Merge pull request #10 from MislavReversingLabs/main

Add directory scanning

Author: MislavReversingLabs

.gitignore

@@ -0,0 +1,9 @@
+credentials.json
+ticloud_credentials.json
+deepscan_credentials.json
+a1000_credentials.json
+Scenarios and Workflows/credentials.json
+TitaniumCloud/ticloud_credentials.json
+Cloud Deep Scan/deepscan_credentials.json
+A1000/a1000_credentials.json
+.idea

Scenarios and Workflows/README.md

@@ -0,0 +1,47 @@
+# Scenarios and Workflows
+
+This directory contains useful examples of analysis workflows and examples.  
+In order to see how to put ReversingLabs SDK functionalities to good use in real-life scenarios, follow this readme and choose a desired notebook.
+
+
+### Using the notebooks
+Each notebook in this directory contains instructions and code snippets gathered around a certain type of usecase, analysis scenario or workflow.  
+To use a selected notebook, open it and run each code snippet one by one. See the following authentication instructions to learn how to store and use your ReversingLabs credentials. 
+
+
+### Authentication
+Since this directory, at some point, uses all ReversingLabs SDK modules, the `credentials.json` file needs to contain credentials for all of them.
+- TitaniumCloud uses a **username and password** pair (**basic authentication**).  
+- A1000 uses a **token**. 
+- TitaniumScale uses a **token**.  
+
+To obtain the required credentials, visit https://www.reversinglabs.com  
+Each username can have a certain number of roles for API-s assigned to it. In case your username does not have the required role for your desired action, you will receive an error stating so.  
+
+#### Storing and using the credentials
+We will store the credentials in the `credentials.json` file and then load them in our code.
+
+1. Create a JSON file named `credentials.json` in this current folder.
+2. Create the following data in that file and replace the placeholder values with your actual username and password:
+    ```json
+    {
+      "ticloud": {
+        "username": "your_actual_username",
+        "password": "your_actual_password"
+      },
+      "a1000": {
+        "a1000_url": "a1000_url",
+        "token": "your_actual_token"
+      },
+      "tiscale": {
+        "tiscale_url": "tiscale_url",
+        "token": "your_actual_token"
+      }
+    }
+    ```
+3. Save the file.
+
+**NOTE:** The `credentials.json` file must have this exact structure to work.
+
+Instead of doing this step and loading the credentials from the file, 
+you can paste your credentials directly into the Python code everytime you create an API object.

