| File Create |
Yes |
- RPS: 10000/s
- RPM: 10000/m
|
Submit a file task to be analyzed by CAPE. Return object will be JSON. |
Example
|
curl -F file=@/path/to/file -F machine="VM-Name" -H "Authorization: Token YOU_TOKEN" http://example.tld/apiv2/tasks/create/file/
Note: machine is optional. Header depends of the config if Token auth is enabled
|
| VirusTotal download and analyze |
No |
|
Download a file from VT for analysis. Return object will be JSON. |
Example |
curl -F vtdl=hash -F machine="VM-Name" -H "Authorization: Token YOU_TOKEN" -F apikey="[VT API key]" http://example.tld/apiv2/tasks/create/vtdl/
Note: machine is optional. Header depends of the config if Token auth is enabled
|
| URL Create |
No |
|
Submit a URL task to be analyzed by CAPE. Return object will be JSON. |
Example
|
curl -F url="somebadness.tld" http://example.tld/apiv2/tasks/create/url/
|
| Download file and Create file task aka dl'n'exec |
No |
|
Submit a URL it will download and add as file task to be analyzed by CAPE. Return object will be JSON. |
Example |
curl -X POST -F dlnexec="https://somebadness.tld/supermalware.exe" http://example.tld/apiv2/tasks/create/dlnexec/
|
| Static extraction |
No |
|
Submit a file to try static extractors on it, file won't be submited to Virtual Machine. Return object will
be JSON. |
Example |
| File View |
No |
|
View information about a specific sample that it's CAPE's database. Return object will be JSON. |
Example |
curl http://example.tld/apiv2/files/view/md5/[md5 hash]/
curl http://example.tld/apiv2/files/view/sha1/[sha1 hash]/
curl http://example.tld/apiv2/files/view/sha256/[sha256 hash]/
curl http://example.tld/apiv2/files/view/id/[sample id]/
|
| Basic Task Search |
No |
|
View information about a specific Task that's in CAPE's database by Hash or ID. Return object will be JSON.
|
Example
|
curl http://example.tld/apiv2/tasks/search/md5/[md5 hash]/
curl http://example.tld/apiv2/tasks/search/sha1/[sha1 hash]/
curl http://example.tld/apiv2/tasks/search/sha256/[sha256 hash]/
|
| Extended Task Search |
No |
|
Search for Task ID's that's in MongoDB by various options. Return object will be JSON. |
Example |
curl -d "option=[option]&argument=[argument]" http://example.tld/apiv2/tasks/extendedsearch/
Searchable Options List:
id : Task id
name : Name of target file name
type : Name of file type
string : Match a string in the static analysis section
ssdeep : Match an ssdeep hash
crc32 : Match a CRC32 hash
file : Match a file in the behavioral analysis summary
command : Match an executed command
resolvedapi : Match an API that a sample resolved
key : Match a registry key in the behavioral analysis summary
mutex : Match a mutex in the behavioral analysis summary
domain : Match a resolved domain
ip : Match a contacted IP Address
signature : Match a CAPE signature description
signame : Match a CAPE signature name
detections: Match samples associated with malware family
url : Match a URL target task (submitted URL task)
imphash : Match an import hash
iconhash: Match the exact hash of the icon associated with the PE
iconfuzzy: Match a hash designed to match on similar-looking icons
surialert : Match a suricata alert signature
surihttp : Match suricata HTTP data
suritls : Match suricata TLS data
clamav : Match a Clam AV signature
yaraname : Match a Yara signature name
virustotal : Match a virustotal AV Signature
comment : Match a comment posted to a specific task
md5 : Targets with a specific MD5 hash
sha1 : Targets with a specific SHA1 hash
sha256 : Targets with a specific SHA256 hash
sha512 : Targets with a specific SHA512 hash
TTP: TTP number
|
| Tasks List |
No |
|
View information about a range of Task ID's. Return object will be JSON |
Example
|
curl http://example.tld/apiv2/tasks/list/
curl http://example.tld/apiv2/tasks/list/[limit]/ (specify a limit of tasks to return)
curl http://example.tld/apiv2/tasks/list/[limit]/[offset]/ (specify a limit of tasks to return, offset by a specific amount)
Acepts as params status to check for status and/or option to search by option LIKE
|
| Task View |
Yes |
- RPS: 10000/s
- RPM: 10000/m
|
View information about a specific task including VM, sample, and error information. Return object will be
JSON. |
Example
|
curl http://example.tld/apiv2/tasks/view/[task id]/
|
| Reschedule Task |
No |
|
Reschedule an analysis task to run again. Return object will be JSON. |
Example
|
curl http://example.tld/apiv2/tasks/reschedule/[task id]/
|
| Reprocess Task |
No |
|
Mark an analysis task as ready to be processed. Return object will be JSON. |
Example
|
curl http://example.tld/apiv2/tasks/reprocess/[task id]/
|
| Delete Task |
Yes |
- RPS: 10000/s
- RPM: 10000/m
|
Delete a task from the database. Return object will be JSON. |
Example
|
curl http://example.tld/apiv2/tasks/delete/[task id]/
|
| Task Status |
No |
|
Query the status of a Task by ID. Return object will be JSON. |
Example
|
curl http://example.tld/apiv2/tasks/status/[task id]/
|
| Task Report |
Yes |
- RPS: 10000/s
- RPM: 10000/m
|
Download a report generated for a specific task. Return object will be JSON, XML, or application/zip (zip).
|
Example
|
curl http://example.tld/apiv2/tasks/get/report/[task id]/
curl http://example.tld/apiv2/tasks/get/report/[task id]/[format]/
curl http://example.tld/apiv2/tasks/get/report/[task id]/[format]/zip/
Note: Format can be json/maec/maec5/metadata/lite/all.
