Skip to content

appknox/appknox-python

Repository files navigation

PyPI version Build Status Join the chat at https://gitter.im/appknox/appknox-python

appknox-python

Command-line interface & Python wrapper for the Appknox API.

Python API documentation is available here.

Installation

appknox-python is officially supported on python 3.5 & 3.6. pip is the recommended way to install appknox-python.

pip install appknox

Usage

$ appknox
Usage: appknox [OPTIONS] COMMAND [ARGS]...

  Command line wrapper for the Appknox API

Options:
  -v, --verbose  Specify log verbosity.
  -k, --insecure      Allow Insecure Connection
  --help         Show this message and exit.

Commands:
  analyses       List analyses for file
  files          List files for project
  login          Log in and save session credentials
  logout         Delete session credentials
  organizations  List organizations
  projects       List projects
  recent_uploads List recent file uploads by the user
  report         Download report for file
  upload         Upload and scan package
  switch_organization  Switch organization in CLI instance
  vulnerability  Get vulnerability
  whoami         Show session info
  reports list   Show the list of reports for a file
  reports create Creates a new report for a file
  reports download summary-csv  Downloads the report summary in CSV format
  reports download summary-excel  Downloads the report summary in Excel format

Authentication

Log in to appknox CLI using your secure.appknox.com credentials.

$ appknox login
Username: viren
Password:
Logged in to https://api.appknox.com

Using Environment Variables

Instead of login we can use environment variables for authentication. This will be useful for scenarios such as CI/CD setup.

$ export APPKNOX_ACCESS_TOKEN=aaaabbbbbcccddeeeffgghhh
$ export APPKNOX_ORGANIZATION_ID=2
$ export HTTP_PROXY=http://proxy.local
$ export HTTPS_PROXY=https://proxy.local

Supported variables are:

Environment variable Value
APPKNOX_ACCESS_TOKEN Access token can be generated from Appknox dashboard (Settings → Developer Settings → Generate token).
APPKNOX_HOST Defaults to https://api.appknox.com
APPKNOX_ORGANIZATION_ID Your Appknox organization id
HTTP_PROXY Set your HTTP proxy ex: http://proxy.local
HTTPS_PROXY Set your HTTPS proxy ex: https://proxy.local

Data fetch & actions

Available commands Use
organizations List organizations of user
projects List projects user has access to
files <project_id> List files for a project
analyses <file_id> List analyses for a file
vulnerability <vulnerability_id> Get vulnerability detail
owasp <owasp_id> Get OWASP detail
upload <path_to_app_package> Upload app file from given path and get the file_id
rescan <file_id> Rescan a file (this will create a new file under the same project.)
reports list <file_id> Lists all the reports associated with the file
reports create <file_id> Create a new report for the file and returns report ID
reports download summary-csv <report_id> Outputs the report summary in CSV format
reports download summary-excel <report_id> Outputs the report summary in Excel format

Example:

$ appknox organizations
  id  name
----  -------
   2  MyOrganization

$ appknox projects
  id  created_on             file_count  package_name                     platform  updated_on
----  -------------------  ------------  -----------------------------  ----------  -------------------
   3  2017-06-23 07:19:26             3  org.owasp.goatdroid.fourgoats           0  2017-06-23 07:26:55
   4  2017-06-27 08:27:54             2  com.appknox.mfva                        0  2017-06-27 08:30:04

$ appknox files 4
  id  name      version    version_code
----  ------  ---------  --------------
   6  MFVA            1               6
   7  MFVA            1               6

$ appknox reports list 4
  id  language      
----  ------ 
   1  en
   2  en

$ appknox reports create 4
3

$ appknox reports download summary-csv 3
Organization ID,Project ID,Application Name,Application Namespace,Platform,Version,Version Code,File ID,Test Case,Scan Type,Severity,Risk Override,CVSS Score,Findings,Description,Noncompliant Code Example,Compliant Solution,Business Implication,OWASP,CWE,MSTG,OWASP MASVS (v2),ASVS,PCI-DSS,GDPR,Created On
1,1,MFVA,com.appknox.mfva,Android,1.1,1605631525,51,Broken SSL Trust Manager,Static,High,,6.9,"BluK8lNUoeHkNxZ3GVrKN9BP2
NVWmfbtHDiJBOTbOEpCnsbMhc6T31t...(Truncated)

$ appknox reports download summary-csv 3 --output /path/to/output/report_summary.csv
<No output: This command will download the report summary to given output path>

Using Proxy

Appknox client and CLI both supports HTTP and HTTPS proxy. While using the client, if you need to set-up a proxy then please follow the example below

from appknox.client import Appknox

client = Appknox(
        access_token="Your-Access-Token",  #  This is your access token which you can get from developer setting
        https_proxy="http://proxy.local",  # Use https_proxy by default since cloud server connects to https service
        insecure=True,                     # Use insecure connections, because proxies might have their own set of certificates which maynot be trusted
    )                                      # Insecure connections are not reccomended though

To use it in CLI example:

$ export HTTPS_PROXY=http://127.0.0.1:8080 
$ appknox --insecure login
Username:

Note: Please avoid using --insecure flag or setting insecure=True in client, this will allow an attacker to perform MITM attack, but this might be required for proxies to work alongside.


Development

Update docs

Install sphinx-autobuild:

pip install sphinx-autobuild

Build docs:

sphinx-autobuild -b html sphinx-docs docs

License: MIT