Python library and tools to work with Kunai

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for adulau from gravatar.com adulau Avatar for qjerome from gravatar.com qjerome

Unverified details

These details have not been verified by PyPI
Meta
  • Author: qjerome
  • Requires: Python >=3.7
Report project as malware

Project description

Library and tools for Kunai.

Installing tools

uv tool install pykunai

Upgrade tools

uv tool upgrade pykunai

Tools

misp-to-kunai

Pulls IoCs from a MISP instance or MISP feeds and formats it to be ingested by kunai.

Configurationsee configuration file

usage: misp-to-kunai [-h] [-c CONFIG] [-s] [-l LAST] [-o OUTPUT] [--overwrite] [--all] [--tags TAGS] [--wait WAIT]
                     [--service]

Tool pulling IoCs from a MISP instance and converting them to be loadable in Kunai

options:
  -h, --help           show this help message and exit
  -c, --config CONFIG  Configuration file. Default: /home/kunai-user/kunai-
                       project/tools/src/pykunai/tools/config.toml
  -s, --silent         Silent HTTPS warnings
  -l, --last LAST      Process events updated the last days
  -o, --output OUTPUT  Output file
  --overwrite          Overwrite output file (default is to append)
  --all                Process all events, published and unpublished. By default only published events are
                       processed.
  --tags TAGS          Comma separated list of (event tags) to pull iocs for
  --wait WAIT          Wait time in seconds between to runs in service mode
  --service            Run in service mode (i.e endless loop)

kunai-to-misp

Uses Kunai logs to create a MISP event to share IoCs with the community.

Configurationsee configuration file

One use case example is:

  1. analyze a malware sample with Kunai Sandbox
  2. use kunai-to-misp on the kunai logs collected
  3. OPTIONAL: review attributes' IDS flag to maximize detections and lower false positives
  4. use misp-to-kunai to benefit from the result of the analysis in all of the kunai endpoints
usage: kunai-to-misp [-h] [-c CONFIG] [--no-recurse] [-s] [-H HASHES] [-F FILE] [-G GUUID] KUNAI_JSON_INPUT

Push Kunai analysis to MISP

positional arguments:
  KUNAI_JSON_INPUT     Input file in json line format or stdin with -

options:
  -h, --help           show this help message and exit
  -c, --config CONFIG  Configuration file. Default: /home/kunai-user/kunai-
                       project/tools/src/pykunai/tools/config.toml
  --no-recurse         Does a recursive search (goes to child processes as well)
  -s, --silent         Silent HTTPS warnings
  -H, --hashes HASHES  Search by hash (comma split)
  -F, --file FILE      Hash file and search by hash
  -G, --guuid GUUID    Search by task guuid (comma split)

kunai-search

Easily search / filter kunai logs for manual inspection

usage: kunai-search [-h] [--no-recurse] [-g GUIDS] [-P REGEXES] [-c HASHES] [-F FILE] [-f FILTERS] kunai_json_input

Helper script to easily search in Kunai logs

positional arguments:
  kunai_json_input      Input file in json line format or stdin with -

options:
  -h, --help            show this help message and exit
  --no-recurse          Does a recursive search (goes to child processes as well)
  -g, --guids GUIDS     Search by task_uuid (comma split)
  -P, --regexes REGEXES
                        Search by regexp (comma split)
  -c, --hashes HASHES   Search by hash (comma split)
  -F, --file FILE       Hash file and search by hash
  -f, --filters FILTERS
                        Filters output to display or not (- prefix) some event ids. Example: --filter=-1,-2 would
                        show all events except event with id 1 or 2

kunai-graph

Build a visual representation (in SVG) of Kunai logs.

usage: kunai-graph [-h] -o OUTPUT KUNAI_LOGS

Transform kunai logs to mermaid graph

positional arguments:
  KUNAI_LOGS           Kunai logs. Default: stdin

options:
  -h, --help           show this help message and exit
  -o, --output OUTPUT  Ouptut file

kunai-iocgen

Generate a Kunai IoC from command line. This is particularly useful to automate IoC generation.

usage: kunai-iocgen [-h] source value severity

Help creating iocs from batch

positional arguments:
  source      IoC source
  value       IoC value
  severity    IoC value

options:
  -h, --help  show this help message and exit

Funding

The NGSOTI project is dedicated to training the next generation of Security Operation Center (SOC) operators, focusing on the human aspect of cybersecurity. It underscores the significance of providing SOC operators with the necessary skills and open-source tools to address challenges such as detection engineering, incident response, and threat intelligence analysis. Involving key partners such as CIRCL, Restena, Tenzir, and the University of Luxembourg, the project aims to establish a real operational infrastructure for practical training. This initiative integrates academic curricula with industry insights, offering hands-on experience in cyber ranges.

NGSOTI is co-funded under Digital Europe Programme (DEP) via the ECCC (European cybersecurity competence network and competence centre).

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for adulau from gravatar.com adulau Avatar for qjerome from gravatar.com qjerome

Unverified details

These details have not been verified by PyPI
Meta
  • Author: qjerome
  • Requires: Python >=3.7

Release history Release notifications | RSS feed

0.1.10

0.1.9

This version

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pykunai-0.1.8.tar.gz (62.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pykunai-0.1.8-py3-none-any.whl (32.3 kB view details)

Uploaded Python 3

File details

Details for the file pykunai-0.1.8.tar.gz.

File metadata

  • Download URL: pykunai-0.1.8.tar.gz
  • Upload date:
  • Size: 62.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for pykunai-0.1.8.tar.gz
Algorithm Hash digest
SHA256 f5a1c22852f1ce3a4235d9649eea6ec3ee2bb26cfc0dbd476527ef0f1ada890f
MD5 697b2b262cca83d9c2384aaa7f7a0e25
BLAKE2b-256 890c23215e23f531296268829f82857db47526f681bfe39d7491efab316d8fe6

See more details on using hashes here.

Provenance

The following attestation bundles were made for pykunai-0.1.8.tar.gz:

Publisher: python-publish.yml on kunai-project/pykunai

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pykunai-0.1.8-py3-none-any.whl.

File metadata

  • Download URL: pykunai-0.1.8-py3-none-any.whl
  • Upload date:
  • Size: 32.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for pykunai-0.1.8-py3-none-any.whl
Algorithm Hash digest
SHA256 4d7b6ada49eca82cd8ba37e0e8c170bf40e47c667817d854aea64b4c0edeb2aa
MD5 563348d57b9a766414232e15bd6d86d0
BLAKE2b-256 c8bc2fdc69775b036e6dc49044dbdaacdadba31a7a7720650bcf47a8ee3db505

See more details on using hashes here.

Provenance

The following attestation bundles were made for pykunai-0.1.8-py3-none-any.whl:

Publisher: python-publish.yml on kunai-project/pykunai

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page