{"id":19322632,"url":"https://github.com/picatz/falconz","last_synced_at":"2025-04-22T19:31:39.346Z","repository":{"id":31771295,"uuid":"128805194","full_name":"picatz/falconz","owner":"picatz","description":"🦅 Falcon Malware Sandbox APIv2 Connector","archived":true,"fork":false,"pushed_at":"2023-03-22T10:59:18.000Z","size":130,"stargazers_count":29,"open_issues_count":2,"forks_count":14,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-24T04:43:38.436Z","etag":null,"topics":["api-client","malware-analysis","payload-security","ruby","threat-intelligence","vxstream"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/picatz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-04-09T16:53:22.000Z","updated_at":"2024-08-16T23:01:03.000Z","dependencies_parsed_at":"2024-11-10T01:42:03.606Z","dependency_job_id":"d15f4590-189d-4b4e-af16-b0e37de954c1","html_url":"https://github.com/picatz/falconz","commit_stats":{"total_commits":62,"total_committers":4,"mean_commits":15.5,"dds":"0.24193548387096775","last_synced_commit":"36a79b09279c8791f786463e1303b1647218f494"},"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/picatz%2Ffalconz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/picatz%2Ffalconz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/picatz%2Ffalconz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/picatz%2Ffalconz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/picatz","download_url":"https://codeload.github.com/picatz/falconz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250308417,"owners_count":21409265,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-client","malware-analysis","payload-security","ruby","threat-intelligence","vxstream"],"created_at":"2024-11-10T01:41:54.285Z","updated_at":"2025-04-22T19:31:38.662Z","avatar_url":"https://github.com/picatz.png","language":"Ruby","readme":"# Falconz\n\u003e Falcon Malware Sandbox APIv2 Connector\n\n\u003cp align=\"center\"\u003e\n  \u003cimg alt=\"i like birds\" src=\"https://github.com/picatz/falconz/blob/master/falcon.jpg\"/\u003e\n\u003cp\u003e\n\n[Falcon Sandbox](https://www.hybrid-analysis.com/docs/api/v2) has a powerful and simple API that can be used to submit files/URLs for analysis, pull report data, but also perform advanced search queries. The API is open and free to the entire IT-security community.\n\n## Installation\n\n    $ gem install falconz\n\n## Usage\n\nTo create a client, we can specify our API key or set the `HYBRID_ANALYSIS_API_KEY` environment variable to communicate with the API.\n\n```ruby\nrequire \"falconz\"\n\nclient = Falconz.client.new(key: \"your_api_key\") \n```\n\nGet the current file hashes that are being processed along with their environment IDs.\n```ruby\nclient.in_progress\n# =\u003e [{:hash=\u003e\"b8560ce1bacb5515fdaef7cb3615a8172663da749b038687ab4a439cbf64f23b\", :environment=\u003e\"100\"},\n#  {:hash=\u003e\"4f456ae8d592a73be8e898384a6b78cf1406965bcb2cea38ffa976c1084acb74\", :environment=\u003e\"120\"},\n#  {:hash=\u003e\"6e206c74d4b9796264e5e2cb351e563806320e8d6d794fba38d3be93aa4b1bb5\", :environment=\u003e\"100\"},\n#  {:hash=\u003e\"8d5bd56a19d06d46c8e92552f0bf81fa38cbf3365ab022e97075810be18000d9\", :environment=\u003e\"120\"},\n#  {:hash=\u003e\"497f631d332b6b242528409778ecb7a778b1b50d6964139b549fdd71410381bc\", :environment=\u003e\"120\"}]\n```\n\nUpload a local file to the sandbox.