Python library and tools to work with Kunai

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for adulau from gravatar.com adulau Avatar for qjerome from gravatar.com qjerome

Unverified details

These details have not been verified by PyPI
Meta
  • Author: qjerome
  • Requires: Python >=3.7
Report project as malware

Project description

Library and tools for Kunai.

Installing tools

uv tool install pykunai

Upgrade tools

uv tool upgrade pykunai

Tools

misp-to-kunai

Pulls IoCs from a MISP instance or MISP feeds and formats it to be ingested by kunai.

Configurationsee configuration file

usage: misp-to-kunai [-h] [-c CONFIG] [-s] [-l LAST] [-o OUTPUT] [--overwrite] [--all] [--tags TAGS] [--wait WAIT]
                     [--service]

Tool pulling IoCs from a MISP instance and converting them to be loadable in Kunai

options:
  -h, --help           show this help message and exit
  -c, --config CONFIG  Configuration file. Default: /home/kunai-user/kunai-
                       project/tools/src/pykunai/tools/config.toml
  -s, --silent         Silent HTTPS warnings
  -l, --last LAST      Process events updated the last days
  -o, --output OUTPUT  Output file
  --overwrite          Overwrite output file (default is to append)
  --all                Process all events, published and unpublished. By default only published events are
                       processed.
  --tags TAGS          Comma separated list of (event tags) to pull iocs for
  --wait WAIT          Wait time in seconds between to runs in service mode
  --service            Run in service mode (i.e endless loop)

kunai-to-misp

Uses Kunai logs to create a MISP event to share IoCs with the community.

Configurationsee configuration file

One use case example is:

  1. analyze a malware sample with Kunai Sandbox
  2. use kunai-to-misp on the kunai logs collected
  3. OPTIONAL: review attributes' IDS flag to maximize detections and lower false positives
  4. use misp-to-kunai to benefit from the result of the analysis in all of the kunai endpoints
usage: kunai-to-misp [-h] [-c CONFIG] [--no-recurse] [-s] [-H HASHES] [-F FILE] [-G GUUID] KUNAI_JSON_INPUT

Push Kunai analysis to MISP

positional arguments:
  KUNAI_JSON_INPUT     Input file in json line format or stdin with -

options:
  -h, --help           show this help message and exit
  -c, --config CONFIG  Configuration file. Default: /home/kunai-user/kunai-
                       project/tools/src/pykunai/tools/config.toml
  --no-recurse         Does a recursive search (goes to child processes as well)
  -s, --silent         Silent HTTPS warnings
  -H, --hashes HASHES  Search by hash (comma split)
  -F, --file FILE      Hash file and search by hash
  -G, --guuid GUUID    Search by task guuid (comma split)

kunai-search

Easily search / filter kunai logs for manual inspection

usage: kunai-search [-h] [--no-recurse] [-g GUIDS] [-P REGEXES] [-c HASHES] [-F FILE] [-f FILTERS] kunai_json_input

Helper script to easily search in Kunai logs

positional arguments:
  kunai_json_input      Input file in json line format or stdin with -

options:
  -h, --help            show this help message and exit
  --no-recurse          Does a recursive search (goes to child processes as well)
  -g, --guids GUIDS     Search by task_uuid (comma split)
  -P, --regexes REGEXES
                        Search by regexp (comma split)
  -c, --hashes HASHES   Search by hash (comma split)
  -F, --file FILE       Hash file and search by hash
  -f, --filters FILTERS
                        Filters output to display or not (- prefix) some event ids. Example: --filter=-1,-2 would
                        show all events except event with id 1 or 2

kunai-graph

Build a visual representation (in SVG) of Kunai logs.

usage: kunai-graph [-h] -o OUTPUT KUNAI_LOGS

Transform kunai logs to mermaid graph

positional arguments:
  KUNAI_LOGS           Kunai logs. Default: stdin

options:
  -h, --help           show this help message and exit
  -o, --output OUTPUT  Ouptut file

kunai-iocgen

Generate a Kunai IoC from command line. This is particularly useful to automate IoC generation.

usage: kunai-iocgen [-h] source value severity

Help creating iocs from batch

positional arguments:
  source      IoC source
  value       IoC value
  severity    IoC value

options:
  -h, --help  show this help message and exit

Funding

The NGSOTI project is dedicated to training the next generation of Security Operation Center (SOC) operators, focusing on the human aspect of cybersecurity. It underscores the significance of providing SOC operators with the necessary skills and open-source tools to address challenges such as detection engineering, incident response, and threat intelligence analysis. Involving key partners such as CIRCL, Restena, Tenzir, and the University of Luxembourg, the project aims to establish a real operational infrastructure for practical training. This initiative integrates academic curricula with industry insights, offering hands-on experience in cyber ranges.

NGSOTI is co-funded under Digital Europe Programme (DEP) via the ECCC (European cybersecurity competence network and competence centre).

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for adulau from gravatar.com adulau Avatar for qjerome from gravatar.com qjerome

Unverified details

These details have not been verified by PyPI
Meta
  • Author: qjerome
  • Requires: Python >=3.7

Release history Release notifications | RSS feed

0.1.10

0.1.9

0.1.8

0.1.7

This version

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pykunai-0.1.6.tar.gz (62.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pykunai-0.1.6-py3-none-any.whl (32.2 kB view details)

Uploaded Python 3

File details

Details for the file pykunai-0.1.6.tar.gz.

File metadata

  • Download URL: pykunai-0.1.6.tar.gz
  • Upload date:
  • Size: 62.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for pykunai-0.1.6.tar.gz
Algorithm Hash digest
SHA256 3007687aa2e75b27a34137ad78b791b3d5b5689509674cbcee97ad8db3db91db
MD5 3f1c2e1248519a9c273a622e6460bdfb
BLAKE2b-256 73d6834824b348050e64a6ccb49022d5df0feb0ef73f3bec2e5595ca05e095b6

See more details on using hashes here.

Provenance

The following attestation bundles were made for pykunai-0.1.6.tar.gz:

Publisher: python-publish.yml on kunai-project/pykunai

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pykunai-0.1.6-py3-none-any.whl.

File metadata

  • Download URL: pykunai-0.1.6-py3-none-any.whl
  • Upload date:
  • Size: 32.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for pykunai-0.1.6-py3-none-any.whl
Algorithm Hash digest
SHA256 d7ed98543aabdc308161713ded7187672d9a076fc532129957a44d52d83e8fc7
MD5 86b2d0275335b611148d0a9f32f5cd07
BLAKE2b-256 235bc937b7585b1aa8c2a8c989eeae6024fa409076e0a52f341b294a0aba1204

See more details on using hashes here.

Provenance

The following attestation bundles were made for pykunai-0.1.6-py3-none-any.whl:

Publisher: python-publish.yml on kunai-project/pykunai

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page