Python library and tools to work with Kunai

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for adulau from gravatar.com adulau Avatar for qjerome from gravatar.com qjerome

Unverified details

These details have not been verified by PyPI
Meta
  • Author: qjerome
  • Requires: Python >=3.7
Report project as malware

Project description

Library and tools for Kunai.

Installing tools

uv tool install pykunai

Upgrade tools

uv tool upgrade pykunai

Tools

misp-to-kunai

Pulls IoCs from a MISP instance or MISP feeds and formats it to be ingested by kunai.

Configurationsee configuration file

usage: misp-to-kunai [-h] [-c CONFIG] [-s] [-l LAST] [-o OUTPUT] [--overwrite] [--all] [--tags TAGS] [--wait WAIT]
                     [--service]

Tool pulling IoCs from a MISP instance and converting them to be loadable in Kunai

options:
  -h, --help           show this help message and exit
  -c, --config CONFIG  Configuration file. Default: /home/kunai-user/kunai-
                       project/tools/src/pykunai/tools/config.toml
  -s, --silent         Silent HTTPS warnings
  -l, --last LAST      Process events updated the last days
  -o, --output OUTPUT  Output file
  --overwrite          Overwrite output file (default is to append)
  --all                Process all events, published and unpublished. By default only published events are
                       processed.
  --tags TAGS          Comma separated list of (event tags) to pull iocs for
  --wait WAIT          Wait time in seconds between to runs in service mode
  --service            Run in service mode (i.e endless loop)

kunai-to-misp

Uses Kunai logs to create a MISP event to share IoCs with the community.

Configurationsee configuration file

One use case example is:

  1. analyze a malware sample with Kunai Sandbox
  2. use kunai-to-misp on the kunai logs collected
  3. OPTIONAL: review attributes' IDS flag to maximize detections and lower false positives
  4. use misp-to-kunai to benefit from the result of the analysis in all of the kunai endpoints
usage: kunai-to-misp [-h] [-c CONFIG] [--no-recurse] [-s] [-H HASHES] [-F FILE] [-G GUUID] KUNAI_JSON_INPUT

Push Kunai analysis to MISP

positional arguments:
  KUNAI_JSON_INPUT     Input file in json line format or stdin with -

options:
  -h, --help           show this help message and exit
  -c, --config CONFIG  Configuration file. Default: /home/kunai-user/kunai-
                       project/tools/src/pykunai/tools/config.toml
  --no-recurse         Does a recursive search (goes to child processes as well)
  -s, --silent         Silent HTTPS warnings
  -H, --hashes HASHES  Search by hash (comma split)
  -F, --file FILE      Hash file and search by hash
  -G, --guuid GUUID    Search by task guuid (comma split)

kunai-search

Easily search / filter kunai logs for manual inspection

usage: kunai-search [-h] [--no-recurse] [-g GUIDS] [-P REGEXES] [-c HASHES] [-F FILE] [-f FILTERS] kunai_json_input

Helper script to easily search in Kunai logs

positional arguments:
  kunai_json_input      Input file in json line format or stdin with -

options:
  -h, --help            show this help message and exit
  --no-recurse          Does a recursive search (goes to child processes as well)
  -g, --guids GUIDS     Search by task_uuid (comma split)
  -P, --regexes REGEXES
                        Search by regexp (comma split)
  -c, --hashes HASHES   Search by hash (comma split)
  -F, --file FILE       Hash file and search by hash
  -f, --filters FILTERS
                        Filters output to display or not (- prefix) some event ids. Example: --filter=-1,-2 would
                        show all events except event with id 1 or 2

kunai-graph

Build a visual representation (in SVG) of Kunai logs.

usage: kunai-graph [-h] -o OUTPUT KUNAI_LOGS

Transform kunai logs to mermaid graph

positional arguments:
  KUNAI_LOGS           Kunai logs. Default: stdin

options:
  -h, --help           show this help message and exit
  -o, --output OUTPUT  Ouptut file

kunai-iocgen

Generate a Kunai IoC from command line. This is particularly useful to automate IoC generation.

usage: kunai-iocgen [-h] source value severity

Help creating iocs from batch

positional arguments:
  source      IoC source
  value       IoC value
  severity    IoC value

options:
  -h, --help  show this help message and exit

Funding

The NGSOTI project is dedicated to training the next generation of Security Operation Center (SOC) operators, focusing on the human aspect of cybersecurity. It underscores the significance of providing SOC operators with the necessary skills and open-source tools to address challenges such as detection engineering, incident response, and threat intelligence analysis. Involving key partners such as CIRCL, Restena, Tenzir, and the University of Luxembourg, the project aims to establish a real operational infrastructure for practical training. This initiative integrates academic curricula with industry insights, offering hands-on experience in cyber ranges.

NGSOTI is co-funded under Digital Europe Programme (DEP) via the ECCC (European cybersecurity competence network and competence centre).

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for adulau from gravatar.com adulau Avatar for qjerome from gravatar.com qjerome

Unverified details

These details have not been verified by PyPI
Meta
  • Author: qjerome
  • Requires: Python >=3.7

Release history Release notifications | RSS feed

0.1.10

0.1.9

0.1.8

0.1.7

0.1.6

This version

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pykunai-0.1.5.tar.gz (59.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pykunai-0.1.5-py3-none-any.whl (31.0 kB view details)

Uploaded Python 3

File details

Details for the file pykunai-0.1.5.tar.gz.

File metadata

  • Download URL: pykunai-0.1.5.tar.gz
  • Upload date:
  • Size: 59.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for pykunai-0.1.5.tar.gz
Algorithm Hash digest
SHA256 97c56cd6d83b5b16b5153ecec36b9adebde57487a030e7eb0097dbbe77a230d0
MD5 f2157705a73919f95d7bf3f2d741e20b
BLAKE2b-256 7cff2e8ac7c9232dd1a2acbf8636b09a6755afaece13db5c09ed11427dc1ba5b

See more details on using hashes here.

Provenance

The following attestation bundles were made for pykunai-0.1.5.tar.gz:

Publisher: python-publish.yml on kunai-project/pykunai

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pykunai-0.1.5-py3-none-any.whl.

File metadata

  • Download URL: pykunai-0.1.5-py3-none-any.whl
  • Upload date:
  • Size: 31.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for pykunai-0.1.5-py3-none-any.whl
Algorithm Hash digest
SHA256 76f978271aea10a60d768a1656e0cf540bb48a7fc89b328c4c972de553aee8d5
MD5 afbed9fc64c5a7ea2a639c9292179cf9
BLAKE2b-256 c07dd95a2bdd73fb4d167ff08cc6ce7123995166568f5a11e30cb42519b7d69c

See more details on using hashes here.

Provenance

The following attestation bundles were made for pykunai-0.1.5-py3-none-any.whl:

Publisher: python-publish.yml on kunai-project/pykunai

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page