{% extends "base.html" %} {% block content %}
API Node | Enabled | Rate Limits | Description | Example | |
---|---|---|---|---|---|
File Create | {% if config.filecreate.enabled %}Yes | {% else %}No | {% endif %}
|
Submit a file task to be analyzed by Cuckoo. Return object will be JSON. | Example |
curl -F file=@/path/to/file -F machine="VM-Name" {{ config.api.url }}/api/tasks/create/file/ Note: machine is optional. |
|||||
URL Create | {% if config.urlcreate.enabled %}Yes | {% else %}No | {% endif %}
|
Submit a URL task to be analyzed by Cuckoo. Return object will be JSON. | Example |
curl -F url="somebadness.tld" {{ config.api.url }}/api/tasks/create/url/ |
|||||
File View | {% if config.fileview.enabled %}Yes | {% else %}No | {% endif %}
|
View information about a specific sample that it's Cuckoo's database. Return object will be JSON. | Example |
curl {{ config.api.url }}/api/files/view/md5/[md5 hash]/ curl {{ config.api.url }}/api/files/view/sha1/[sha1 hash]/ curl {{ config.api.url }}/api/files/view/sha256/[sha256 hash]/ curl {{ config.api.url }}/api/files/view/id/[sample id]/ |
|||||
Basic Task Search | {% if config.tasksearch.enabled %}Yes | {% else %}No | {% endif %}
|
View information about a specific Task that's in Cuckoo's database by Hash or ID. Return object will be JSON. | Example |
curl {{ config.api.url }}/api/tasks/search/md5/[md5 hash]/ curl {{ config.api.url }}/api/tasks/search/sha1/[sha1 hash]/ curl {{ config.api.url }}/api/tasks/search/sha256/[sha256 hash]/ |
|||||
Extended Task Search | {% if config.extendedtasksearch.enabled %}Yes | {% else %}No | {% endif %}
|
Search for Task ID's that's in MongoDB by various options. Return object will be JSON. | Example |
curl -d "option=[option]&argument=[argument]" {{ config.api.url }}/api/tasks/extendedsearch/ Searchable Options List: name : Name of target file name type : Name of file type string : Match a string in the static analysis section ssdeep : Match an ssdeep hash crc32 : Match a CRC32 hash file : Match a file in the behavioral analysis summary command : Match an executed command resolvedapi : Match an API that a sample resolved key : Match a registry key in the behavioral analysis summary mutex : Match a mutex in the behavioral analysis summary domain : Match a resolved domain ip : Match a contacted IP Address signature : Match a Cuckoo signature description signame : Match a Cuckoo signature name malfamily: Match samples associated with malware family url : Match a URL target task (submitted URL task) imphash : Match an import hash iconhash: Match the exact hash of the icon associated with the PE iconfuzzy: Match a hash designed to match on similar-looking icons surialert : Match a suricata alert signature surihttp : Match suricata HTTP data suritls : Match suricata TLS data clamav : Match a Clam AV signature yaraname : Match a Yara signature name virustotal : Match a virustotal AV Signature comment : Match a comment posted to a specific task md5 : Targets with a specific MD5 hash sha1 : Targets with a specific SHA1 hash sha256 : Targets with a specific SHA256 hash sha512 : Targets with a specific SHA512 hash |
|||||
Tasks List | {% if config.tasklist.enabled %}Yes | {% else %}No | {% endif %}
|
View information about a range of Task ID's. Return object will be JSON | Example |
curl {{ config.api.url }}/api/tasks/list/ curl {{ config.api.url }}/api/tasks/list/[limit]/ (specify a limit of tasks to return) curl {{ config.api.url }}/api/tasks/list/[limit]/[offset]/ (specify a limit of tasks to return, offset by a specific amount) |
|||||
Task View | {% if config.taskview.enabled %}Yes | {% else %}No | {% endif %}
|
View information about a specific task including VM, sample, and error information. Return object will be JSON. | Example |
curl {{ config.api.url }}/api/tasks/view/[task id]/ |
|||||
Reschedule Task | {% if config.taskresched.enabled %}Yes | {% else %}No | {% endif %}
|
Reschedule an analysis task to run again. Return object will be JSON. | Example |
curl {{ config.api.url }}/api/tasks/reschedule/[task id]/ |
|||||
