Command-line interface & Python wrapper for the Appknox API.
Python API documentation is available here.
appknox-python is officially supported on python 3.5 & 3.6. pip is the recommended way to install appknox-python.
pip install appknox
$ appknox
Usage: appknox [OPTIONS] COMMAND [ARGS]...
Command line wrapper for the Appknox API
Options:
-v, --verbose Specify log verbosity.
-k, --insecure Allow Insecure Connection
--help Show this message and exit.
Commands:
analyses List analyses for file
files List files for project
login Log in and save session credentials
logout Delete session credentials
organizations List organizations
projects List projects
recent_uploads List recent file uploads by the user
report Download report for file
upload Upload and scan package
switch_organization Switch organization in CLI instance
vulnerability Get vulnerability
whoami Show session info
reports list Show the list of reports for a file
reports create Creates a new report for a file
reports download summary-csv Downloads the report summary in CSV format
reports download summary-excel Downloads the report summary in Excel format
Log in to appknox CLI using your secure.appknox.com credentials.
$ appknox login
Username: viren
Password:
Logged in to https://api.appknox.com
Instead of login we can use environment variables for authentication. This will be useful for scenarios such as CI/CD setup.
$ export APPKNOX_ACCESS_TOKEN=aaaabbbbbcccddeeeffgghhh
$ export APPKNOX_ORGANIZATION_ID=2
$ export HTTP_PROXY=http://proxy.local
$ export HTTPS_PROXY=https://proxy.local
Supported variables are:
| Environment variable | Value |
|---|---|
APPKNOX_ACCESS_TOKEN | Access token can be generated from Appknox dashboard (Settings → Developer Settings → Generate token). |
APPKNOX_HOST | Defaults to https://api.appknox.com |
APPKNOX_ORGANIZATION_ID | Your Appknox organization id |
HTTP_PROXY | Set your HTTP proxy ex: http://proxy.local |
HTTPS_PROXY | Set your HTTPS proxy ex: https://proxy.local |
| Available commands | Use |
|---|---|
organizations | List organizations of user |
projects | List projects user has access to |
files <project_id> | List files for a project |
analyses <file_id> | List analyses for a file |
vulnerability <vulnerability_id> | Get vulnerability detail |
owasp <owasp_id> | Get OWASP detail |
upload <path_to_app_package> | Upload app file from given path and get the file_id |
rescan <file_id> | Rescan a file (this will create a new file under the same project.) |
reports list <file_id> | Lists all the reports associated with the file |
reports create <file_id> | Create a new report for the file and returns report ID |
reports download summary-csv <report_id> | Outputs the report summary in CSV format |
reports download summary-excel <report_id> | Outputs the report summary in Excel format |
Example:
$ appknox organizations
id name
---- -------
2 MyOrganization
$ appknox projects
id created_on file_count package_name platform updated_on
---- ------------------- ------------ ----------------------------- ---------- -------------------
3 2017-06-23 07:19:26 3 org.owasp.goatdroid.fourgoats 0 2017-06-23 07:26:55
4 2017-06-27 08:27:54 2 com.appknox.mfva 0 2017-06-27 08:30:04
$ appknox files 4
id name version version_code
---- ------ --------- --------------
6 MFVA 1 6
7 MFVA 1 6
$ appknox reports list 4
id language
---- ------
1 en
2 en
$ appknox reports create 4
3
$ appknox reports download summary-csv 3
Organization ID,Project ID,Application Name,Application Namespace,Platform,Version,Version Code,File ID,Test Case,Scan Type,Severity,Risk Override,CVSS Score,Findings,Description,Noncompliant Code Example,Compliant Solution,Business Implication,OWASP,CWE,MSTG,ASVS,PCI-DSS,GDPR,Created On
1,1,MFVA,com.appknox.mfva,Android,1.1,1605631525,51,Broken SSL Trust Manager,Static,High,,6.9,"BluK8lNUoeHkNxZ3GVrKN9BP2
NVWmfbtHDiJBOTbOEpCnsbMhc6T31t...(Truncated)
$ appknox reports download summary-csv 3 --output /path/to/output/report_summary.csv
<No output: This command will download the report summary to given output path>
Appknox client and CLI both supports HTTP and HTTPS proxy. While using the client, if you need to set-up a proxy then please follow the example below
from appknox.client import Appknox
client = Appknox(
access_token="Your-Access-Token", # This is your access token which you can get from developer setting
https_proxy="http://proxy.local", # Use https_proxy by default since cloud server connects to https service
insecure=True, # Use insecure connections, because proxies might have their own set of certificates which maynot be trusted
) # Insecure connections are not reccomended though
To use it in CLI example:
$ export HTTPS_PROXY=http://127.0.0.1:8080
$ appknox --insecure login
Username:
Note: Please avoid using --insecure flag or setting insecure=True in client, this will allow an attacker to perform MITM attack, but this might be required for proxies to work alongside.
Install sphinx-autobuild:
pip install sphinx-autobuild
Build docs:
sphinx-autobuild -b html sphinx-docs docs
License: MIT
FAQs
Command-line interface & Python wrapper for the Appknox API
We found that appknox demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.