Skip to main content

Command-line interface & Python wrapper for the Appknox API

Project description

PyPI version Build Status Join the chat at https://gitter.im/appknox/appknox-python

appknox-python

Command-line interface & Python wrapper for the Appknox API.

Python API documentation is available here.

Installation

appknox-python is officially supported on python 3.5 & 3.6. pip is the recommended way to install appknox-python.

pip install appknox

Usage

$ appknox
Usage: appknox [OPTIONS] COMMAND [ARGS]...

  Command line wrapper for the Appknox API

Options:
  -v, --verbose  Specify log verbosity.
  -k, --insecure      Allow Insecure Connection
  --help         Show this message and exit.

Commands:
  analyses       List analyses for file
  files          List files for project
  login          Log in and save session credentials
  logout         Delete session credentials
  organizations  List organizations
  projects       List projects
  recent_uploads List recent file uploads by the user
  report         Download report for file
  upload         Upload and scan package
  switch_organization  Switch organization in CLI instance
  vulnerability  Get vulnerability
  whoami         Show session info
  reports list   Show the list of reports for a file
  reports create Creates a new report for a file
  reports download summary-csv  Downloads the report summary in CSV format
  reports download summary-excel  Downloads the report summary in Excel format

Authentication

Log in to appknox CLI using your secure.appknox.com credentials.

$ appknox login
Username: viren
Password:
Logged in to https://api.appknox.com

Using Environment Variables

Instead of login we can use environment variables for authentication. This will be useful for scenarios such as CI/CD setup.

$ export APPKNOX_ACCESS_TOKEN=aaaabbbbbcccddeeeffgghhh
$ export APPKNOX_ORGANIZATION_ID=2
$ export HTTP_PROXY=http://proxy.local
$ export HTTPS_PROXY=https://proxy.local

Supported variables are:

Environment variable Value
APPKNOX_ACCESS_TOKEN Access token can be generated from Appknox dashboard (Settings → Developer Settings → Generate token).
APPKNOX_HOST Defaults to https://api.appknox.com
APPKNOX_ORGANIZATION_ID Your Appknox organization id
HTTP_PROXY Set your HTTP proxy ex: http://proxy.local
HTTPS_PROXY Set your HTTPS proxy ex: https://proxy.local

Data fetch & actions

Available commands Use
organizations List organizations of user
projects List projects user has access to
files <project_id> List files for a project
analyses <file_id> List analyses for a file
vulnerability <vulnerability_id> Get vulnerability detail
owasp <owasp_id> Get OWASP detail
upload <path_to_app_package> Upload app file from given path and get the file_id
rescan <file_id> Rescan a file (this will create a new file under the same project.)
reports list <file_id> Lists all the reports associated with the file
reports create <file_id> Create a new report for the file and returns report ID
reports download summary-csv <report_id> Outputs the report summary in CSV format
reports download summary-excel <report_id> Outputs the report summary in Excel format

Example:

$ appknox organizations
  id  name
----  -------
   2  MyOrganization

$ appknox projects
  id  created_on             file_count  package_name                     platform  updated_on
----  -------------------  ------------  -----------------------------  ----------  -------------------
   3  2017-06-23 07:19:26             3  org.owasp.goatdroid.fourgoats           0  2017-06-23 07:26:55
   4  2017-06-27 08:27:54             2  com.appknox.mfva                        0  2017-06-27 08:30:04

$ appknox files 4
  id  name      version    version_code
----  ------  ---------  --------------
   6  MFVA            1               6
   7  MFVA            1               6

$ appknox reports list 4
  id  language      
----  ------ 
   1  en
   2  en

$ appknox reports create 4
3

$ appknox reports download summary-csv 3
Organization ID,Project ID,Application Name,Application Namespace,Platform,Version,Version Code,File ID,Test Case,Scan Type,Severity,Risk Override,CVSS Score,Findings,Description,Noncompliant Code Example,Compliant Solution,Business Implication,OWASP,CWE,MSTG,ASVS,PCI-DSS,GDPR,Created On
1,1,MFVA,com.appknox.mfva,Android,1.1,1605631525,51,Broken SSL Trust Manager,Static,High,,6.9,"BluK8lNUoeHkNxZ3GVrKN9BP2
NVWmfbtHDiJBOTbOEpCnsbMhc6T31t...(Truncated)

$ appknox reports download summary-csv 3 --output /path/to/output/report_summary.csv
<No output: This command will download the report summary to given output path>

Using Proxy

Appknox client and CLI both supports HTTP and HTTPS proxy. While using the client, if you need to set-up a proxy then please follow the example below

from appknox.client import Appknox

client = Appknox(
        access_token="Your-Access-Token",  #  This is your access token which you can get from developer setting
        https_proxy="http://proxy.local",  # Use https_proxy by default since cloud server connects to https service
        insecure=True,                     # Use insecure connections, because proxies might have their own set of certificates which maynot be trusted
    )                                      # Insecure connections are not reccomended though

To use it in CLI example:

$ export HTTPS_PROXY=http://127.0.0.1:8080 
$ appknox --insecure login
Username:

Note: Please avoid using --insecure flag or setting insecure=True in client, this will allow an attacker to perform MITM attack, but this might be required for proxies to work alongside.


Development

Update docs

Install sphinx-autobuild:

pip install sphinx-autobuild

Build docs:

sphinx-autobuild -b html sphinx-docs docs

License: MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

appknox-4.3.0.tar.gz (17.3 kB view hashes)

Uploaded Source

Built Distribution

appknox-4.3.0-py2.py3-none-any.whl (16.0 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page