{% extends "base.html" %} {% block content %}

API

{% if config %} {% if config.filecreate.enabled %} {% else %} {% endif %} {% if config.urlcreate.enabled %} {% else %} {% endif %} {% if config.fileview.enabled %} {% else %} {% endif %} {% if config.tasksearch.enabled %} {% else %} {% endif %} {% if config.extendedtasksearch.enabled %} {% else %} {% endif %} {% if config.tasklist.enabled %} {% else %} {% endif %} {% if config.taskview.enabled %} {% else %} {% endif %} {% if config.taskresched.enabled %} {% else %} {% endif %} {% if config.taskdelete.enabled %} {% else %} {% endif %} {% if config.taskstatus.enabled %} {% else %} {% endif %} {% if config.taskreport.enabled %} {% else %} {% endif %} {% if config.taskiocs.enabled %} {% else %} {% endif %} {% if config.taskscreenshot.enabled %} {% else %} {% endif %} {% if config.taskpcap.enabled %} {% else %} {% endif %} {% if config.taskdropped.enabled %} {% else %} {% endif %} {% if config.tasksurifile.enabled %} {% else %} {% endif %} {% if config.taskprocmemory.enabled %} {% else %} {% endif %} {% if config.taskfullmemory.enabled %} {% else %} {% endif %} {% if config.sampledl.enabled %} {% else %} {% endif %} {% if config.machinelist.enabled %} {% else %} {% endif %} {% if config.machineview.enabled %} {% else %} {% endif %} {% if config.cuckoostatus.enabled %} {% else %} {% endif %}
API Node Enabled Rate Limits Description Example
File CreateYesNo
  • RPS: {{ config.filecreate.rps }}
  • RPM: {{ config.filecreate.rpm }}
Submit a file task to be analyzed by Cuckoo. Return object will be JSON. Example
curl -F file=@/path/to/file -F machine="VM-Name" {{ config.api.url }}/api/tasks/create/file/
Note: machine is optional.
URL CreateYesNo
  • RPS: {{ config.urlcreate.rps }}
  • RPM: {{ config.urlcreate.rpm }}
Submit a URL task to be analyzed by Cuckoo. Return object will be JSON. Example
curl -F url="somebadness.tld" {{ config.api.url }}/api/tasks/create/url/
File ViewYesNo
  • RPS: {{ config.fileview.rps }}
  • RPM: {{ config.fileview.rpm }}
View information about a specific sample that it's Cuckoo's database. Return object will be JSON. Example
curl {{ config.api.url }}/api/files/view/md5/[md5 hash]/
curl {{ config.api.url }}/api/files/view/sha1/[sha1 hash]/
curl {{ config.api.url }}/api/files/view/sha256/[sha256 hash]/
curl {{ config.api.url }}/api/files/view/id/[sample id]/
Basic Task SearchYesNo
  • RPS: {{ config.tasksearch.rps }}
  • RPM: {{ config.tasksearch.rpm }}
View information about a specific Task that's in Cuckoo's database by Hash or ID. Return object will be JSON. Example
curl {{ config.api.url }}/api/tasks/search/md5/[md5 hash]/
curl {{ config.api.url }}/api/tasks/search/sha1/[sha1 hash]/
curl {{ config.api.url }}/api/tasks/search/sha256/[sha256 hash]/
Extended Task SearchYesNo
  • RPS: {{ config.extendedtasksearch.rps }}
  • RPM: {{ config.extendedtasksearch.rpm }}
Search for Task ID's that's in MongoDB by various options. Return object will be JSON. Example
curl -d "option=[option]&argument=[argument]" {{ config.api.url }}/api/tasks/extendedsearch/

