[![PyPI version](https://badge.fury.io/py/appknox.svg)](https://badge.fury.io/py/appknox)
[![Build Status](https://travis-ci.org/appknox/appknox-python.svg)](https://travis-ci.org/appknox/appknox-python)
[![Join the chat at https://gitter.im/appknox/appknox-python](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/appknox/appknox-python?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
# appknox-python
Command-line interface & Python wrapper for the Appknox API.
>
> Python API documentation is available [here](http://appknox.org/appknox-python/).
>
## Installation
appknox-python is officially supported on python 3.5 & 3.6. pip is the recommended way to install appknox-python.
```
pip install appknox
```
## Usage
```
$ appknox
Usage: appknox [OPTIONS] COMMAND [ARGS]...
Command line wrapper for the Appknox API
Options:
-v, --verbose Specify log verbosity.
-k, --insecure Allow Insecure Connection
--help Show this message and exit.
Commands:
analyses List analyses for file
files List files for project
login Log in and save session credentials
logout Delete session credentials
organizations List organizations
projects List projects
recent_uploads List recent file uploads by the user
report Download report for file
upload Upload and scan package
switch_organization Switch organization in CLI instance
vulnerability Get vulnerability
whoami Show session info
reports list Show the list of reports for a file
reports create Creates a new report for a file
reports download summary-csv Downloads the report summary in CSV format
reports download summary-excel Downloads the report summary in Excel format
```
### Authentication
Log in to appknox CLI using your [secure.appknox.com](https://secure.appknox.com/) credentials.
```
$ appknox login
Username: viren
Password:
Logged in to https://api.appknox.com
```
#### Using Environment Variables
Instead of `login` we can use environment variables for authentication. This will be useful for scenarios such as CI/CD setup.
```
$ export APPKNOX_ACCESS_TOKEN=aaaabbbbbcccddeeeffgghhh
$ export APPKNOX_ORGANIZATION_ID=2
$ export HTTP_PROXY=http://proxy.local
$ export HTTPS_PROXY=https://proxy.local
```
Supported variables are:
| Environment variable | Value |
|----|-----|
| `APPKNOX_ACCESS_TOKEN` | Access token can be generated from Appknox dashboard _(Settings → Developer Settings → Generate token)_. |
| `APPKNOX_HOST` | Defaults to `https://api.appknox.com` |
| `APPKNOX_ORGANIZATION_ID` | Your Appknox organization id |
| `HTTP_PROXY` | Set your HTTP proxy ex: `http://proxy.local` |
| `HTTPS_PROXY` | Set your HTTPS proxy ex: `https://proxy.local` |
### Data fetch & actions
| Available commands | Use |
|--------------------|-----|
| `organizations` | List organizations of user |
| `projects` | List projects user has access to |
| `files <project_id>` | List files for a project |
| `analyses <file_id>` | List analyses for a file |
| `vulnerability <vulnerability_id>` | Get vulnerability detail |
| `owasp <owasp_id>` | Get OWASP detail |
| `upload <path_to_app_package>` | Upload app file from given path and get the file_id |
| `rescan <file_id>` | Rescan a file (this will create a new file under the same project.) |
| `reports list <file_id>` | Lists all the reports associated with the file |
| `reports create <file_id>` | Create a new report for the file and returns report ID|
| `reports download summary-csv <report_id>` | Outputs the report summary in CSV format |
| `reports download summary-excel <report_id>` | Outputs the report summary in Excel format |
Example:
```
$ appknox organizations
id name
---- -------
2 MyOrganization
$ appknox projects
id created_on file_count package_name platform updated_on
---- ------------------- ------------ ----------------------------- ---------- -------------------
3 2017-06-23 07:19:26 3 org.owasp.goatdroid.fourgoats 0 2017-06-23 07:26:55
4 2017-06-27 08:27:54 2 com.appknox.mfva 0 2017-06-27 08:30:04
$ appknox files 4
id name version version_code
---- ------ --------- --------------
6 MFVA 1 6
7 MFVA 1 6
$ appknox reports list 4
id language
---- ------
1 en
2 en
$ appknox reports create 4
3
$ appknox reports download summary-csv 3
Organization ID,Project ID,Application Name,Application Namespace,Platform,Version,Version Code,File ID,Test Case,Scan Type,Severity,Risk Override,CVSS Score,Findings,Description,Noncompliant Code Example,Compliant Solution,Business Implication,OWASP,CWE,MSTG,ASVS,PCI-DSS,GDPR,Created On
1,1,MFVA,com.appknox.mfva,Android,1.1,1605631525,51,Broken SSL Trust Manager,Static,High,,6.9,"BluK8lNUoeHkNxZ3GVrKN9BP2
NVWmfbtHDiJBOTbOEpCnsbMhc6T31t...(Truncated)
$ appknox reports download summary-csv 3 --output /path/to/output/report_summary.csv
<No output: This command will download the report summary to given output path>
```
### Using Proxy
Appknox client and CLI both supports HTTP and HTTPS proxy. While using the client, if you need to set-up a proxy then please follow the example below
```
from appknox.client import Appknox
client = Appknox(
access_token="Your-Access-Token", # This is your access token which you can get from developer setting
https_proxy="http://proxy.local", # Use https_proxy by default since cloud server connects to https service
insecure=True, # Use insecure connections, because proxies might have their own set of certificates which maynot be trusted
) # Insecure connections are not reccomended though
```
To use it in CLI example:
```
$ export HTTPS_PROXY=http://127.0.0.1:8080
$ appknox --insecure login
Username:
```
*Note*: Please avoid using `--insecure` flag or setting `insecure=True` in client, this will allow an attacker to perform MITM attack, but this might be required for proxies to work alongside.
