Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

I would like to use the self-issued API key (see How to issue a self-signed API key) to search the database on the public/private instance.

Step-by-step guide

  1. Download the VxAPI wrappers here: https://github.com/PayloadSecurity/VxAPI
  2. Install Python 3.4 (or above): https://www.python.org/downloads/
  3. Take a look at the README.md file or edit the config.py file and specify the API key/secret and application server. Example:

    def get_config():
    return {
    'api_key': '32dourjctm0wsoc88k43g8g88',
    'api_secret': '5e8d1ef991e4acad3499db70903e9d0758f68110c8498263',
    'server': 'https://www.hybrid-analysis.com'
    }


  4. Print a list of available endpoints for your authorization level: python vxapi.py -h



  5. To track some campaigns or find samples similar to a given SHA256, use the search endpoint and utilize some of the advanced search queries. For example:

    python vxapi.py search similar-to:35047ad869607de0a52d54be5998f268c719bb655e168f9bff8356b1f1239c55

  6. This will yield some basic results:



  7. Using the SHA256 and environment ID, retrieve additional information (such as network traffic) from a sample using the get_summary endpoint:

    python vxapi.py get_summary 01837d9b63b19d04125dfcce7941f7ac0e388f67b469ba8dea9c910d5cafe363 100



  8. The most interesting search "prefix" terms can be found in the FAQ at the "Do you have some advanced search options?" section: https://www.hybrid-analysis.com/faq
  9. Have fun!


Info

Note: the restricted API keys on the public server are limited to 5 queries per minute and 200 per hour.

Content by Label
showLabelsfalse
max5
spacesVSKB
showSpacefalse
sortmodified
reversetrue
typepage
cqllabel in ("public","search","api") and type = "page" and space = "VSKB"
labelsapi public search

Page properties
hiddentrue
Related issues