joesecurity / jbxapi Goto Github PK
View Code? Open in Web Editor NEWPython API wrapper for the Joe Sandbox API.
Home Page: https://www.joesecurity.org
License: MIT License
Python API wrapper for the Joe Sandbox API.
Home Page: https://www.joesecurity.org
License: MIT License
Due to the new parameter --no-check-certificate
, verify_ssl
is now False
by default in CLI mode.
In contrast, if I pass the parameter, it becomes True
, so exactly the opposite of what is intended.
At https://pypi.org/project/jbxapi/#files there is no sdist, as is standard pypi/python practice.
Any plans to create one? It would greatly simplify the work of your downstream packagers.
Thank you.
Some malware does not work if it have not specific file name and sometimes it's filename is not english.
But jbxapi dose not support non-ascii filename because it use urllib3.
There are many ways to solve problems such as % encoding.
I hope jbxapi support non-ascii filename :)
See PR #2 where the parameter used to build the url uses the wrong word.
Other methods pass _extra_params
to self._submit()
, but in submit_sample_url
it is not used:
def submit_sample_url(self, url, params={}, _extra_params={}):
"""
Submit a sample at a given URL for analysis.
"""
self._check_user_parameters(params)
params = copy.copy(params)
params['sample-url'] = url
return self._submit(params, _extra_params={}) # <= here
The fix should be rather easy :)
I wanted to submit an issue that I was unable to start an analysis session on https://www.joesandbox.com however could not find anywhere to do this...
If this needs to be posted in another repo, am happy to do that.
Hello jbxapi Community,
I am currently using the jbxapi for automating malware analysis with Joe Sandbox and have encountered a question regarding the CLI usage.
I need to specify the analysis system (e.g., Windows, Linux, Mac environments) when submitting files for analysis using the CLI. While I am aware of the wide range of systems available for analysis in Joe Sandbox, I have not been able to find specific documentation or examples that detail how to set this parameter using the CLI.
Could you please provide guidance or an example on how to specify the analysis system in a CLI command? Knowing the exact syntax or parameters to use would be immensely helpful, especially for analyzing different file types in their respective environments.
Thank you in advance for your assistance and for the great work on this tool!
Hi Joe Team
The documentation (https://github.com/joesecurity/jbxapi#manually) states to install python-requests
using the following command:
pip install python-request
But according to the python-requests
documentation, it should be:
pip install requests
Hello,
I wanted to report that the proxies requests documentation URL needs to be updated, see
https://github.com/joesecurity/jbxapi/blob/master/docs/api.md?plain=1#L40
The new URL is https://requests.readthedocs.io/en/latest/user/advanced/?highlight=proxy#proxies
This is the HTTP error I get when attempting to go to the URL in the documentation
get version of JoeSandbox
I want to know if is you have support for password protected PDF files in Joe Sandbox.
I see the params office-files-password
and archive-password
(zip, 7z, rar etc.) but I'm not sure if the PDF protected functionality is allowed.
Add a command line argument so that ssl_verify
can be passed from the command line argument to the JoeSandbox constructor. That would allow to use the library in a development setting where a self-signed server certificate is used.
From the endpoint /v2/analysis/info
we are getting an unexpected value for the status
attribute:
{"status": "finishedrun", "runs": [ ... ], ... }
This value isn't documented so we are wondering about its meaning.
"The status field is one of submitted, running, finished. ... "
Thank you.
I see in the comments, it says:
Parameters:
sample: The sample to submit. Needs to be a file-like object or a tuple in
the shape (filename, file-like-object).
Which I tried and I believe correctly. And I get:
TypeError: a bytes-like object is required, not 'tuple'
It works great if I just pass a file-like-object but of course that doesn't allow me to specify a file name. They all come in as 'sample' which I believe is because of line 179:
files = {'sample': sample}
Thanks. Greg.
In the _post
function, your comment says "Remove non-ASCII characters from filenames due to a limitation of the combination of urllib3 (via python-requests) and our server." Instead of dropping all non-ASCII characters to work around web server header encoding support, you should encode the filename using urllib.parse.quote
and then decode the filename on the server-side if necessary.
I implemented the methods to Upload Sample
and Browser URL (IE)
but there is another option called Download & Execute File
. The current version of jbxapi
support that?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.