Python library for interaction with Detux sandbox instances
Detux is a malware sandbox that uses the QEMU hypervisor to emulate a Linux system and perform both sttaic and dynamic analysis against suspect Linux executables or scripts. The author has made a free hosted version available at detux.org and also offers the sandbox itself as an open source project on Github.
The Py-Detux project is a Python library that can be used to interact with a Detux instances API, whether this be library default of detux.org's API or a private instance built from source. Using the library is as simple as running python setup.py install after cloning the Github repo, importing the library, and calling it with your Detux API key.
Submit a file if it hasn't been analyzed and save the report
from pydetux import Detux # instantiate the main class with your key detux = Detux('your API key') # provide a file and obtain its sha256 hash sample_path = '/home/adam/malware/mips.sh' sample_hash = detux.Utils.get_sha256(sample_path) # check if the sample already has been analyzed if not detux.search(sample_hash): submission = detux.submit_file(sample_path) # store the report to the current direction as $sha256.json report = '%s.json' % sample_hash detux.report(submission.sha256, save='json', output=report)
Save a report to an S3 Bucket
# print details of storage process to stdout detux.verbose = True h = '7d9291fbd5ba96ede386e688584a6f873615a141a5363d4431499de5415c02c4' detux.report(h, save='s3', output_file='linux/zeroaccess-01.json', s3_bucket='samples', aws_key='access key', aws_secret='secret key')
Submit entire directory of samples
samples = detux.Utils.list_directory('/home/adam/malware') print 'submitting %d samples ...' % len(samples) detux.submit_directory('/home/adam/malware/captured', threads=5)