Searchable Options List:
name : Name of target file name
type : Name of file type
string : Match a string in the static analysis section
ssdeep : Match an ssdeep hash
crc32 : Match a CRC32 hash
file : Match a file in the behavioral analysis summary
command : Match an executed command
resolvedapi : Match an API that a sample resolved
key : Match a registry key in the behavioral analysis summary
mutex : Match a mutex in the behavioral analysis summary
domain : Match a resolved domain
ip : Match a contacted IP Address
signature : Match a Cuckoo signature description
signame : Match a Cuckoo signature name
malfamily: Match samples associated with malware family
url : Match a URL target task (submitted URL task)
imphash : Match an import hash
iconhash: Match the exact hash of the icon associated with the PE
iconfuzzy: Match a hash designed to match on similar-looking icons
surialert : Match a suricata alert signature
surihttp : Match suricata HTTP data
suritls : Match suricata TLS data
clamav : Match a Clam AV signature
yaraname : Match a Yara signature name
virustotal : Match a virustotal AV Signature
comment : Match a comment posted to a specific task
md5 : Targets with a specific MD5 hash
sha1 : Targets with a specific SHA1 hash
sha256 : Targets with a specific SHA256 hash
sha512 : Targets with a specific SHA512 hash
Tasks ListYesNo
  • RPS: {{ config.tasklist.rps }}
  • RPM: {{ config.tasklist.rpm }}
View information about a range of Task ID's. Return object will be JSON Example
curl {{ config.api.url }}/api/tasks/list/
curl {{ config.api.url }}/api/tasks/list/[limit]/ (specify a limit of tasks to return)
curl {{ config.api.url }}/api/tasks/list/[limit]/[offset]/ (specify a limit of tasks to return, offset by a specific amount)
Task ViewYesNo
  • RPS: {{ config.taskview.rps }}
  • RPM: {{ config.taskview.rpm }}
View information about a specific task including VM, sample, and error information. Return object will be JSON. Example
curl {{ config.api.url }}/api/tasks/view/[task id]/
Reschedule TaskYesNo
  • RPS: {{ config.taskresched.rps }}
  • RPM: {{ config.taskresched.rpm }}
Reschedule an analysis task to run again. Return object will be JSON. Example
curl {{ config.api.url }}/api/tasks/reschedule/[task id]/
Delete TaskYesNo
  • RPS: {{ config.taskdelete.rps }}
  • RPM: {{ config.taskdelete.rpm }}
Delete a task from the database. Return object will be JSON. Example
curl {{ config.api.url }}/api/tasks/delete/[task id]/
Task StatusYesNo
  • RPS: {{ config.taskstatus.rps }}
  • RPM: {{ config.taskstatus.rpm }}
Query the status of a Task by ID. Return object will be JSON. Example
curl {{ config.api.url }}/api/tasks/status/[task id]/
Task ReportYesNo
  • RPS: {{ config.taskreport.rps }}
  • RPM: {{ config.taskreport.rpm }}
Download a report generated for a specific task. Return object will be JSON, XML, or octet-stream (tar.bz2). Example
curl {{ config.api.url }}/api/tasks/get/report/[task id]/
curl {{ config.api.url }}/api/tasks/get/report/[task id]/[format]/
Note: Format can be json/maec/metadata/all.
Task IOCsYesNo
  • RPS: {{ config.taskiocs.rps }}
  • RPM: {{ config.taskiocs.rpm }}
View objects of the task report that may contain potential IOCs. Return object will be JSON. Example
curl {{ config.api.url }}/api/tasks/get/iocs/[task id]/
curl {{ config.api.url }}/api/tasks/get/iocs/[task id]/detailed/
Task ScreenshotsYesNo
  • RPS: {{ config.taskscreenshot.rps }}
  • RPM: {{ config.taskscreenshot.rpm }}
View/Download screenshots of a Task by ID. Return object will be image/jpeg or octet-stream. (.jpg or .tar.bz2) Example
curl {{ config.api.url }}/api/tasks/get/screenshot/[task id]/    (Downloads all screenshots)
curl {{ config.api.url }}/api/tasks/get/screenshot/[task id]/[screenshot number]/
Task PCAPYesNo
  • RPS: {{ config.taskpcap.rps }}
  • RPM: {{ config.taskpcap.rpm }}
Download the PCAP dump of a Task by ID. Return object will be application/vnd.tcpdump.pcap. (.pcap) Example
curl {{ config.api.url }}/api/tasks/get/pcap/[task id]/
Task Dropped FilesYesNo
  • RPS: {{ config.taskdropped.rps }}
  • RPM: {{ config.taskdropped.rpm }}
Download the dropped files associated with a Task by ID. Return object will be octet-stream. (.tar.bz2) Example
curl {{ config.api.url }}/api/tasks/get/dropped/[task id]/
Task SuriFilesYesNo
  • RPS: {{ config.tasksurifile.rps }}
  • RPM: {{ config.tasksurifile.rpm }}
Download the Suricata captured files associated with a Task by ID. Return object will be octet-stream. (.zip) Example
curl {{ config.api.url }}/api/tasks/get/surifile/[task id]/
Task Process DumpYesNo
  • RPS: {{ config.taskprocmemory.rps }}
  • RPM: {{ config.taskprocmemory.rpm }}
Download a process memory dump from a Task by ID and PID. Return object will be octet-stream. (.dmp or .tar.bz2) Example
curl {{ config.api.url }}/api/tasks/get/procmemory/[task id]/    (Downloads all process memory dumps)
curl {{ config.api.url }}/api/tasks/get/procmemory/[task id]/[pid]/
Task Full Memory DumpYesNo
  • RPS: {{ config.taskfullmemory.rps }}
  • RPM: {{ config.taskfullmemory.rpm }}
Download a full memory dump of a Task by ID. Return object will be octet-stream. (.dmp) Example
curl {{ config.api.url }}/api/tasks/get/fullmemory/[task id]/
Sample DownloadYesNo
  • RPS: {{ config.sampledl.rps }}
  • RPM: {{ config.sampledl.rpm }}
Download a sample from a Task by Task ID/MD5/SHA1/SHA256. Return object will be octet-stream. (.bin) Example
curl {{ config.api.url }}/api/files/get/task/[task id]/
curl {{ config.api.url }}/api/files/get/md5/[md5 hash]/
curl {{ config.api.url }}/api/files/get/sha1/[sha1 hash]/
curl {{ config.api.url }}/api/files/get/sha256/[sha256 hash]/
Virtual Machine ListYesNo
  • RPS: {{ config.machinelist.rps }}
  • RPM: {{ config.machinelist.rpm }}
View basic statistics of available/total virtual machines. Return object will be JSON. Example
curl {{ config.api.url }}/api/machines/list/
Virtual Machine ViewYesNo
  • RPS: {{ config.machineview.rps }}
  • RPM: {{ config.machineview.rpm }}
View information about a specific virtual machine. Return object will be JSON. Example
curl {{ config.api.url }}/api/machines/view/[vm-name]/
Cuckoo StatusYesNo
  • RPS: {{ config.cuckoostatus.rps }}
  • RPM: {{ config.cuckoostatus.rpm }}
View the current status of the Cuckoo host. Return object will be JSON. Example
curl {{ config.api.url }}/api/cuckoo/status/
{% else %}
Problem loading API configuration file.
{% endif %}
{% endblock %}