vmray

package module
Version: v0.0.0-...-2e0d7c0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 16, 2017 License: MIT Imports: 15 Imported by: 0

README

VmRay API module for go

vmray.go allows to communicate with the API of VmRay.

VmRay is a 3rd generation malware execution and analysis environment. For more Information see VmRay Website

Disclaimers

This code is based on the old API of VmRay. Since beginning of 2016 or version 1.9 of VmRay there is a new API which is not yet covered in this code. See Issue #1

Usage

Go and get the code

go get github.com/scusi/vmray

Here is a short and very simple example how to use this module to upload a file to an vmray instance via the (old) API.

// vmray simple upload example
package main

import(
    "os"
	"fmt"
    "github.com/scusi/vmray"
)

func main() {
    fileName := os.Args[1]
    client, err := vmray.New(
	    vmray.SetBasicAuth(os.Getenv("VMRAY_EMAIL"), os.Getenv("VMRAY_PASSWD"))
	)
	result, err := client.UploadSample(fileName)
	if err != nil {
		panic(err)
	}
	fmt.Printf("%s\n", result)
}

Documentation

GoDoc

Documentation is available on GoDoc

For TLS certificate issues please see TlsCertReadme.md

Examples

Please see the Examples directory for some examples how to use this module and it's features.

Commits

If you want to commit to this code feel free to send me pull requests. I prefer lots of small commits that do change one thing rather than one huge commit with a dozen of changes hard to follow.

Author

This module has been written by Florian 'scusi' Walther.

Documentation

Overview

vmray api module for go

vmray allows to communicate with the API of VmRay. VmRay is a 3rd generation malware execution and analysis environment. For more Information see: http://www.vmray.com/

This module has been written by Florian 'scusi' Walther.

For examples how to use this module see Examples directory.

Index

Constants

View Source
const (
	// DefaultURL specifies the default URL for VmRay API
	DefaultURL = "https://cloud.vmray.com/api/"
	// root CA cert for the DefaultURL
	GlobalSignRootCA = `` /* 1262-byte string literal not displayed */

)

Variables

This section is empty.

Functions

func SetErrorLog

func SetErrorLog(logger *log.Logger) func(*Client) error

SetErrorLog sets the logger for critical messages. It is nil by default.

func SetTraceLog

func SetTraceLog(logger *log.Logger) func(*Client) error

SetTraceLog specifies the logger to use for output of trace messages like HTTP requests and responses. It is nil by default.

Types

type AnalysisInfoDetails

type AnalysisInfoDetails struct {
	AnalyzerType              string  `json:"analyzer_type"`
	AnalysisSnapshotId        float64 `json:"analysis_snapshot_id"`
	VmhostName                string  `json:"vmhost_name"`
	AnalysisCreated           string  `json:"analysis_created"`
	AnalysisSize              float64 `json:"analysis_size"`
	AnalysisJobStarted        string  `json:"analysis_job_started"`
	SnapshotName              string  `json:"snapshot_name"`
	AnalysisResult            string  `json:"analysis_result"`
	AnalysisJobId             float64 `json:"analysis_job_id"`
	AnalysisCmdlineId         float64 `json:"analysis_cmdline_id"`
	AnalysisConfigurationID   float64 `json:"analysis_configuration_id"`
	AnalysisUserConfigID      float64 `json:"analysis_user_config_id"`
	AnalyzerName              string  `json:"analyzer_name"`
	AnalysisJobruleId         float64 `json:"analysis_jobrule_id"`
	AnalysisPriority          float64 `json:"analysis_priority"`
	Target                    string  `json:"target"`
	AnalysisHint              float64 `json:"analysis_hint"`
	AnalysisAnalyzerVersion   string  `json:"analysis_analyzer_version"`
	ConfigurationName         string  `json:"configuration_name"`
	AnalysisUserId            float64 `json:"analysis_user_id"`
	AnalysisId                float64 `json:"analysis_id"`
	AnalysisExternalReference string  `json:"analysis_external_reference"`
	AnalysisVmhostId          float64 `json:"analysis_vmhost_id"`
	VmName                    string  `json:"vm_name"`
	AnalysisAnalyzerId        float64 `json:"analysis_analyzer_id"`
	AnalysisPrescriptId       float64 `json:"analysis_prescript_id"`
	AnalysisSampleId          float64 `json:"analysis_sample_id"`
	AnalysisServerity         float64 `json:"analysis_severity"`
	AnalysisVmId              float64 `json:"analysis_vm_id"`
}

type AnalysisInfoResults

type AnalysisInfoResults struct {
	Analyses map[string]AnalysisInfoDetails `json:"Analyses"`
	Jobs     JobInfoResult                  `json:"jobs"`
}

AnalysisInfoResult is a datastructure to hold results from GetAnalysisInfo

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client type, holds all data we need for a api client

func New

func New(options ...OptionFunc) (*Client, error)

New configures a new vmray client.

