Khulnasoft Analyze SDK
Project description
Khulnasoft SDK
The SDK wraps Khulnasoft Analyze API 2.0 (View full API documentation)
Currently, the following options are available in the SDK:
- Analyze by file
- Analyze by SHA256
- Analyze Url
- Index by file
- Index by SHA256
- Get Latest Analysis
- Account and file related samples
- Code reuse and Metadata
- IOCs, Dynamic TTPs and Capabilities
- Strings related samples
- Search a family
- Ingest an alert from any source
- Ingest a raw email alert (.msg or .eml file)
Installation
pip install khulnasoft-analyze-sdk
Using Khulnasoft SDK
Set global api key
Before using the SDK functionality we should set the api key:
api.set_global_api('<api_key>')
Analyze By File
analysis = FileAnalysis(file_path=<file_path>,
dynamic_unpacking=<force_dynamic_unpacking>, # optional
static_unpacking=<force_static_unpacking>) # optional
analysis.send(wait=True)
result = analysis.result()
Analyze By SHA256
analysis = FileAnalysis(file_hash=<file_sha256>)
analysis.send(wait=True)
result = analysis.result()
File Analysis result example
{
'analysis_id': '00000000-0000-0000-0000-000000000000',
'analysis_time': 'Sun, 04 Aug 2019 09:38:16 GMT',
'analysis_url': 'https://analyze.khulnasoft.com/#/analyses/00000000-0000-0000-0000-000000000000',
'family_name': 'Ramnit',
'is_private': True,
'sha256': '4e553bce90f0b39cd71ba633da5990259e185979c2859ec2e04dd8efcdafe356',
'sub_verdict': 'malicious',
'verdict': 'malicious'
}
Analyze Url
analysis = UrlAnalysis(url=<url>)
analysis.send(wait=True)
result = analysis.result()
Url Analysis result example
{
'analysis_id': '70d09f68-c7a3-43a3-a8de-07ec31fbf4ed',
'domain_info': {
'creation_date': '1997-08-13 04:00:00.000000',
'domain_name': 'foo.com',
'registrar': 'TUCOWS, INC.'
},
'indicators': [
{
'classification': 'informative',
'text': 'URL is accessible'
},
{
'classification': 'informative',
'text': 'Assigned IPv4 domain'
},
{
'classification': 'informative',
'text': 'Vaild IPv4 domain'
}
],
'ip': '34.206.39.153',
'redirect_chain': [
{
'response_status': 301,
'url': 'https://foo.com/'
},
{
'response_status': 200,
'url': 'http://www.foo.com/'
}
],
'scanned_url': 'http://www.foo.com/',
'submitted_url': 'foo.com',
'downloaded_file': {
'analysis_id': '8db9a401-a142-41be-9a31-8e5f3642db62',
'analysis_summary': {
'verdict_description': 'This file contains code from malicious software, therefore it's very likely that it's malicious.',
'verdict_name': 'malicious',
'verdict_title': 'Malicious',
'verdict_type': 'malicious'
},
'sha256': '4293c1d8574dc87c58360d6bac3daa182f64f7785c9d41da5e0741d2b1817fc7'
},
'summary': {
'description': 'No suspicious activity was detected for this URL',
'title': 'No Threats',
'verdict_name': 'no_threats',
'verdict_type': 'no_threats'
}
}
Index By File
from khulnasoft_analyze_sdk import consts
index = Index(file_path=<file_path>,
index_as=consts.IndexType.MALICIOUS,
family_name=<family_name>)
index.send(wait=True)
index_id = index.index_id
Index By SHA256
from khulnasoft_analyze_sdk import consts
index = Index(sha256=<file_sha256>,
index_as=consts.IndexType.TRUSTED)
index.send(wait=True)
index_id = index.index_id
Get Latest File Analysis
analysis = FileAnalysis.from_latest_hash_analysis(file_hash: <file_sha256>)
result = analysis.result()
Get Sub Analyses
Root File Analysis
root_analysis = analysis.get_root_analysis()
Sub Analyses
sub_analyses = analysis.get_sub_analyses()
Code Reuse and Metadata
root_analysis_code_reuse = root_analysis.code_reuse
root_analysis_metadata = root_analysis.metadata
for sub_analysis in sub_analyses:
sub_analyses_code_reuse = sub_analysis.code_reuse
sub_analyses_metadata = sub_analysis.metadata
Related Files by Family
root_analysis_code_reuse = root_analysis.code_reuse
for family in root_analysis_code_reuse['families']:
operation = root_analysis.find_related_files(family['family_id'], wait=True)
related_files = operation.get_result()
Account Related Samples
operation = root_analysis.get_account_related_samples()
related_samples = operation.get_result()
Vaccine
operation = root_analysis.generate_vaccine()
vaccine = operation.get_result()
Strings related samples
operation = root_analysis.get_string_related_samples('string_to_relate_to', wait=True)
string_related_samples = operation.get_result()
Wait with timeout
analysis = FileAnalysis(file_hash=<file_sha256>)
analysis.send(wait=True, wait_timeout=datetime.timedelta(minutes=1))
Analyses History
- File
history_results = query_file_analyses_history(
start_date = <datetime>,
end_date= <datetime>,
api = <KhulnasoftApi>
aggregated_view: <bool>,
sources=<source>
verdicts=<verdicts>,
file_hash=<file_hash>,
family_names=<family_names>,
file_name=<file_name>
)
for analyse in history_results:
print(analyse)
- URL
history_results = query_url_analyses_history(
start_date = <datetime>,
end_date=<datetime>,
aggregated_view=<bool>,
sources=<sources>,
verdicts=<verdicts>,
)
for analyse in history_results:
print(analyse)
- End Point
history_results = query_endpoint_analyses_history(
start_date = <datetime>,
end_date=<datetime>,
aggregated_view=<bool>,
sources=<sources>,
verdicts=<verdicts>,
sub_verdicts=<verdicts>,
did_download_file=<bool>,
submitted_url=<submitted_url>
)
for analyse in history_results:
print(analyse)
Alerts
Get alert by id
alert = Alert.from_id(alert_id=alert_id,
fetch_scans=False,
wait=False)
Alerts History
history_results = query_file_analyses_history(
api = <KhulnasoftApi>,
**filters
)
for analyse in history_results:
print(analyse)
Code examples
You can find more code examples under analyze-python-sdk/examples/ directory
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file khulnasoft_analyze_sdk-1.21.tar.gz.
File metadata
- Download URL: khulnasoft_analyze_sdk-1.21.tar.gz
- Upload date:
- Size: 43.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.9.19
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1f284e3251f671000427c2f2b1f20c3f82b6089034e651b53e6925f5a84ee625
|
|
| MD5 |
d0ce2235ddc85f88eb36400fbff14242
|
|
| BLAKE2b-256 |
bec21ec7592beedd85729cdfd97b4c514c9712ee9d6da990187abfddd076353f
|
File details
Details for the file khulnasoft_analyze_sdk-1.21-py3-none-any.whl.
File metadata
- Download URL: khulnasoft_analyze_sdk-1.21-py3-none-any.whl
- Upload date:
- Size: 50.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.9.19
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
21909e4280f4dd252a929d0e3967bc4fd07077535c573b0a9d6814d214f37577
|
|
| MD5 |
4aefe5194620603bcf5a5c8c56ca5882
|
|
| BLAKE2b-256 |
2c500ddf6cc229127428c1c0cffb665ac8d7ff509e69bec579798948c728eb48
|
