SandboxAPI Logo

SandboxAPI

0
Free
Visit Website

A minimal, consistent API for building integrations with malware sandboxes. This library currently supports the following sandbox systems: * Cuckoo Sandbox * Falcon Sandbox (Formerly VxStream) * FireEye AX Series * Hatching Triage * Joe Sandbox * MetaDefender Sandbox * VMRay Analyzer * WildFire Sandbox It provides at least the following methods for each sandbox: * is_available(): Check if the sandbox is operable and reachable; returns a boolean * analyze(handle, filename): Submit a file for analysis; returns an item_id * check(item_id): Check if analysis has completed for a file; returns a boolean * report(item_id, report_format='json'): Retrieve the report for a submitted file * score(report): Parse out and return an integer score from the report object Some sandbox classes may have additional methods implemented. See inline documentation for more details. Note that the value returned from the score method may be on the range 0-10, or 0-100, depending on the sandbox in question, so you should refer to the specific sandbox's documentation when interpreting this value.

FEATURES

ALTERNATIVES

A collection of YARA rules for public use, built from intelligence profiles and file work.

A serverless, real-time, and retroactive malware detection tool that scans files with YARA rules and alerts incident response teams.

Joe Sandbox Community provides automated cloud-based malware analysis across multiple OS platforms.

A .Net wrapper library for the native Yara library with interoperability and portability features.

A Python script that finds endpoints in JavaScript files to identify potential security vulnerabilities.

TeamTNT is modifying its malicious shell scripts after they were made public by security researchers.

A backend agnostic debugger frontend for debugging binaries without source code access.

A powerful tool for detecting and identifying malware using a rule-based system.