Note 2: extra formats: all/dist/dropped/lite - used for distributed cluster reporting
|
| Task IOCs |
No |
|
View objects of the task report that may contain potential IOCs. Return object will be JSON. |
Example
|
curl http://example.tld/apiv2/tasks/get/iocs/[task id]/
curl http://example.tld/apiv2/tasks/get/iocs/[task id]/detailed/
|
| Task Screenshots |
No |
|
View/Download screenshots of a Task by ID. Return object will be image/jpeg or application/zip (.zip). Use 7zip or pyzipper to extract
.zip) |
Example |
curl http://example.tld/apiv2/tasks/get/screenshot/[task id]/ (Downloads all screenshots)
curl http://example.tld/apiv2/tasks/get/screenshot/[task id]/[screenshot number]/
|
| Task PCAP |
No |
|
Download the PCAP dump of a Task by ID. Return object will be application/vnd.tcpdump.pcap. (.pcap) |
Example
|
curl http://example.tld/apiv2/tasks/get/pcap/[task id]/
|
| Task Dropped Files |
No |
|
Download the dropped files associated with a Task by ID. Return object will be application/zip (.zip). Use 7zip or pyzipper to extract |
Example
|
curl http://example.tld/apiv2/tasks/get/dropped/[task id]/
|
| Task SuriFiles |
No |
|
Download the Suricata captured files associated with a Task by ID. Return object will be octet-stream.
(.zip) |
Example
|
curl http://example.tld/apiv2/tasks/get/surifile/[task id]/
|
| Task Process Dump |
No |
|
Download a process memory dump from a Task by ID and PID. Return object will be application/zip (.zip). Use 7zip or pyzipper to extract |
Example |
curl http://example.tld/apiv2/tasks/get/procmemory/[task id]/ (Downloads all process memory dumps)
curl http://example.tld/apiv2/tasks/get/procmemory/[task id]/[pid]/
|
| Task Full Memory Dump |
No |
|
Download a full memory dump of a Task by ID. Return object will be octet-stream. (.dmp) |
Example |
curl http://example.tld/apiv2/tasks/get/fullmemory/[task id]/
|
| Sample Download |
No |
|
Download a sample from a Task by Task ID/MD5/SHA1/SHA256. Supports zip-encryption with default password. Return object will be octet-stream. (.bin) or application/zip. (.zip) if encrypted |
Example
|
curl http://example.tld/apiv2/files/get/task/[task id]/
curl http://example.tld/apiv2/files/get/md5/[md5 hash]/
curl http://example.tld/apiv2/files/get/sha1/[sha1 hash]/
curl http://example.tld/apiv2/files/get/sha256/[sha256 hash]/
curl http://example.tld/apiv2/files/get/task/[task id]/?encrypted=1
curl http://example.tld/apiv2/files/get/md5/[md5 hash]/?encrypted=1
curl http://example.tld/apiv2/files/get/sha1/[sha1 hash]/?encrypted=1
curl http://example.tld/apiv2/files/get/sha256/[sha256 hash]/?encrypted=1
|
| Virtual Machine List |
No |
|
View basic statistics of available/total virtual machines. Return object will be JSON. |
Example
|
curl http://example.tld/apiv2/machines/list/
|
| Virtual Machine View |
No |
|
View information about a specific virtual machine. Return object will be JSON. |
Example
|
curl http://example.tld/apiv2/machines/view/[vm-name]/
|
| Get tasks ids finished in latest X hours |
No |
|
View ids of tasks finished on latest X hours. |
Example
|
curl http://example.tld/apiv2/tasks/get/latests/1/
|
| CAPE Status |
No |
|
View the current status of the CAPE host. Return object will be JSON. |
Example
|
curl http://example.tld/apiv2/cuckoo/status/
|
| Extracted Sample Config |
No |
|
View the CAPE extracted sample config associated with a task by ID. Return object will be JSON. |
Example
|
curl http://example.tld/apiv2/tasks/get/config/[task_id]/
|
| CAPE Payload Files |
No |
|
Download the Cape payload files associated with a task by ID. Return object will be octet-stream. (.zip). Use 7zip or pyzipper to extract |
Example |
curl http://example.tld/apiv2/tasks/get/payloadfiles/[task_id]/
|
| CAPE Procdump Files |
No |
|
Download the procdump files associated with a task by ID. Return object will be octet-stream. (.zip). Use 7zip or pyzipper to extract |
Example |
curl http://example.tld/apiv2/tasks/get/procdumpfiles/[task_id]/
|
| Statistics |
No |
|
Details about tasks and time spend on different modules(TOP 30) |
Example |
curl http://example.tld/apiv2/tasks/[days]/
|