API

API Node Enabled Rate Limits Description Example
File Create Yes
  • RPS: 1/s
  • RPM: 10/m
Submit a file task to be analyzed by Cuckoo. Return object will be JSON. Example
curl -F file=@/path/to/file -F machine="VM-Name" https://cape.contextis.com/api/tasks/create/file/
Note: machine is optional.
VirusTotal download and analyze No
  • RPS: None
  • RPM: None
Download a file from VT for analysis. Return object will be JSON. Example
curl -F vtdl=hash -F machine="VM-Name" https://cape.contextis.com/api/tasks/create/vtdl/
Note: machine is optional.
URL Create Yes
  • RPS: 1/s
  • RPM: 2/m
Submit a URL task to be analyzed by Cuckoo. Return object will be JSON. Example
curl -F url="somebadness.tld" https://cape.contextis.com/api/tasks/create/url/
File View Yes
  • RPS: 2/s
  • RPM: 10/m
View information about a specific sample that it's Cuckoo's database. Return object will be JSON. Example
curl https://cape.contextis.com/api/files/view/md5/[md5 hash]/
curl https://cape.contextis.com/api/files/view/sha1/[sha1 hash]/
curl https://cape.contextis.com/api/files/view/sha256/[sha256 hash]/
curl https://cape.contextis.com/api/files/view/id/[sample id]/
Basic Task Search Yes
  • RPS: 2/s
  • RPM: 10/m
View information about a specific Task that's in Cuckoo's database by Hash or ID. Return object will be JSON. Example
curl https://cape.contextis.com/api/tasks/search/md5/[md5 hash]/
curl https://cape.contextis.com/api/tasks/search/sha1/[sha1 hash]/
curl https://cape.contextis.com/api/tasks/search/sha256/[sha256 hash]/
Extended Task Search Yes
  • RPS: 1/s
  • RPM: 10/m
Search for Task ID's that's in MongoDB by various options. Return object will be JSON. Example
curl -d "option=[option]&argument=[argument]" https://cape.contextis.com/api/tasks/extendedsearch/

Searchable Options List:
name : Name of target file name
type : Name of file type
string : Match a string in the static analysis section
ssdeep : Match an ssdeep hash
crc32 : Match a CRC32 hash
file : Match a file in the behavioral analysis summary
command : Match an executed command
resolvedapi : Match an API that a sample resolved
key : Match a registry key in the behavioral analysis summary
mutex : Match a mutex in the behavioral analysis summary
domain : Match a resolved domain
ip : Match a contacted IP Address
signature : Match a Cuckoo signature description
signame : Match a Cuckoo signature name
malfamily: Match samples associated with malware family
url : Match a URL target task (submitted URL task)
imphash : Match an import hash
iconhash: Match the exact hash of the icon associated with the PE
iconfuzzy: Match a hash designed to match on similar-looking icons
surialert : Match a suricata alert signature
surihttp : Match suricata HTTP data
suritls : Match suricata TLS data
clamav : Match a Clam AV signature
yaraname : Match a Yara signature name
virustotal : Match a virustotal AV Signature
comment : Match a comment posted to a specific task
md5 : Targets with a specific MD5 hash
sha1 : Targets with a specific SHA1 hash
sha256 : Targets with a specific SHA256 hash
sha512 : Targets with a specific SHA512 hash
Tasks List Yes
  • RPS: 1/s
  • RPM: 5/m
View information about a range of Task ID's. Return object will be JSON Example
curl https://cape.contextis.com/api/tasks/list/
curl https://cape.contextis.com/api/tasks/list/[limit]/ (specify a limit of tasks to return)
curl https://cape.contextis.com/api/tasks/list/[limit]/[offset]/ (specify a limit of tasks to return, offset by a specific amount)
Task View Yes
  • RPS: 1/s
  • RPM: 10/m
View information about a specific task including VM, sample, and error information. Return object will be JSON. Example
curl https://cape.contextis.com/api/tasks/view/[task id]/
Reschedule Task No
  • RPS: None
  • RPM: None
Reschedule an analysis task to run again. Return object will be JSON. Example
curl https://cape.contextis.com/api/tasks/reschedule/[task id]/
Delete Task No
  • RPS: None
  • RPM: None
Delete a task from the database. Return object will be JSON. Example
curl https://cape.contextis.com/api/tasks/delete/[task id]/
Task Status Yes
  • RPS: 4/s
  • RPM: None
Query the status of a Task by ID. Return object will be JSON. Example
curl https://cape.contextis.com/api/tasks/status/[task id]/
Task Report Yes
  • RPS: 1/s
  • RPM: 6/m
Download a report generated for a specific task. Return object will be JSON, XML, or octet-stream (tar.bz2). Example
curl https://cape.contextis.com/api/tasks/get/report/[task id]/
curl https://cape.contextis.com/api/tasks/get/report/[task id]/[format]/
Note: Format can be json/maec/metadata/all.
