR, msg=msg) 98 | 99 | if r.status_code == 428: 100 | return Result(status=PROCESSING, msg="Analysis is already running") 101 | else: 102 | try: 103 | data = json.loads(r.content) 104 | except Exception as e: 105 | return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e) 106 | 107 | if r.status_code == 200: 108 | msg = data['data'] 109 | return Result(status=SUCCESS, msg=msg) 110 | else: 111 | if r.status_code >= 500: 112 | return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 113 | else: 114 | return Result(status=CLIENT_ERROR, msg="{status_code} - Client error: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 115 | 116 | 117 | def upload_folder(self, path=None, api_key=None): 118 | if not path: 119 | return Result(status=INPUT_ERROR, msg="Folder path cannot be null or empty String") 120 | 121 | if not api_key: 122 | return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String") 123 | 124 | if not os.path.exists(path): 125 | return Result(status=INPUT_ERROR, msg="Directory does not exists") 126 | 127 | if not os.path.isdir(path): 128 | return Result(status=INPUT_ERROR, msg="Path is a file instead of a directory") 129 | 130 | buf = os.listdir(path) 131 | 132 | if buf: 133 | for item in buf: 134 | _file = os.path.join(path, item) 135 | result = self.upload_sample(_file, api_key) 136 | if result.status != SUCCESS and result.status != PROCESSING: 137 | result.msg = "Error uploading file '{file}': {msg}".format(file=_file, msg=result.msg) 138 | return result 139 | else: 140 | return Result(status=SUCCESS, msg="Every file in folder has been uploaded") 141 | else: 142 | return Result(status=INPUT_ERROR, msg="Empty folder") 143 | 144 | 145 | def download_sample(self, md5=None, path=None, api_key=None): 146 | if not path: 147 | return Result(status=INPUT_ERROR, msg="File path cannot be null or empty String") 148 | 149 | if not api_key: 150 | return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String") 151 | 152 | if not md5: 153 | return Result(status=INPUT_ERROR, msg="MD5 cannot be null or empty String") 154 | 155 | if os.path.exists(path) and os.path.isfile(path): 156 | return Result(status=INPUT_ERROR, msg="Invalid destination folder") 157 | elif not os.path.exists(path): 158 | os.makedirs(path) 159 | 160 | finalpath = os.path.join(path, md5) 161 | 162 | try: 163 | _file = open(finalpath, "wb") 164 | except Exception as _: 165 | msg = "Cannot create file '%s'" % finalpath 166 | return Result(status=INTERNAL_ERROR, msg=msg) 167 | 168 | body = json.dumps( 169 | { 170 | "api_key": api_key, 171 | "md5": md5 172 | }) 173 | try: 174 | r = requests.post(URL_DOWNLOAD_SAMPLE, data=body) 175 | except Exception as e: 176 | return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e) 177 | 178 | if r.status_code == 200: 179 | _file.write(r.content) 180 | _file.close() 181 | return Result(status=SUCCESS, msg="Sample downloaded to '%s'" % finalpath) 182 | else: 183 | try: 184 | data = json.loads(r.content) 185 | except Exception as e: 186 | return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e) 187 | 188 | if r.status_code >= 500: 189 | return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 190 | else: 191 | return Result(status=CLIENT_ERROR, msg="{status_code} - Client error: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 192 | 193 | 194 | def bulk_download_request(self, md5_list=None, api_key=None): 195 | if not api_key: 196 | return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String") 197 | 198 | if not md5_list: 199 | return Result(status=INPUT_ERROR, msg="MD5 list empty or invalid") 200 | 201 | body = json.dumps( 202 | { 203 | "api_key": api_key, 204 | "hashes": md5_list 205 | }) 206 | try: 207 | r = requests.post(URL_REQUEST_BULK, data=body) 208 | except Exception as e: 209 | msg = "Error while connecting to Deepviz. [%s]" % e 210 | return Result(status=NETWORK_ERROR, msg=msg) 211 | 212 | try: 213 | data = json.loads(r.content) 214 | except Exception as e: 215 | return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e) 216 | 217 | if r.status_code == 200: 218 | return Result(status=SUCCESS, msg=data['data']) 219 | else: 220 | if r.status_code >= 500: 221 | return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 222 | else: 223 | return Result(status=CLIENT_ERROR, msg="{status_code} - Client error: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 224 | 225 | 226 | def bulk_download_retrieve(self, id_request=None, path=None, api_key=None): 227 | if not path: 228 | return Result(status=INPUT_ERROR, msg="File path cannot be null or empty String") 229 | 230 | if not api_key: 231 | return Result(status=INPUT_ERROR, msg="API key cannot be null or empty String") 232 | 233 | if not id_request: 234 | return Result(status=INPUT_ERROR, msg="Request ID cannot be null or empty String") 235 | 236 | if os.path.exists(path) and os.path.isfile(path): 237 | return Result(status=INPUT_ERROR, msg="Invalid destination folder") 238 | elif not os.path.exists(path): 239 | os.makedirs(path) 240 | 241 | finalpath = os.path.join(path, "bulk_request_{id}.zip".format(id=id_request)) 242 | 243 | try: 244 | _file = open(finalpath, "wb") 245 | except Exception as _: 246 | return Result(status=INTERNAL_ERROR, msg="Cannot create file '%s'" % finalpath) 247 | 248 | body = json.dumps( 249 | { 250 | "api_key": api_key, 251 | "id_request": str(id_request) 252 | }) 253 | try: 254 | r = requests.post(URL_DOWNLOAD_BULK, data=body) 255 | except Exception as e: 256 | _file.close() 257 | return Result(status=NETWORK_ERROR, msg="Error while connecting to Deepviz: %s" % e) 258 | 259 | if r.status_code == 200: 260 | _file.write(r.content) 261 | _file.close() 262 | return Result(status=SUCCESS, msg="File downloaded to '%s'" % finalpath) 263 | elif r.status_code == 428: 264 | _file.close() 265 | return Result(status=PROCESSING, msg="{status_code} - Your request is being processed. Please try again in a few minutes".format(status_code=r.status_code)) 266 | else: 267 | _file.close() 268 | try: 269 | data = json.loads(r.content) 270 | except Exception as e: 271 | return Result(status=INTERNAL_ERROR, msg="Error loading Deepviz response: %s" % e) 272 | 273 | if r.status_code >= 500: 274 | return Result(status=SERVER_ERROR, msg="{status_code} - Error while connecting to Deepviz: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) 275 | else: 276 | return Result(status=CLIENT_ERROR, msg="{status_code} - Client error: {errmsg}".format(status_code=r.status_code, errmsg=data['errmsg'])) -------------------------------------------------------------------------------- /examples/sandbox_test.py: -------------------------------------------------------------------------------- 1 | import time 2 | import hashlib 3 | import sys 4 | sys.path.insert(0, r'../') 5 | from deepviz.intel import Intel 6 | from deepviz.sandbox import Sandbox 7 | from deepviz.result import * 8 | 9 | API_KEY = "0000000000000000000000000000000000000000000000000000000000000000" 10 | 11 | sbx = Sandbox() 12 | 13 | # Retrieve sample full scan report 14 | print ">>>>>>>>>>>>>>> sample_report" 15 | result = sbx.sample_report(md5="a6ca3b8c79e1b7e2a6ef046b0702aeb2", api_key=API_KEY) 16 | print result 17 | 18 | # Download sample binary 19 | print ">>>>>>>>>>>>>>> download_sample" 