Delete Task | {% if config.taskdelete.enabled %}Yes | {% else %}No | {% endif %}
|
Delete a task from the database. Return object will be JSON. | Example |
curl {{ config.api.url }}/api/tasks/delete/[task id]/ |
|||||
Task Status | {% if config.taskstatus.enabled %}Yes | {% else %}No | {% endif %}
|
Query the status of a Task by ID. Return object will be JSON. | Example |
curl {{ config.api.url }}/api/tasks/status/[task id]/ |
|||||
Task Report | {% if config.taskreport.enabled %}Yes | {% else %}No | {% endif %}
|
Download a report generated for a specific task. Return object will be JSON, XML, or octet-stream (tar.bz2). | Example |
curl {{ config.api.url }}/api/tasks/get/report/[task id]/ curl {{ config.api.url }}/api/tasks/get/report/[task id]/[format]/ Note: Format can be json/maec/metadata/all. |
|||||
Task IOCs | {% if config.taskiocs.enabled %}Yes | {% else %}No | {% endif %}
|
View objects of the task report that may contain potential IOCs. Return object will be JSON. | Example |
curl {{ config.api.url }}/api/tasks/get/iocs/[task id]/ curl {{ config.api.url }}/api/tasks/get/iocs/[task id]/detailed/ |
|||||
Task Screenshots | {% if config.taskscreenshot.enabled %}Yes | {% else %}No | {% endif %}
|
View/Download screenshots of a Task by ID. Return object will be image/jpeg or octet-stream. (.jpg or .tar.bz2) | Example |
curl {{ config.api.url }}/api/tasks/get/screenshot/[task id]/ (Downloads all screenshots) curl {{ config.api.url }}/api/tasks/get/screenshot/[task id]/[screenshot number]/ |
|||||
Task PCAP | {% if config.taskpcap.enabled %}Yes | {% else %}No | {% endif %}
|
Download the PCAP dump of a Task by ID. Return object will be application/vnd.tcpdump.pcap. (.pcap) | Example |
curl {{ config.api.url }}/api/tasks/get/pcap/[task id]/ |
|||||
Task Dropped Files | {% if config.taskdropped.enabled %}Yes | {% else %}No | {% endif %}
|
Download the dropped files associated with a Task by ID. Return object will be octet-stream. (.tar.bz2) | Example |
curl {{ config.api.url }}/api/tasks/get/dropped/[task id]/ |
|||||
Task SuriFiles | {% if config.tasksurifile.enabled %}Yes | {% else %}No | {% endif %}
|
Download the Suricata captured files associated with a Task by ID. Return object will be octet-stream. (.zip) | Example |
curl {{ config.api.url }}/api/tasks/get/surifile/[task id]/ |
|||||
Task Process Dump | {% if config.taskprocmemory.enabled %}Yes | {% else %}No | {% endif %}
|
Download a process memory dump from a Task by ID and PID. Return object will be octet-stream. (.dmp or .tar.bz2) | Example |
curl {{ config.api.url }}/api/tasks/get/procmemory/[task id]/ (Downloads all process memory dumps) curl {{ config.api.url }}/api/tasks/get/procmemory/[task id]/[pid]/ |
|||||
Task Full Memory Dump | {% if config.taskfullmemory.enabled %}Yes | {% else %}No | {% endif %}
|
Download a full memory dump of a Task by ID. Return object will be octet-stream. (.dmp) | Example |
curl {{ config.api.url }}/api/tasks/get/fullmemory/[task id]/ |
|||||
Sample Download | {% if config.sampledl.enabled %}Yes | {% else %}No | {% endif %}
|
Download a sample from a Task by Task ID/MD5/SHA1/SHA256. Return object will be octet-stream. (.bin) | Example |
curl {{ config.api.url }}/api/files/get/task/[task id]/ curl {{ config.api.url }}/api/files/get/md5/[md5 hash]/ curl {{ config.api.url }}/api/files/get/sha1/[sha1 hash]/ curl {{ config.api.url }}/api/files/get/sha256/[sha256 hash]/ |
|||||
Virtual Machine List | {% if config.machinelist.enabled %}Yes | {% else %}No | {% endif %}
|
View basic statistics of available/total virtual machines. Return object will be JSON. | Example |
curl {{ config.api.url }}/api/machines/list/ |
|||||
Virtual Machine View | {% if config.machineview.enabled %}Yes | {% else %}No | {% endif %}
|
View information about a specific virtual machine. Return object will be JSON. | Example |
curl {{ config.api.url }}/api/machines/view/[vm-name]/ |
|||||
Cuckoo Status | {% if config.cuckoostatus.enabled %}Yes | {% else %}No | {% endif %}
|
View the current status of the Cuckoo host. Return object will be JSON. | Example |
curl {{ config.api.url }}/api/cuckoo/status/ |