PyVelociraptor is the python binding for the Velociraptor API
Project description
The Velociraptor Python bindings.
Velociraptor is an open source DFIR tool. Read more about it at https://docs.velociraptor.app/
Velociraptor has an API which allows an external program to interface with it. The API presents a simple GRPC connection with the following endpoints:
-
Query: Allows running arbitrary VQL queries - this can be used to automate Velociraptor's collection, analysis and receive JSON encoded results.
Example script: client_example.py
-
VFSGetBuffer: This API allows to read arbitrary buffers from the Velociraptor file store. This allows a client program to fetch bulk collected data.
Example script: fetch.py
You can use these API endpoint to:
-
Control collection from Velociraptor: Start hunts, collections, trigger exports etc.. All with VQL queries over the Query() API endpoint.
-
Perform administive tasks: Spawn new orgs, add users, adjust permissions, create periodic tasks etc.
-
Read results from collected data using the VFSGetBuffer() endpoint.
and much more!
To read more about the Velociraptor API see https://docs.velociraptor.app/docs/server_automation/server_api/
Sample programs
You will find some sample programs in the pyvelociraptor directory:
-
client_example.py: This is a simple client program that allows calling the server to run a query. It demonstrates how to prepare the request and collect the resulting JSON data for display including viewing the query logs.
-
fetch.py: This program demonstrates how to fetch a file from the server's file store - the file is fetched in chunks using the
VFSGetBufferAPI. -
fetch_flow_uploads.py: This example demonstrates how to combine
QueryandVFSGetBufferto both create a flow's export download then fetch it from the server. The flow download is a ZIP file containing all the flow data.
Licensing
Note that Velociraptor itself is licensed under the AGPL, however use
of the API is permitted and does not fall under the derived work
definition. Therefore, using the .proto file in this repository
falls under the MIT license which covers this repository, including
sample programs in python.
Since GRPC protobuf is a portable API definition language you can use
the .proto file to generate interfaces in many other languages. We
use python here as an example to demonstrate the use of the API but
any language will work.
You can even use shell scripting as the Velociraptor binary itself can use the API to call into the server. For details, see https://docs.velociraptor.app/docs/server_automation/server_api/#using-the-built-in-api-client
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pyvelociraptor-0.1.13-py3-none-any.whl.
File metadata
- Download URL: pyvelociraptor-0.1.13-py3-none-any.whl
- Upload date:
- Size: 18.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.10.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
27c4f5c9afc9d501c137504c3c3299c8e98d70c07f2a08b8aa48b66148795679
|
|
| MD5 |
04f13aa44dbb4bc360e17fe424c5551e
|
|
| BLAKE2b-256 |
f8b5db1e2fc25077a2183438db5f47fc13abb860987b8110d35f6bee28095a85
|
