I know the API keys work, because i use them with HA VxAPI en for VT with Curl (curl .

Hello <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-ur

Hey beamzer, You are missing the API user as per <code class="notran

Hey beamzer, You are missing the API user as per <code

Hi Diogo, that does not seem to help: <div class="snippet-clipboard-content no

does not work for me for HA and VT, is API key in URL still supported ? about malsub HOT 8 CLOSED

diogo-fernan commented on September 15, 2024

does not work for me for HA and VT, is API key in URL still supported ?

from malsub.

Comments (8)

kkochanski commented on September 15, 2024 1

Hello @beamzer, Hybrid Analysis dev here.

Hybrid Analysis provides two API versions. They mostly differ in the way of doing authentication, parameters and the form of responses.

Here, what I see, malsub is using the first version (that is deprecated and going to be removed in the future - I would recommend using API v2 instead).
In order to be able to use that API version, you have to pass API Key and Secret. (all of it, you're getting at the moment of creating/regenerating API Key)

In contrary to malsub, the latest version of vxapi is using API v2. That API version requires providing only API Key in the request header.

To resolve your problem, I would recommend you regenerating your API Key at Hybrid Analysis. Then you will receive the API Key and the Secret that you will be able to use in both, malsub (passing API Key and Secret) and vxapi (passing just API Key). You will see it in the success message.

from malsub.

AHewitt commented on September 15, 2024

Hi beamzer and thanks for bringing this to our attention. I think your assumption is correct and we need to make some changes to fix it.

from malsub.

diogo-fernan commented on September 15, 2024

Hey beamzer,

You are missing the API user as per &secret=%3Capiuser%3E from the URI. Hybrid Analysis calls it a secret (check https://github.com/diogo-fernan/malsub/blob/master/data/apikey.yaml#L13).

Cheers,
Diogo

from malsub.

beamzer commented on September 15, 2024

Hey beamzer,

You are missing the API user as per &secret=%3Capiuser%3E from the URI. Hybrid Analysis calls it a secret (check https://github.com/diogo-fernan/malsub/blob/master/data/apikey.yaml#L13).

Cheers,
Diogo

Hi Diogo,

This is wat i thought in the beginning too. but as far as i can see/find, Hybrid-Analysis and VT don't use a "secret". I know some others do, but for HA and VT there is no "secret" on my API profile page and also the other API methods i use work fine with only the API key string.

thanks,
Ewald....

from malsub.

diogo-fernan commented on September 15, 2024

It could be that the API specification changed or that the /api/quota endpoint is no longer available at Hybrid Analysis. Also try removing the apiuser parameter for HA from the YAML configuration file since you do not have one.

from malsub.

beamzer commented on September 15, 2024

Hi Diogo,
that does not seem to help:

/home/remnux/GIT/malsub% python3 malsub.py -a ha -q -v
  

         _,  |\  ,       |)
/|/|/|  / |  |/ / \_|  | |/\_
 | | |_/\/|_/|_/ \/  \/|_/\/

   malsub v1.3
   https://github.com/diogo-fernan/malsub

[!] warning Mon 21 Sep 2020 20:23:36.998482 +0000 UTC: "HybridAnalysis" -- "quota" error: 403 Client Error: Forbidden for url: https://www.hybrid-analysis.com/api/quota?apikey=<<MyAPIkey>>
Traceback (most recent call last):
  File "/home/remnux/GIT/malsub/malsub/core/work.py", line 27, in exec
    data = f.result()
  File "/usr/lib/python3.6/concurrent/futures/_base.py", line 425, in result
    return self.__get_result()
  File "/usr/lib/python3.6/concurrent/futures/_base.py", line 384, in __get_result
    raise self._exception
  File "/usr/lib/python3.6/concurrent/futures/thread.py", line 56, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/home/remnux/GIT/malsub/malsub/service/hybrid-analysis.py", line 79, in quota
    data, _ = request(self.api_quot)
  File "/home/remnux/GIT/malsub/malsub/core/web.py", line 97, in request
    apispec.verify, bin, json)
  File "/home/remnux/GIT/malsub/malsub/core/web.py", line 86, in get
    json_req, param, verify, bin, json)
  File "/home/remnux/GIT/malsub/malsub/core/web.py", line 49, in _request
    res.raise_for_status()
  File "/usr/local/lib/python3.6/dist-packages/requests/models.py", line 940, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://www.hybrid-analysis.com/api/quota?apikey=<<MyAPIkey>>

