python-deepviz is a Python wrapper for deepviz.com REST APIs
python-deepviz is hosted by PyPi
pip install python-deepvizTo use Deepviz API sdk you will need an API key you can get by subscribing the service free at https://account.deepviz.com/register/
The complete Deepviz REST APIs documentation can be found at https://api.deepviz.com/docs/
To upload a sample:
from deepviz import sandbox
sbx = sandbox.Sandbox()
result = sbx.upload_sample(path="path\\to\\file.exe", api_key="my-api-key")
print resultTo upload a folder:
from deepviz import sandbox
sbx = sandbox.Sandbox()
result = sbx.upload_folder(path="path\\to\\files", api_key="my-api-key")
print resultTo download a sample:
from deepviz import sandbox
sbx = sandbox.Sandbox()
result = sbx.download_sample(md5="MD5-hash", api_key="my-api-key", path="output\\directory\\")
print resultTo send a bulk download request and download the related archive:
from deepviz.sandbox import Sandbox
from deepviz.result import *
sbx = Sandbox()
md5_list = [
"a6ca3b8c79e1b7e2a6ef046b0702aeb2",
"34781d4f8654f9547cc205061221aea5",
"a8c5c0d39753c97e1ffdfc6b17423dd6"
]
result = sbx.bulk_download_request(md5_list=md5_list, api_key="my-api-key")
if result.status == SUCCESS:
print result
while True:
result2 = sbx.bulk_download_retrieve(id_request=result.msg['id_request'], api_key="my-api-key", path="output\\directory\\")
if result2.status != PROCESSING:
print result2
break
time.sleep(1)To retrieve full scan report for a specific MD5
from deepviz import sandbox
sbx = sandbox.Sandbox()
result = sbx.sample_report(md5="MD5-hash", api_key="my-api-key")
print resultTo retrieve scan result of a specific MD5
from deepviz import intel
ThreatIntel = intel.Intel()
result = ThreatIntel.sample_result(md5="MD5-hash", api_key="my-api-key")
classification = result.msg['classification']
print "Classification: %s" % (classification)To retrieve only specific parts of the report of a specific MD5 scan
from deepviz import intel
ThreatIntel = intel.Intel()
result = ThreatIntel.sample_info(md5="MD5-hash", api_key="my-api-key", filters=["classification","rules"])
print resultTo retrieve intel data about an IP:
from deepviz import intel
ThreatIntel = intel.Intel()
result = ThreatIntel.ip_info(api_key="my-api-key", ip="8.8.8.8", filters=["generic_info"])
print resultTo retrieve intel data about one domain:
from deepviz import intel
ThreatIntel = intel.Intel()
result = ThreatIntel.domain_info(api_key="my-api-key", domain="google.com")
print resultTo run generic search based on strings (find all IPs, domains, samples related to the searched keyword):
from deepviz import intel
ThreatIntel = intel.Intel()
result = ThreatIntel.search(api_key="my-api-key", search_string="justfacebook.net")
print resultTo run advanced search based on parameters (find all MD5 samples connecting to a domain and determined as malicious):
from deepviz import intel
ThreatIntel = intel.Intel()
result = ThreatIntel.advanced_search(api_key="my-api-key", domain=["justfacebook.net"], classification="M")
print result