InQuest Integrations
InQuest Sandboxapi is minimal, consistent API for building integrations with malware sandboxes. Now, it has an integration with MetaDefender Sandbox (previously known as OPSWAT Filescan Sandbox) .
Usage
Here is an example of how to use it. In order for this sample code to work, it is necessary to paste the API-key in the place of INSERT-YOUR-APIKEY-HERE, as well as a bad_file.exe in the same directory. The default host address is the community site.
x
import sysimport timeimport pprintfrom sandboxapi import opswat# connect to the sandboxsandbox = opswat.OPSWATSandboxAPI("INSERT-YOUR-APIKEY-HERE")print("Does sandbox available?")print(sandbox.is_available())# verify connectivityif not sandbox.is_available(): print("sandbox is down, exiting") sys.exit(1)# submit a filewith open("bad_file.exe", "rb") as handle: file_id = sandbox.analyze(handle, "bad_file.exe") print("file {f} submitted for analysis, id {i}".format(f="bad_file.exe", i=file_id))# wait for the analysis to completewhile not sandbox.check(file_id): print("not done yet, sleeping 10 seconds...") time.sleep(10)# print the reportprint("analysis complete. fetching report...")report = sandbox.report(file_id)# pprint.pprint(report)for key, onereport in report.get("reports").items(): print( "Report verdict: {verdict}".format(verdict=onereport["finalVerdict"]["verdict"]) )print("Report Score: {score}".format(score=sandbox.score(report)))The output of the example code:
Does sandbox available?Truefile bad_file.exe submitted for analysis, id 65784fcba11ea8ab5394683enot done yet, sleeping 10 seconds...not done yet, sleeping 10 seconds...not done yet, sleeping 10 seconds...not done yet, sleeping 10 seconds...analysis complete. fetching report...Report verdict: MALICIOUSReport Score: 100If you would like to use your own host address, modify the constructor:
sandbox = opswat.OPSWATSandboxAPI("INSERT-YOUR-APIKEY-HERE","INSERT-YOUR-HOST")To scanning a zip file, call analyze in this way:
file_id = sandbox.analyze(handle, "bad_file.exe", password="mypassword")If you would like to scan in a private way, use is_private option:
file_id = sandbox.analyze(handle, "bad_file.exe", is_private=True)Was this page helpful?
