Python library and tools to work with Kunai

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for adulau from gravatar.com adulau Avatar for qjerome from gravatar.com qjerome

Unverified details

These details have not been verified by PyPI
Meta
  • Author: qjerome
  • Requires: Python >=3.7
Report project as malware

Project description

Library and tools for Kunai.

Installing tools

uv tool install pykunai

Upgrade tools

uv tool upgrade pykunai

Tools

misp-to-kunai

Pulls IoCs from a MISP instance or MISP feeds and formats it to be ingested by kunai.

Configurationsee configuration file

usage: misp-to-kunai [-h] [-c CONFIG] [-s] [-l LAST] [-o OUTPUT] [--overwrite] [--all] [--tags TAGS] [--wait WAIT]
                     [--service]

Tool pulling IoCs from a MISP instance and converting them to be loadable in Kunai

options:
  -h, --help           show this help message and exit
  -c, --config CONFIG  Configuration file. Default: /home/kunai-user/kunai-
                       project/tools/src/pykunai/tools/config.toml
  -s, --silent         Silent HTTPS warnings
  -l, --last LAST      Process events updated the last days
  -o, --output OUTPUT  Output file
  --overwrite          Overwrite output file (default is to append)
  --all                Process all events, published and unpublished. By default only published events are
                       processed.
  --tags TAGS          Comma separated list of (event tags) to pull iocs for
  --wait WAIT          Wait time in seconds between to runs in service mode
  --service            Run in service mode (i.e endless loop)

kunai-to-misp

Uses Kunai logs to create a MISP event to share IoCs with the community.

Configurationsee configuration file

One use case example is:

  1. analyze a malware sample with Kunai Sandbox
  2. use kunai-to-misp on the kunai logs collected
  3. OPTIONAL: review attributes' IDS flag to maximize detections and lower false positives
  4. use misp-to-kunai to benefit from the result of the analysis in all of the kunai endpoints
usage: kunai-to-misp [-h] [-c CONFIG] [--no-recurse] [-s] [-H HASHES] [-F FILE] [-G GUUID] KUNAI_JSON_INPUT

Push Kunai analysis to MISP

positional arguments:
  KUNAI_JSON_INPUT     Input file in json line format or stdin with -

options:
  -h, --help           show this help message and exit
  -c, --config CONFIG  Configuration file. Default: /home/kunai-user/kunai-
                       project/tools/src/pykunai/tools/config.toml
  --no-recurse         Does a recursive search (goes to child processes as well)
  -s, --silent         Silent HTTPS warnings
  -H, --hashes HASHES  Search by hash (comma split)
  -F, --file FILE      Hash file and search by hash
  -G, --guuid GUUID    Search by task guuid (comma split)

kunai-search

Easily search / filter kunai logs for manual inspection

usage: kunai-search [-h] [--no-recurse] [-g GUIDS] [-P REGEXES] [-c HASHES] [-F FILE] [-f FILTERS] kunai_json_input

Helper script to easily search in Kunai logs

positional arguments:
  kunai_json_input      Input file in json line format or stdin with -

options:
  -h, --help            show this help message and exit
  --no-recurse          Does a recursive search (goes to child processes as well)
  -g, --guids GUIDS     Search by task_uuid (comma split)
  -P, --regexes REGEXES
                        Search by regexp (comma split)
  -c, --hashes HASHES   Search by hash (comma split)
  -F, --file FILE       Hash file and search by hash
  -f, --filters FILTERS
                        Filters output to display or not (- prefix) some event ids. Example: --filter=-1,-2 would
                        show all events except event with id 1 or 2

kunai-graph

Build a visual representation (in SVG) of Kunai logs.

usage: kunai-graph [-h] -o OUTPUT KUNAI_LOGS

Transform kunai logs to mermaid graph

positional arguments:
  KUNAI_LOGS           Kunai logs. Default: stdin

options:
  -h, --help           show this help message and exit
  -o, --output OUTPUT  Ouptut file

kunai-iocgen

Generate a Kunai IoC from command line. This is particularly useful to automate IoC generation.

usage: kunai-iocgen [-h] source value severity

Help creating iocs from batch

positional arguments:
  source      IoC source
  value       IoC value
  severity    IoC value

options:
  -h, --help  show this help message and exit

Funding

The NGSOTI project is dedicated to training the next generation of Security Operation Center (SOC) operators, focusing on the human aspect of cybersecurity. It underscores the significance of providing SOC operators with the necessary skills and open-source tools to address challenges such as detection engineering, incident response, and threat intelligence analysis. Involving key partners such as CIRCL, Restena, Tenzir, and the University of Luxembourg, the project aims to establish a real operational infrastructure for practical training. This initiative integrates academic curricula with industry insights, offering hands-on experience in cyber ranges.

NGSOTI is co-funded under Digital Europe Programme (DEP) via the ECCC (European cybersecurity competence network and competence centre).

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for adulau from gravatar.com adulau Avatar for qjerome from gravatar.com qjerome

Unverified details

These details have not been verified by PyPI
Meta
  • Author: qjerome
  • Requires: Python >=3.7

Release history Release notifications | RSS feed

0.1.10

0.1.9

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

This version

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pykunai-0.1.3.tar.gz (57.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pykunai-0.1.3-py3-none-any.whl (30.5 kB view details)

Uploaded Python 3

File details

Details for the file pykunai-0.1.3.tar.gz.

File metadata

  • Download URL: pykunai-0.1.3.tar.gz
  • Upload date:
  • Size: 57.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.8

File hashes

Hashes for pykunai-0.1.3.tar.gz
Algorithm Hash digest
SHA256 1e0ca8c49bec7ee749ed5a1b6760a6fa7e97e4fcd3910ee17d09c28b3fbdd203
MD5 597ef3ba62b254ea1991d78bb802bf88
BLAKE2b-256 8c95646b96073d38c0a996f080be4d2e2b0bb34b2ee7c71e635a34e2de1402d7

See more details on using hashes here.

Provenance

The following attestation bundles were made for pykunai-0.1.3.tar.gz:

Publisher: python-publish.yml on kunai-project/pykunai

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pykunai-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: pykunai-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 30.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.8

File hashes

Hashes for pykunai-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 3376645e1b833e0311846501bc31180094812fcde744c30ea59734fe33506753
MD5 794e0cb1ae9e9d12785313636843d637
BLAKE2b-256 263d118813ac7bd2469f95f624f1a2e753c6dc4a408ea550e89a4bb0d2ae2ecd

See more details on using hashes here.

Provenance

The following attestation bundles were made for pykunai-0.1.3-py3-none-any.whl:

Publisher: python-publish.yml on kunai-project/pykunai

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page