[*] verbose Mon 21 Sep 2020 20:23:36.999654 +0000 UTC: malsub finished with results:
+---+-------+-----------------+
| # | input | Hybrid Analysis |
+---+-------+-----------------+
| 1 | —     | unsuccessful    |
+---+-------+-----------------+

thanks,
Ewald...

from malsub.

diogo-fernan commented on September 15, 2024

It may be that the /api/quota API endpoint is no longer available or that your API key lacks permissions. Have you tried other functions?

from malsub.

beamzer commented on September 15, 2024

Hi Diogo,

Submitting to HA doesn't show an error, but it also doesn't show that submission in the HA webinterface.

% python3 malsub.py -a ha -s september-16-919948-2020.doc 

                                            
 ##  ## ###### ###    ###### ##  ## ######  
 ###### ###### ###    ###    ##  ## ##  ##  
 ###### ##  ## ###    ###### ##  ## #####   
 ##  ## ###### ###        ## ##  ## ##  ##  
 ##  ## ##  ## ###    ###### ###### ######  
 ##  ## ##  ## ###### ###### ###### ######

   malsub v1.3
   https://github.com/diogo-fernan/malsub

When i try to receive malware data based on the file hash, i also an error.
When i try the same with the HA vxapi.py (and the same API key), it does give me the report.

% python3 malsub.py -a ha -r 44d6c7f1c3536454a19ef188240a6f58c415fb2da863308610e7e27a66e562cb

 _  _ ____ _    ____ _  _ ___ 
 |\/| |--| |___ ==== |__| |==]

   malsub v1.3
   https://github.com/diogo-fernan/malsub

[!] warning Wed 23 Sep 2020 13:22:49.114182 +0000 UTC: "HybridAnalysis" -- "report_file" error: 403 Client Error: Forbidden for url: https://www.hybrid-analysis.com/api/scan/44d6c7f1c3536454a19ef188240a6f58c415fb2da863308610e7e27a66e562cb?apikey=<<MyAPIkey>>
Traceback (most recent call last):
  File "/home/remnux/GIT/malsub/malsub/core/work.py", line 27, in exec
    data = f.result()
  File "/usr/lib/python3.6/concurrent/futures/_base.py", line 425, in result
    return self.__get_result()
  File "/usr/lib/python3.6/concurrent/futures/_base.py", line 384, in __get_result
    raise self._exception
  File "/usr/lib/python3.6/concurrent/futures/thread.py", line 56, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/home/remnux/GIT/malsub/malsub/service/hybrid-analysis.py", line 41, in report_file
    data, _ = request(self.api_repf)
  File "/home/remnux/GIT/malsub/malsub/core/web.py", line 97, in request
    apispec.verify, bin, json)
  File "/home/remnux/GIT/malsub/malsub/core/web.py", line 86, in get
    json_req, param, verify, bin, json)
  File "/home/remnux/GIT/malsub/malsub/core/web.py", line 49, in _request
    res.raise_for_status()
  File "/usr/local/lib/python3.6/dist-packages/requests/models.py", line 940, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://www.hybrid-analysis.com/api/scan/44d6c7f1c3536454a19ef188240a6f58c415fb2da863308610e7e27a66e562cb?apikey=<<MyAPIkey>>

And via vxapi.py

% ../VxAPI/vxapi.py search_hash 44d6c7f1c3536454a19ef188240a6f58c415fb2da863308610e7e27a66e562cb
[
    {
        "analysis_start_time": "2020-09-19T09:29:16+00:00",
        "av_detect": 55,
etc...

from malsub.

does not work for me for HA and VT, is API key in URL still supported ? about malsub HOT 8 CLOSED

Comments (8)

Related Issues (14)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs