GithubHelp home page GithubHelp logo

pyeti's Introduction

pyeti

Python bindings for Yeti's API

Installation

$ python3 setup.py install should get you started. After this gets a little more maturity, we will submit it to Pypy for usage with pip.

Testing

You can run tests from the root directory by running:

$ pip3 install nose
$ python3 setup.py test

Note that most tests require a full running install of Yeti on localhost:5000

Some examples

First thing is to import the library and instantiate a client.

import pyeti, json    # json is only used for pretty printing in the examples below 
api = pyeti.YetiApi("http://localhost:5000/api/")

If you are using a self signed cert on your yeti instance you can set the verify_ssl parameter to True to false to ignore warnings. Otherwise all ssl connections are verified by default.

import pyeti, json    # json is only used for pretty printing in the examples below 
api = pyeti.YetiApi("http://localhost:5000/api/", verify_ssl=False)

Adding observables

results = api.observable_add("google.com", ['google'])
print(json.dumps(results, indent=4, sort_keys=True))
{
    "context": [],
    "created": "2017-06-25T17:33:51.735000",
    "description": null,
    "human_url": "http://localhost:5000/observable/594ff3ffbf365e53fbae38c9",
    "id": "594ff3ffbf365e53fbae38c9",
    "last_analyses": {},
    "sources": [
        "API"
    ],
    "tags": [
        {
            "first_seen": "2017-06-25T17:33:51.746000",
            "fresh": true,
            "last_seen": "2017-06-25T17:33:51.746000",
            "name": "google"
        }
    ],
    "type": "Hostname",
    "url": "http://localhost:5000/api/observable/594ff3ffbf365e53fbae38c9",
    "value": "google.com"
}

Bulk add

results = api.observable_bulk_add(["google.com", "bing.com", "yahoo.com"])
print(len(results))
3
print(json.dumps(results[1], indent=4, sort_keys=True))
{
    "context": [],
    "created": "2017-06-25T17:39:31.051000",
    "description": null,
    "human_url": "http://localhost:5000/observable/594ff553bf365e53fbae38cc",
    "id": "594ff553bf365e53fbae38cc",
    "last_analyses": {},
    "sources": [
        "API"
    ],
    "tags": [],
    "type": "Hostname",
    "url": "http://localhost:5000/api/observable/594ff553bf365e53fbae38cc",
    "value": "bing.com"
}

Get a single observable

results = api.observable_add("google.com")
print(results['id'])
info = api.observable_details(results['id'])
print(json.dumps(info, indent=4, sort_keys=True))
{
    "context": [],
    "created": "2017-06-25T17:33:51.735000",
    "description": null,
    "human_url": "http://localhost:5000/observable/594ff3ffbf365e53fbae38c9",
    "id": "594ff3ffbf365e53fbae38c9",
    "last_analyses": {},
    "sources": [
        "API"
    ],
    "tags": [
        {
            "first_seen": "2017-06-25T17:33:51.746000",
            "fresh": true,
            "last_seen": "2017-06-25T17:33:51.746000",
            "name": "google"
        }
    ],
    "type": "Hostname",
    "url": "http://localhost:5000/api/observable/594ff3ffbf365e53fbae38c9",
    "value": "google.com"
}

Search for observables

api.observable_add("search-domain.com")
result = api.observable_search(value="search-dom[a-z]+", regex=True)
print(json.dumps(result, indent=4, sort_keys=True))
[
    {
        "context": [],
        "created": "2017-06-25T17:57:28.994000",
        "description": null,
        "human_url": "http://localhost:5000/observable/594ff988bf365e58c4c2b8ef",
        "id": "594ff988bf365e58c4c2b8ef",
        "last_analyses": {},
        "sources": [
            "API"
        ],
        "tags": [],
        "type": "Hostname",
        "url": "http://localhost:5000/api/observable/594ff988bf365e58c4c2b8ef",
        "value": "search-domain.com"
    }
]

Add files

result = api.observable_file_add("/tmp/hello.txt", tags=['benign'])
print(json.dumps(result, indent=4, sort_keys=True))
[
    {
        "context": [],
        "created": "2017-06-25T18:23:02.471000",
        "description": null,
        "hashes": [
            {
                "hash": "sha256",
                "value": "b22b009134622b6508d756f1062455d71a7026594eacb0badf81f4f677929ebe"
            },
            {
                "hash": "sha512",
                "value": "eb22d991d6d86641d95e01a804025fc210491286a30f3114dd1469c7457c03e807506f5615bc9065f47a6ee2208364f643837f2298738b4f5c53797124f41f60"
            },
            {
                "hash": "md5",
                "value": "e134ced312b3511d88943d57ccd70c83"
            },
            {
                "hash": "sha1",
                "value": "a8d191538209e335154750d2df575b9ddfb16fc7"
            }
        ],
        "human_url": "http://localhost:5000/observable/594fff86bf365e6270f8914b",
        "id": "594fff86bf365e6270f8914b",
        "last_analyses": {},
        "mime_type": "text/plain",
        "sources": [],
        "tags": [
            {
                "first_seen": "2017-06-25T18:23:02.544000",
                "fresh": true,
                "last_seen": "2017-06-25T18:23:02.544000",
                "name": "benign"
            }
        ],
        "type": "File",
        "url": "http://localhost:5000/api/observable/594fff86bf365e6270f8914b",
        "value": "FILE:b22b009134622b6508d756f1062455d71a7026594eacb0badf81f4f677929ebe"
    }
]
# Get file contents
api.observable_file_contents(objectid="594fff86bf365e6270f8914b")
'Hello!\n'
api.observable_file_contents(filehash="e134ced312b3511d88943d57ccd70c83") # you can also use any hash computed above
'Hello!\n'

pyeti's People

Contributors

tomchop avatar threathive avatar gaelmuller avatar sebdraven avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.