Example on how to use vmray.New:

c, err := vmray.New(
    vmray.SetBasicAuth(os.Getenv("VMRAY_EMAIL"), os.Getenv("VMRAY_PASSWD")),
)

Example with custom http client and URL, error logging and request tracing

c, err := vmray.New(
    vmray.SetHttpClient(httpclient),
    vmray.SetUrl("https://vmray.mydomain.com/api/"),
    vmray.SetErrorLog(log.New(os.Stderr, "vmray error: ", log.Lshortfile)),
    vmray.SetTraceLog(log.New(os.Stderr, "vmray trace: ", log.Lshortfile)),
    vmray.SetBasicAuth(os.Getenv("VMRAY_EMAIL"), os.Getenv("VMRAY_PASSWD")),
)

func (*Client) DownloadAnalysis

func (self *Client) DownloadAnalysis(id string) (data []byte, err error)

DownloadAnalysis downloads results of an VmRay analysis as zip file.

func (*Client) FindSample

func (self *Client) FindSample(hash string) (r *FindSampleResult, err error)

FindSample finds a Sample in VmRay by its sha1, sha2 or md5 hash

func (*Client) GetAnalysisInfo

func (self *Client) GetAnalysisInfo(id string) (r *AnalysisInfoResults, err error)

GetAnalysisInfo queries Information about an analysis performed by VmRay

func (*Client) GetJobsInfo

func (self *Client) GetJobsInfo() (r *JobInfoResult, err error)

GetJobsInfo queries pending and in progress jobs from vmray

func (*Client) GetSampleInfo

func (self *Client) GetSampleInfo(id string) (r *SampleInfoResult, err error)

GetSampleInfo queries Information about a given Sample from VmRay

func (*Client) UploadSample

func (self *Client) UploadSample(file string) (r *map[string]UploadResultDetails, err error)

UploadSample uploads a given file to VmRay and returns the UploadResultDetails and error

type ClientError

type ClientError struct {
	// contains filtered or unexported fields
}

generic error specific to vmray

func (ClientError) Error

func (self ClientError) Error() string

Error returns a string representation of the error condition

type FindSampleResult

type FindSampleResult struct {
	SampleId int `json:"sample_id"`
}

FindSampleResult a datastructure to hold the results from FindSample

type JobInfoDetail

type JobInfoDetail struct {
	Status string  `json:"status"`
	Slot   float64 `json:"slot"`
}

type JobInfoResult

type JobInfoResult struct {
	Jobs map[string]JobInfoDetail `json:"jobs"`
}

JobsInfoResult a datastructure to hold the results from GetJobsInfo

type OptionFunc

type OptionFunc func(*Client) error

OptionFunc configures a client, used by New

func SetBasicAuth

func SetBasicAuth(username, password string) OptionFunc

Set basic auth

func SetHttpClient

func SetHttpClient(httpClient *http.Client) OptionFunc

SetHttpClient can be used to specify the http.Client to use when making HTTP requests to vmray.

func SetUrl

func SetUrl(rawurl string) OptionFunc

SetUrl defines the URL endpoint of vmray

type Parameters

type Parameters map[string]string

type SampleInfoResult

type SampleInfoResult struct {
	Filesize  int    `json:"sample_filesize"`
	Priority  int    `json:"sample_priority"`
	Sha1      string `json:"sample_sha1hash"`
	Type      string `json:"sample_type"`
	Filename  string `json:"sample_filename"`
	Md5       string `json:"sample_md5hash"`
	Password  string `json:"sample_password"`
	Shareable bool   `json:"sample_shareable"`
	SampleId  int    `json:"sample_id"`
	Sha2      string `json:"sample_sha256hash"`
	Url       string `json:"sample_url"`
	Created   string `json:"sample_created"`
}

SampleInfoResult a datastructure to hold the result of GetSampleInfo

type UploadResultDetails

type UploadResultDetails struct {
	Submission_id   int    `json:"submission_id"`
	Sample_id       int    `json:"sample_id"`
	Webif_url       string `json:"webif_url"`
	Sample_filename string `json:"sample_filename"`
	Sample_url      string `json:"sample_url"`
	Job_ids         []int  `json:"job_ids"`
}

UploadResult is a datastructure to hold results from UploadSample API call

Source Files

Directories

Path Synopsis
Examples
DownloadAnalysesByHash
vmrDoanloadAnalysesByHash.go - downloads all vmray analyses for a given sample, identified by its hash.
vmrDoanloadAnalysesByHash.go - downloads all vmray analyses for a given sample, identified by its hash.
DownloadAnalysis
vmrDownloadAnalysis.go - can be used to download a complete analysis from vmray Example Usage: go run vmrDownloadAnalysis.go -analysis_id=12345
vmrDownloadAnalysis.go - can be used to download a complete analysis from vmray Example Usage: go run vmrDownloadAnalysis.go -analysis_id=12345
FindSampleByHash
vmrFindSample.go - can be used to find a sample by its hash on vmray EXAMPLE USAGE: go run vmrFindSample.go -rsrc="07bd860cf26e56a02bbf1b0ab6874578"
vmrFindSample.go - can be used to find a sample by its hash on vmray EXAMPLE USAGE: go run vmrFindSample.go -rsrc="07bd860cf26e56a02bbf1b0ab6874578"
GetAnalysisInfo
vmrGetAnalysisInfo.go - take a sample_id and returns information about analysis available for that sample vmrGetAnalysisInfo -sample_id 12345
vmrGetAnalysisInfo.go - take a sample_id and returns information about analysis available for that sample vmrGetAnalysisInfo -sample_id 12345
GetJobsInfo
vmrGetJobsInfo.go - provides information about running jobs on vmray go run vmrGetJobsInfo.go
vmrGetJobsInfo.go - provides information about running jobs on vmray go run vmrGetJobsInfo.go
GetSampleInfo
vmrGetSampleInfo.go - takes a vmray sampleId, provides Information about the sample Usage: vmrGetSampleInfo -sample_id 12345
vmrGetSampleInfo.go - takes a vmray sampleId, provides Information about the sample Usage: vmrGetSampleInfo -sample_id 12345
UploadSample
vmrUploadSample.go - uploads a file for analysis on vmray go run vmrUploadSample.go -f <yourSampleFile.ext> Above example shows how to upload a given file to vmray useing vmrUploadSample.go
vmrUploadSample.go - uploads a file for analysis on vmray go run vmrUploadSample.go -f <yourSampleFile.ext> Above example shows how to upload a given file to vmray useing vmrUploadSample.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL