SandboxAPI Logo

SandboxAPI

0
Free
Visit Website

A minimal, consistent API for building integrations with malware sandboxes. This library currently supports the following sandbox systems: * Cuckoo Sandbox * Falcon Sandbox (Formerly VxStream) * FireEye AX Series * Hatching Triage * Joe Sandbox * MetaDefender Sandbox * VMRay Analyzer * WildFire Sandbox It provides at least the following methods for each sandbox: * is_available(): Check if the sandbox is operable and reachable; returns a boolean * analyze(handle, filename): Submit a file for analysis; returns an item_id * check(item_id): Check if analysis has completed for a file; returns a boolean * report(item_id, report_format='json'): Retrieve the report for a submitted file * score(report): Parse out and return an integer score from the report object Some sandbox classes may have additional methods implemented. See inline documentation for more details. Note that the value returned from the score method may be on the range 0-10, or 0-100, depending on the sandbox in question, so you should refer to the specific sandbox's documentation when interpreting this value.

FEATURES

ALTERNATIVES

A curated list of open-source projects containing protestware sourced from various platforms.

A tool for hacking and security testing of JWT

A script to detect and remove Canary Tokens with simple signature-based detections.

A backend agnostic debugger frontend for debugging binaries without source code access.

UDcide provides an alternative approach to dealing with Android malware by targeting specific behaviors for removal.

A tool for signature analysis of RTF files to detect potentially unique parts and malicious documents.

Use FindYara, an IDA python plugin, to scan your binary with yara rules and quickly jump to matches.

FSF is a modular, recursive file scanning solution that enables analysts to extend the utility of Yara signatures and define actionable intelligence within a file.

PINNED