Task IOCs No
  • RPS: None
  • RPM: None
View objects of the task report that may contain potential IOCs. Return object will be JSON. Example
curl https://cape.contextis.com/api/tasks/get/iocs/[task id]/
curl https://cape.contextis.com/api/tasks/get/iocs/[task id]/detailed/
Task Screenshots Yes
  • RPS: 1/s
  • RPM: None
View/Download screenshots of a Task by ID. Return object will be image/jpeg or octet-stream. (.jpg or .tar.bz2) Example
curl https://cape.contextis.com/api/tasks/get/screenshot/[task id]/    (Downloads all screenshots)
curl https://cape.contextis.com/api/tasks/get/screenshot/[task id]/[screenshot number]/
Task PCAP Yes
  • RPS: 1/s
  • RPM: None
Download the PCAP dump of a Task by ID. Return object will be application/vnd.tcpdump.pcap. (.pcap) Example
curl https://cape.contextis.com/api/tasks/get/pcap/[task id]/
Task Dropped Files Yes
  • RPS: 1/s
  • RPM: 20/m
Download the dropped files associated with a Task by ID. Return object will be octet-stream. (.tar.bz2) Example
curl https://cape.contextis.com/api/tasks/get/dropped/[task id]/
Task SuriFiles No
  • RPS: None
  • RPM: None
Download the Suricata captured files associated with a Task by ID. Return object will be octet-stream. (.zip) Example
curl https://cape.contextis.com/api/tasks/get/surifile/[task id]/
Task Process Dump No
  • RPS: None
  • RPM: None
Download a process memory dump from a Task by ID and PID. Return object will be octet-stream. (.dmp or .tar.bz2) Example
curl https://cape.contextis.com/api/tasks/get/procmemory/[task id]/    (Downloads all process memory dumps)
curl https://cape.contextis.com/api/tasks/get/procmemory/[task id]/[pid]/
Task Full Memory Dump No
  • RPS: None
  • RPM: None
Download a full memory dump of a Task by ID. Return object will be octet-stream. (.dmp) Example
curl https://cape.contextis.com/api/tasks/get/fullmemory/[task id]/
Sample Download No
  • RPS: None
  • RPM: None
Download a sample from a Task by Task ID/MD5/SHA1/SHA256. Return object will be octet-stream. (.bin) Example
curl https://cape.contextis.com/api/files/get/task/[task id]/
curl https://cape.contextis.com/api/files/get/md5/[md5 hash]/
curl https://cape.contextis.com/api/files/get/sha1/[sha1 hash]/
curl https://cape.contextis.com/api/files/get/sha256/[sha256 hash]/
Virtual Machine List Yes
  • RPS: 1/s
  • RPM: None
View basic statistics of available/total virtual machines. Return object will be JSON. Example
curl https://cape.contextis.com/api/machines/list/
Virtual Machine View No
  • RPS: None
  • RPM: None
View information about a specific virtual machine. Return object will be JSON. Example
curl https://cape.contextis.com/api/machines/view/[vm-name]/
Cuckoo Status No
  • RPS: None
  • RPM: None
View the current status of the Cuckoo host. Return object will be JSON. Example
curl https://cape.contextis.com/api/cuckoo/status/