\n```ruby\nclient.submit_file(file: \"malware.exe\", environment_id: 100)\n# =\u003e {\"job_id\"=\u003e\"5acc00b27ca3e138c14ab0e4\",\n#     \"environment_id\"=\u003e\"100\",\n#     \"sha256\"=\u003e\"015e5c626b993855fa88ce4c9758bc780fac3774c3d8bfcfae62833affc31e00\"}\n```\n\nSearch for results related to a given hash (MD5/SHA1/SHA256).\n```ruby\nclient.search_hash(\"cc311a06612f1b420cf788bd8883fa9dbd34d33ba8fa2443b86b7f88c7a75c2c\")\n# =\u003e [{\"job_id\"=\u003e\"5ae641ad7ca3e175d57a6013\",\n#   \"environment_id\"=\u003e\"100\",\n#   \"environment_description\"=\u003e\"Windows 7 32 bit\",\n#   \"size\"=\u003e3127633,\n#   \"type\"=\u003e\"PE32 executable (GUI) Intel 80386, for MS Windows\",\n#   \"type_short\"=\u003e[\"peexe\"],\n#   \"target_url\"=\u003enil,\n#   \"state\"=\u003e\"SUCCESS\",\n#   \"submit_name\"=\u003e\"sospecha.exe\",\n#   \"md5\"=\u003e\"7421fed9ae4b6643913b080718b919cc\",\n#   \"sha1\"=\u003e\"4f86bc7a578b6ac9d1e5f1fc325917e436f60520\",\n#   \"sha256\"=\u003e\"cc311a06612f1b420cf788bd8883fa9dbd34d33ba8fa2443b86b7f88c7a75c2c\",\n#   \"sha512\"=\u003e\"684558a218f6039ba718bfeac763f529222474498a41fdfa6994c8a3955b2686c07fd053d1afab73b2403b9f98fd3cf7112faec220c1b12b574c6a7fea828a8b\",\n#   \"ssdeep\"=\u003e\"49152:32uJI9LH1MuvxlFl7Z0pnZASuwSpW/vnjC91R8rsiX8L1ViGiJJLQRRtaU:muwLH6oF0pZAS6W/vWzRo8iGi2RtaU\",\n#   \"imphash\"=\u003e\"884310b1928934402ea6fec1dbd3cf5e\",\n#   \"av_detect\"=\u003e1,\n#   \"vx_family\"=\u003e\"TSGeneric\",\n#   \"url_analysis\"=\u003efalse,\n#   \"analysis_start_time\"=\u003e\"2018-04-30T00:06:01-05:00\",\n#   \"threat_score\"=\u003e85,\n#   \"interesting\"=\u003efalse,\n#   \"threat_level\"=\u003e2,\n#   \"verdict\"=\u003e\"malicious\",\n#   \"certificates\"=\u003e[],\n#   \"domains\"=\u003e[],\n#   \"classification_tags\"=\u003e[],\n#   \"compromised_hosts\"=\u003e[],\n#   \"hosts\"=\u003e[],\n#   \"total_network_connections\"=\u003e0,\n#   \"total_processes\"=\u003e5,\n#   \"total_signatures\"=\u003e56,\n#   \"extracted_files\"=\u003e[],\n#   \"processes\"=\u003e[],\n#   \"file_metadata\"=\u003enil}]\n```\n\nCheck the number of environments available to use.\n```ruby\nclient.number_of_environments\n# =\u003e 5\n```\n\nGet the available environments ID numbers.\n```ruby\nclient.environment_ids\n# =\u003e [100, 110, 120, 300, 200]\n```\n\nGet information about current API key being used.\n```ruby\nclient.current_key\n# =\u003e {\"api_key\"=\u003e\"130cce541890e1d9c4b34b83cb8b4cee9854bd90b6180b9\",\n#  \"auth_level\"=\u003e100,\n#  \"auth_level_name\"=\u003e\"default\",\n#  \"user\"=\u003e\n#   {\"id\"=\u003e\"4cee9b605d901c825c\",\n#    \"email\"=\u003e\"kgruber1@emich.edu\",\n#    \"name\"=\u003e\"picat\"}}\n```\n\n## License\n\nThe gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpicatz%2Ffalconz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpicatz%2Ffalconz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpicatz%2Ffalconz/lists"}