
Security News
Open Source CAI Framework Handles Pen Testing Tasks up to 3,600× Faster Than Humans
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.
Latest Version: 1.0.6
The Group-IB THF Python Client enables you to fully integrate Group-IB THF Polygon into your malware analysis framework. Group-IB THF Polygon is a Malware Detonation & Research platform designed for deep dynamic analysis and enhanced indicators extraction.
You can use this library with
The code is written in Python and licensed under MIT.
pip install pythf
For upgrading pythf
to a more recent version, use
pip install --upgrade pythf
In order to perform any queries via the API, you will need to get the API token for your Group-IB THF user.
from pythf import Polygon
polygon = Polygon("MY_API_KEY")
analysis = polygon.upload_file(open("sample.exe", "rb"))
analysis = polygon.upload_url("https://very-malicious-url.com")
Now we have the analysis
object.
To update analysis status and get info about it, use the next method:
info = analysis.get_info(extended=True)
Notice: parameter extended
allows you to get full or short info about analysis process. The short version of the information is as follows:
{
"status": "IN PROGRESS" | "FINISHED" | "FAILED",
"verdict": None | True | False,
"report_url": "https://...",
"error": "Some error" # optional field only for "FAILED" status
}
If the "verdict" is True
then object is malicious.
Notice: THF need some time to generate the report url. Until it happens, the response will not contain this field.
report = analysis.get_report()
archived_report = analysis.export_report() # Export report as .tar.
pdf_report = analysis.export_pdf_report() # Export report as PDF
pcap = analysis.export_pcap() # Export all network activity as .pcap file.
screen_video = analysis.export_video() # Export the screen-video of the detonation process.
Notice: If there is no artifact, all this methods raise ObjectNotFoundError
.
reputation = polygon.get_hash_reputation("md5", "ac55cf33c4691f863bfb3af8c06a7244")
You can get reputation for md5
, sha1
, sha256
hash types.
The method returns a dict object:
{
"found": true | false,
"verdict": true | false,
"malware_families": [],
"score": float in [0; 100]
}
FAQs
Group-IB THF REST API Python Bindings
We found that pythf demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.
Security News
Deno 2.4 brings back bundling, improves dependency updates and telemetry, and makes the runtime more practical for real-world JavaScript projects.
Security News
CVEForecast.org uses machine learning to project a record-breaking surge in vulnerability disclosures in 2025.