Scenarios and Workflows/directory_scanning.ipynb

@@ -0,0 +1,181 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "source": [
+    "# Directory Scanning\n",
+    "This notebook contains and example of how to use the ReversingLabs SDK to **collect files from a local directory and send them for analysis on TitaniumCloud and A1000**."
+   ],
+   "metadata": {
+    "collapsed": false
+   },
+   "id": "b8d2177c5214b66a"
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "### Used TitaniumCloud classes\n",
+    "- **FileUpload** (*TCA-0202-0203 - File Upload*)\n",
+    "\n",
+    "### Used A1000 functions\n",
+    "- **upload_sample_from_path**\n",
+    "\n",
+    "### Credentials\n",
+    "Credentials are loaded from a local file instead of being written here in plain text.\n",
+    "To learn how to creat the credentials file, see the **Storing and using the credentials** section in the [README file](./README.md)"
+   ],
+   "metadata": {
+    "collapsed": false
+   },
+   "id": "3c66cec58fcbe655"
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "### 1. Scanning the files with TitaniumCloud\n",
+    "To collect files from a local directory and send them for analysis on TitaniumCloud, see the following code example. "
+   ],
+   "metadata": {
+    "collapsed": false
+   },
+   "id": "67ada420ce3509a"
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "outputs": [],
+   "source": [
+    "import json\n",
+    "import os\n",
+    "from ReversingLabs.SDK.ticloud import FileUpload\n",
+    "\n",
+    "# Linux and Unix systems - Edit before use\n",
+    "FOLDER_PATH_LINUX = \"/full/path/to/folder\"\n",
+    "\n",
+    "# Windows systems - Edit before use\n",
+    "FOLDER_PATH_WINDOWS = \"C:\\\\full\\\\path\\\\to\\\\folder\"\n",
+    "\n",
+    "# Change this so the FOLDER_PATH variable fits your local system\n",
+    "FOLDER_PATH = FOLDER_PATH_LINUX\n",
+    "\n",
+    "CREDENTIALS = json.load(open(\"credentials.json\"))\n",
+    "USERNAME = CREDENTIALS.get(\"ticloud\").get(\"username\")\n",
+    "PASSWORD = CREDENTIALS.get(\"ticloud\").get(\"password\")\n",
+    "\n",
+    "\n",
+    "file_upload = FileUpload(\n",
+    "    host=\"https://data.reversinglabs.com\",\n",
+    "    username=USERNAME,\n",
+    "    password=PASSWORD\n",
+    ")\n",
+    "\n",
+    "# Files that should not be analyzed can be added to this list\n",
+    "skip_files = [\"file_name_1\", \"file_name_2\"]\n",
+    "\n",
+    "\n",
+    "for file_name in os.listdir(FOLDER_PATH):\n",
+    "    if file_name in skip_files:\n",
+    "        continue\n",
+    "    \n",
+    "    file_path = os.path.join(FOLDER_PATH, file_name)\n",
+    "    \n",
+    "    try:\n",
+    "        file_upload.upload_sample_from_path(file_path=file_path)\n",
+    "    \n",
+    "    except Exception as e:\n",
+    "        if hasattr(e, \"response_object\"):\n",
+    "            raise Exception(e.response_object.content)\n",
+    "        \n",
+    "        raise \n"
+   ],
+   "metadata": {
+    "collapsed": false
+   },
+   "id": "9c39940f6b968b5"
+  },
+  {
+   "cell_type": "markdown",
+   "source": [
+    "### 2. Scanning the files with A1000\n",
+    "To collect files from a local directory and send them for analysis on A1000, see the following code example."
+   ],
+   "metadata": {
+    "collapsed": false
+   },
+   "id": "987943a79bf60f06"
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "outputs": [],
+   "source": [
+    "import json\n",
+    "import os\n",
+    "from ReversingLabs.SDK.a1000 import A1000\n",
+    "\n",
+    "# Linux and Unix systems - Edit before use\n",
+    "FOLDER_PATH_LINUX = \"/full/path/to/folder\"\n",
+    "\n",
+    "# Windows systems - Edit before use\n",
+    "FOLDER_PATH_WINDOWS = \"C:\\\\full\\\\path\\\\to\\\\folder\"\n",
+    "\n",
+    "# Change this so the FOLDER_PATH variable fits your local system\n",
+    "FOLDER_PATH = FOLDER_PATH_LINUX\n",
+    "\n",
+    "CREDENTIALS = json.load(open(\"credentials.json\"))\n",
+    "HOST = CREDENTIALS.get(\"a1000\").get(\"a1000_url\")\n",
+    "TOKEN = CREDENTIALS.get(\"a1000\").get(\"token\")\n",
+    "\n",
+    "# Set the verify parameter to False if your A1000 instance doesn't have a valid CA certificate\n",
+    "a1000 = A1000(\n",
+    "    host=HOST,\n",
+    "    token=TOKEN,\n",
+    "    verify=True\n",
+    ")\n",
+    "\n",
+    "# Files that should not be analyzed can be added to this list\n",
+    "skip_files = [\"file_name_1\", \"file_name_2\"]\n",
+    "\n",
+    "for file_name in os.listdir(FOLDER_PATH):\n",
+    "    if file_name in skip_files:\n",
+    "        continue\n",
+    "    \n",
+    "    file_path = os.path.join(FOLDER_PATH, file_name)\n",
+    "    \n",
+    "    try:\n",
+    "        a1000.upload_sample_from_path(file_path=file_path)\n",
+    "    \n",
+    "    except Exception as e:\n",
+    "        if hasattr(e, \"response_object\"):\n",
+    "            raise Exception(e.response_object.content)\n",
+    "        \n",
+    "        raise \n"
+   ],
+   "metadata": {
+    "collapsed": false
+   },
+   "id": "6b6774a15517020b"
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 2
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython2",
+   "version": "2.7.6"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}