joesecurity / jbxapi Goto Github PK

Due to the new parameter --no-check-certificate, verify_ssl is now False by default in CLI mode.
In contrast, if I pass the parameter, it becomes True, so exactly the opposite of what is intended.

At https://pypi.org/project/jbxapi/#files there is no sdist, as is standard pypi/python practice.

Any plans to create one? It would greatly simplify the work of your downstream packagers.

Thank you.

Some malware does not work if it have not specific file name and sometimes it's filename is not english.
But jbxapi dose not support non-ascii filename because it use urllib3.
There are many ways to solve problems such as % encoding.
I hope jbxapi support non-ascii filename :)

See PR #2 where the parameter used to build the url uses the wrong word.

Other methods pass _extra_params to self._submit(), but in submit_sample_url it is not used:

    def submit_sample_url(self, url, params={}, _extra_params={}):
        """
        Submit a sample at a given URL for analysis.
        """
        self._check_user_parameters(params)
        params = copy.copy(params)
        params['sample-url'] = url
        return self._submit(params, _extra_params={}) # <= here

The fix should be rather easy :)

I wanted to submit an issue that I was unable to start an analysis session on https://www.joesandbox.com however could not find anywhere to do this...

• No contact info @ https://www.joesandbox.com
• Contact form @ https://www.joesecurity.org/contact is for corporate users only
• https://twitter.com/joe4security is inactive
• No dedicated JoeSandbox repo

Here is my analysis session...

For context

• Every field that can be completed was completed
• Every filed that is blank was blocked from entry (🚫when trying to select)
• I tried selecting: 0 machines (shown), 1 machine and multiple machines
• In every case, the analyse button was always greyed-out and marked as 🚫 blocked, with no indicator or help message explaining why

Please can someone help!

If this needs to be posted in another repo, am happy to do that.

Hello jbxapi Community,

I am currently using the jbxapi for automating malware analysis with Joe Sandbox and have encountered a question regarding the CLI usage.

I need to specify the analysis system (e.g., Windows, Linux, Mac environments) when submitting files for analysis using the CLI. While I am aware of the wide range of systems available for analysis in Joe Sandbox, I have not been able to find specific documentation or examples that detail how to set this parameter using the CLI.

Could you please provide guidance or an example on how to specify the analysis system in a CLI command? Knowing the exact syntax or parameters to use would be immensely helpful, especially for analyzing different file types in their respective environments.

Thank you in advance for your assistance and for the great work on this tool!

Hi Joe Team
The documentation (https://github.com/joesecurity/jbxapi#manually) states to install python-requests using the following command:

pip install python-request

But according to the python-requests documentation, it should be:

pip install requests

See: https://pypi.org/project/requests/

Hello,

I wanted to report that the proxies requests documentation URL needs to be updated, see
https://github.com/joesecurity/jbxapi/blob/master/docs/api.md?plain=1#L40

The new URL is https://requests.readthedocs.io/en/latest/user/advanced/?highlight=proxy#proxies

This is the HTTP error I get when attempting to go to the URL in the documentation

get version of JoeSandbox

I want to know if is you have support for password protected PDF files in Joe Sandbox.

I see the params office-files-password and archive-password (zip, 7z, rar etc.) but I'm not sure if the PDF protected functionality is allowed.

Add a command line argument so that ssl_verify can be passed from the command line argument to the JoeSandbox constructor. That would allow to use the library in a development setting where a self-signed server certificate is used.

From the endpoint /v2/analysis/info we are getting an unexpected value for the status attribute:

{"status": "finishedrun", "runs": [ ... ], ... }

This value isn't documented so we are wondering about its meaning.

Doc Link

"The status field is one of submitted, running, finished. ...    "

Thank you.

I see in the comments, it says:
Parameters:
sample: The sample to submit. Needs to be a file-like object or a tuple in
the shape (filename, file-like-object).

Which I tried and I believe correctly. And I get:
TypeError: a bytes-like object is required, not 'tuple'

It works great if I just pass a file-like-object but of course that doesn't allow me to specify a file name. They all come in as 'sample' which I believe is because of line 179:
files = {'sample': sample}

Thanks. Greg.

In the _post function, your comment says "Remove non-ASCII characters from filenames due to a limitation of the combination of urllib3 (via python-requests) and our server." Instead of dropping all non-ASCII characters to work around web server header encoding support, you should encode the filename using urllib.parse.quote and then decode the filename on the server-side if necessary.

I implemented the methods to Upload Sample and Browser URL (IE) but there is another option called Download & Execute File. The current version of jbxapi support that?