https://github.com/velocidex/pyvelociraptor

PyVelociraptor contains the python bindings for the Velociraptor API.
https://github.com/velocidex/pyvelociraptor

Last synced: about 1 month ago
JSON representation

PyVelociraptor contains the python bindings for the Velociraptor API.

• Host: GitHub
• URL: https://github.com/velocidex/pyvelociraptor
• Owner: Velocidex
• License: mit
• Created: 2020-02-07T16:44:24.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2025-04-22T15:42:26.000Z (about 2 months ago)
• Last Synced: 2025-05-08T21:43:27.943Z (about 1 month ago)
• Language: Python
• Size: 52.7 KB
• Stars: 17
• Watchers: 2
• Forks: 8
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# The Velociraptor Python bindings.

Velociraptor is an open source DFIR tool. Read more about it at

https://docs.velociraptor.app/

Velociraptor has an API which allows an external program to interface

with it. The API presents a simple GRPC connection with the following endpoints:

1. Query: Allows running arbitrary VQL queries - this can be used to

   automate Velociraptor's collection, analysis and receive JSON

   encoded results.

   Example script: client_example.py

2. VFSGetBuffer: This API allows to read arbitrary buffers from the

   Velociraptor file store. This allows a client program to fetch bulk

   collected data.

   Example script: fetch.py

You can use these API endpoint to:

* Control collection from Velociraptor: Start hunts, collections,

  trigger exports etc.. All with VQL queries over the Query() API

  endpoint.

* Perform administive tasks: Spawn new orgs, add users, adjust

  permissions, create periodic tasks etc.

* Read results from collected data using the VFSGetBuffer() endpoint.

and much more!

To read more about the Velociraptor API see

https://docs.velociraptor.app/docs/server_automation/server_api/

# Licensing

Note that Velociraptor itself is licensed under the AGPL, however use

of the API is permitted and does not fall under the `derived work`

definition. Therefore, using the `.proto` file in this repository

falls under the MIT license which covers this repository, including

sample programs in python.

Since GRPC protobuf is a portable API definition language you can use

the `.proto` file to generate interfaces in many other languages. We

use python here as an example to demonstrate the use of the API but

any language will work.

You can even use shell scripting as the Velociraptor binary itself can

use the API to call into the server. For details, see

https://docs.velociraptor.app/docs/server_automation/server_api/#using-the-shell-for-automation