Documentation ¶
Overview ¶
vmray api module for go
vmray allows to communicate with the API of VmRay. VmRay is a 3rd generation malware execution and analysis environment. For more Information see: http://www.vmray.com/
This module has been written by Florian 'scusi' Walther.
For examples how to use this module see Examples directory.
Index ¶
- Constants
- func SetErrorLog(logger *log.Logger) func(*Client) error
- func SetTraceLog(logger *log.Logger) func(*Client) error
- type AnalysisInfoDetails
- type AnalysisInfoResults
- type Client
- func (self *Client) DownloadAnalysis(id string) (data []byte, err error)
- func (self *Client) FindSample(hash string) (r *FindSampleResult, err error)
- func (self *Client) GetAnalysisInfo(id string) (r *AnalysisInfoResults, err error)
- func (self *Client) GetJobsInfo() (r *JobInfoResult, err error)
- func (self *Client) GetSampleInfo(id string) (r *SampleInfoResult, err error)
- func (self *Client) UploadSample(file string) (r *map[string]UploadResultDetails, err error)
- type ClientError
- type FindSampleResult
- type JobInfoDetail
- type JobInfoResult
- type OptionFunc
- type Parameters
- type SampleInfoResult
- type UploadResultDetails
Constants ¶
const ( // DefaultURL specifies the default URL for VmRay API DefaultURL = "https://cloud.vmray.com/api/" // root CA cert for the DefaultURL GlobalSignRootCA = `` /* 1262-byte string literal not displayed */ )
Variables ¶
This section is empty.
Functions ¶
func SetErrorLog ¶
SetErrorLog sets the logger for critical messages. It is nil by default.
Types ¶
type AnalysisInfoDetails ¶
type AnalysisInfoDetails struct { AnalyzerType string `json:"analyzer_type"` AnalysisSnapshotId float64 `json:"analysis_snapshot_id"` VmhostName string `json:"vmhost_name"` AnalysisCreated string `json:"analysis_created"` AnalysisSize float64 `json:"analysis_size"` AnalysisJobStarted string `json:"analysis_job_started"` SnapshotName string `json:"snapshot_name"` AnalysisResult string `json:"analysis_result"` AnalysisJobId float64 `json:"analysis_job_id"` AnalysisCmdlineId float64 `json:"analysis_cmdline_id"` AnalysisConfigurationID float64 `json:"analysis_configuration_id"` AnalysisUserConfigID float64 `json:"analysis_user_config_id"` AnalyzerName string `json:"analyzer_name"` AnalysisJobruleId float64 `json:"analysis_jobrule_id"` AnalysisPriority float64 `json:"analysis_priority"` Target string `json:"target"` AnalysisHint float64 `json:"analysis_hint"` AnalysisAnalyzerVersion string `json:"analysis_analyzer_version"` ConfigurationName string `json:"configuration_name"` AnalysisUserId float64 `json:"analysis_user_id"` AnalysisId float64 `json:"analysis_id"` AnalysisExternalReference string `json:"analysis_external_reference"` AnalysisVmhostId float64 `json:"analysis_vmhost_id"` VmName string `json:"vm_name"` AnalysisAnalyzerId float64 `json:"analysis_analyzer_id"` AnalysisPrescriptId float64 `json:"analysis_prescript_id"` AnalysisSampleId float64 `json:"analysis_sample_id"` AnalysisServerity float64 `json:"analysis_severity"` AnalysisVmId float64 `json:"analysis_vm_id"` }
type AnalysisInfoResults ¶
type AnalysisInfoResults struct { Analyses map[string]AnalysisInfoDetails `json:"Analyses"` Jobs JobInfoResult `json:"jobs"` }
AnalysisInfoResult is a datastructure to hold results from GetAnalysisInfo
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client type, holds all data we need for a api client
func New ¶
func New(options ...OptionFunc) (*Client, error)
New configures a new vmray client.
Example on how to use vmray.New:
c, err := vmray.New( vmray.SetBasicAuth(os.Getenv("VMRAY_EMAIL"), os.Getenv("VMRAY_PASSWD")), )
Example with custom http client and URL, error logging and request tracing
c, err := vmray.New( vmray.SetHttpClient(httpclient), vmray.SetUrl("https://vmray.mydomain.com/api/"), vmray.SetErrorLog(log.New(os.Stderr, "vmray error: ", log.Lshortfile)), vmray.SetTraceLog(log.New(os.Stderr, "vmray trace: ", log.Lshortfile)), vmray.SetBasicAuth(os.Getenv("VMRAY_EMAIL"), os.Getenv("VMRAY_PASSWD")), )
func (*Client) DownloadAnalysis ¶
DownloadAnalysis downloads results of an VmRay analysis as zip file.