20 | print sbx.download_sample(md5="a6ca3b8c79e1b7e2a6ef046b0702aeb2", api_key=API_KEY, path="./") 21 | 22 | # Upload sample 23 | print sbx.upload_sample(path="a6ca3b8c79e1b7e2a6ef046b0702aeb2", api_key=API_KEY) 24 | 25 | # Upload a folder 26 | result = sbx.upload_folder(path="uploadfolder", api_key=API_KEY) 27 | print result 28 | 29 | # Send a bulk download request and download the related archive 30 | md5_list = [ 31 | "c3bcdbe22836857b1587122adae0f52e", 32 | "34781d4f8654f9547cc205061221aea5", 33 | "a8c5c0d39753c97e1ffdfc6b17423dd6" 34 | ] 35 | 36 | print ">>>>>>>>>>>>>>> bulk_download_request" 37 | result = sbx.bulk_download_request(md5_list=md5_list, api_key=API_KEY) 38 | if result.status == SUCCESS: 39 | print result 40 | while True: 41 | result2 = sbx.bulk_download_retrieve(id_request=result.msg['id_request'], api_key=API_KEY, path=".") 42 | if result2: 43 | print result2 44 | if result2.status != PROCESSING: 45 | break 46 | else: 47 | break 48 | time.sleep(1) 49 | else: 50 | print result 51 | 52 | ####################################################################################################################### 53 | 54 | ThreatIntel = Intel() 55 | 56 | # sample result 57 | print ">>>>>>>>>>>>>>> sample_result" 58 | result = ThreatIntel.sample_result(md5="a6ca3b8c79e1b7e2a6ef046b0702aeb2", api_key=API_KEY) 59 | print result 60 | 61 | # sample info 62 | print ">>>>>>>>>>>>>>> sample_info" 63 | result = ThreatIntel.sample_info(md5="a6ca3b8c79e1b7e2a6ef046b0702aeb2", api_key=API_KEY, filters=["rules", "email", "url", "filesystem"]) 64 | print result 65 | 66 | # To retrieve intel data about an IP: 67 | print ">>>>>>>>>>>>>>> ip_info" 68 | result = ThreatIntel.ip_info(api_key=API_KEY, ip="8.8.8.8", filters=["generic_info"]) 69 | print result 70 | 71 | # To retrieve intel data about a domain: 72 | print ">>>>>>>>>>>>>>> domain_info" 73 | result = ThreatIntel.domain_info(api_key=API_KEY, domain="google.com") 74 | print result 75 | 76 | # To run generic search based on strings 77 | # (find all IPs, domains, samples related to the searched keyword): 78 | print ">>>>>>>>>>>>>>> search" 79 | result = ThreatIntel.search(api_key=API_KEY, search_string="google.com") 80 | print result 81 | 82 | # To run advanced search based on parameters 83 | # (find all MD5 samples connecting to a domain and determined as malicious): 84 | print ">>>>>>>>>>>>>>> advanced_search" 85 | result = ThreatIntel.advanced_search(api_key=API_KEY, domain=["google.com"], classification="M") 86 | print result 87 | 88 | print ">>>>>>>>>>>>>>> advanced_search" 89 | result = ThreatIntel.advanced_search(api_key=API_KEY, ip_range="1.1.1.1-255.255.255.255", classification="M") 90 | print result -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | requests>=2.5.1 2 | simplejson>=3.8.1 3 | -------------------------------------------------------------------------------- /setup.cfg: -------------------------------------------------------------------------------- 1 | [metadata] 2 | description-file = README.md -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | import setuptools 2 | 3 | setuptools.setup( 4 | name='python-deepviz', 5 | version='2.0.0', 6 | author='Saferbytes', 7 | author_email='info@saferbytes.it', 8 | url="https://github.com/saferbytes/python-deepviz", 9 | description='Deepviz Threat Intelligence API Client Library for python', 10 | keywords="deepviz API SDK", 11 | license='MIT', 12 | packages=['deepviz'], 13 | install_requires=[ 14 | 'requests>=2.5.1', 15 | 'simplejson>=3.8.1' 16 | ] 17 | ) --------------------------------------------------------------------------------