func (*Client) FindSample ¶
func (self *Client) FindSample(hash string) (r *FindSampleResult, err error)
FindSample finds a Sample in VmRay by its sha1, sha2 or md5 hash
func (*Client) GetAnalysisInfo ¶
func (self *Client) GetAnalysisInfo(id string) (r *AnalysisInfoResults, err error)
GetAnalysisInfo queries Information about an analysis performed by VmRay
func (*Client) GetJobsInfo ¶
func (self *Client) GetJobsInfo() (r *JobInfoResult, err error)
GetJobsInfo queries pending and in progress jobs from vmray
func (*Client) GetSampleInfo ¶
func (self *Client) GetSampleInfo(id string) (r *SampleInfoResult, err error)
GetSampleInfo queries Information about a given Sample from VmRay
func (*Client) UploadSample ¶
func (self *Client) UploadSample(file string) (r *map[string]UploadResultDetails, err error)
UploadSample uploads a given file to VmRay and returns the UploadResultDetails and error
type ClientError ¶
type ClientError struct {
// contains filtered or unexported fields
}
generic error specific to vmray
func (ClientError) Error ¶
func (self ClientError) Error() string
Error returns a string representation of the error condition
type FindSampleResult ¶
type FindSampleResult struct {
SampleId int `json:"sample_id"`
}
FindSampleResult a datastructure to hold the results from FindSample
type JobInfoDetail ¶
type JobInfoResult ¶
type JobInfoResult struct {
Jobs map[string]JobInfoDetail `json:"jobs"`
}
JobsInfoResult a datastructure to hold the results from GetJobsInfo
type OptionFunc ¶
OptionFunc configures a client, used by New
func SetHttpClient ¶
func SetHttpClient(httpClient *http.Client) OptionFunc
SetHttpClient can be used to specify the http.Client to use when making HTTP requests to vmray.
type Parameters ¶
type SampleInfoResult ¶
type SampleInfoResult struct { Filesize int `json:"sample_filesize"` Priority int `json:"sample_priority"` Sha1 string `json:"sample_sha1hash"` Type string `json:"sample_type"` Filename string `json:"sample_filename"` Md5 string `json:"sample_md5hash"` Password string `json:"sample_password"` SampleId int `json:"sample_id"` Sha2 string `json:"sample_sha256hash"` Url string `json:"sample_url"` Created string `json:"sample_created"` }
SampleInfoResult a datastructure to hold the result of GetSampleInfo
type UploadResultDetails ¶
type UploadResultDetails struct { Submission_id int `json:"submission_id"` Sample_id int `json:"sample_id"` Webif_url string `json:"webif_url"` Sample_filename string `json:"sample_filename"` Sample_url string `json:"sample_url"` Job_ids []int `json:"job_ids"` }
UploadResult is a datastructure to hold results from UploadSample API call
Directories ¶
Path | Synopsis |
---|---|
Examples
|
|
DownloadAnalysesByHash
vmrDoanloadAnalysesByHash.go - downloads all vmray analyses for a given sample, identified by its hash.
|
vmrDoanloadAnalysesByHash.go - downloads all vmray analyses for a given sample, identified by its hash. |
DownloadAnalysis
vmrDownloadAnalysis.go - can be used to download a complete analysis from vmray Example Usage: go run vmrDownloadAnalysis.go -analysis_id=12345
|
vmrDownloadAnalysis.go - can be used to download a complete analysis from vmray Example Usage: go run vmrDownloadAnalysis.go -analysis_id=12345 |
FindSampleByHash
vmrFindSample.go - can be used to find a sample by its hash on vmray EXAMPLE USAGE: go run vmrFindSample.go -rsrc="07bd860cf26e56a02bbf1b0ab6874578"
|
vmrFindSample.go - can be used to find a sample by its hash on vmray EXAMPLE USAGE: go run vmrFindSample.go -rsrc="07bd860cf26e56a02bbf1b0ab6874578" |
GetAnalysisInfo
vmrGetAnalysisInfo.go - take a sample_id and returns information about analysis available for that sample vmrGetAnalysisInfo -sample_id 12345
|
vmrGetAnalysisInfo.go - take a sample_id and returns information about analysis available for that sample vmrGetAnalysisInfo -sample_id 12345 |
GetJobsInfo
vmrGetJobsInfo.go - provides information about running jobs on vmray go run vmrGetJobsInfo.go
|
vmrGetJobsInfo.go - provides information about running jobs on vmray go run vmrGetJobsInfo.go |
GetSampleInfo
vmrGetSampleInfo.go - takes a vmray sampleId, provides Information about the sample Usage: vmrGetSampleInfo -sample_id 12345
|
vmrGetSampleInfo.go - takes a vmray sampleId, provides Information about the sample Usage: vmrGetSampleInfo -sample_id 12345 |
UploadSample
vmrUploadSample.go - uploads a file for analysis on vmray go run vmrUploadSample.go -f <yourSampleFile.ext> Above example shows how to upload a given file to vmray useing vmrUploadSample.go
|
vmrUploadSample.go - uploads a file for analysis on vmray go run vmrUploadSample.go -f <yourSampleFile.ext> Above example shows how to upload a given file to vmray useing vmrUploadSample.go |