---
## Development
### Update docs
Install [sphinx-autobuild](https://github.com/GaretJax/sphinx-autobuild):
```
pip install sphinx-autobuild
```
Build docs:
```
sphinx-autobuild -b html sphinx-docs docs
```
---
License: MIT
Raw data
{
"_id": null,
"home_page": "https://github.com/appknox/appknox-python",
"name": "appknox",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "appknox xysec rest api wrapper cli mobile security",
"author": "Appknox",
"author_email": "engineering@appknox.com",
"download_url": "https://files.pythonhosted.org/packages/e7/1b/646bd8441705141e584d3a62e2299ee9aec71b6b7efa4c7d8d36086f6741/appknox-4.3.0.tar.gz",
"platform": null,
"description": "[![PyPI version](https://badge.fury.io/py/appknox.svg)](https://badge.fury.io/py/appknox)\n[![Build Status](https://travis-ci.org/appknox/appknox-python.svg)](https://travis-ci.org/appknox/appknox-python)\n[![Join the chat at https://gitter.im/appknox/appknox-python](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/appknox/appknox-python?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)\n\n# appknox-python\n\nCommand-line interface & Python wrapper for the Appknox API.\n\n\n>\n> Python API documentation is available [here](http://appknox.org/appknox-python/).\n>\n\n\n## Installation\n\nappknox-python is officially supported on python 3.5 & 3.6. pip is the recommended way to install appknox-python.\n\n```\npip install appknox\n```\n\n## Usage\n\n```\n$ appknox\nUsage: appknox [OPTIONS] COMMAND [ARGS]...\n\n Command line wrapper for the Appknox API\n\nOptions:\n -v, --verbose Specify log verbosity.\n -k, --insecure Allow Insecure Connection\n --help Show this message and exit.\n\nCommands:\n analyses List analyses for file\n files List files for project\n login Log in and save session credentials\n logout Delete session credentials\n organizations List organizations\n projects List projects\n recent_uploads List recent file uploads by the user\n report Download report for file\n upload Upload and scan package\n switch_organization Switch organization in CLI instance\n vulnerability Get vulnerability\n whoami Show session info\n reports list Show the list of reports for a file\n reports create Creates a new report for a file\n reports download summary-csv Downloads the report summary in CSV format\n reports download summary-excel Downloads the report summary in Excel format\n```\n\n### Authentication\n\nLog in to appknox CLI using your [secure.appknox.com](https://secure.appknox.com/) credentials.\n\n```\n$ appknox login\nUsername: viren\nPassword:\nLogged in to https://api.appknox.com\n```\n\n#### Using Environment Variables\n\nInstead of `login` we can use environment variables for authentication. This will be useful for scenarios such as CI/CD setup.\n\n```\n$ export APPKNOX_ACCESS_TOKEN=aaaabbbbbcccddeeeffgghhh\n$ export APPKNOX_ORGANIZATION_ID=2\n$ export HTTP_PROXY=http://proxy.local\n$ export HTTPS_PROXY=https://proxy.local\n```\n\nSupported variables are:\n\n| Environment variable | Value |\n|----|-----|\n| `APPKNOX_ACCESS_TOKEN` | Access token can be generated from Appknox dashboard _(Settings \u2192 Developer Settings \u2192 Generate token)_. |\n| `APPKNOX_HOST` | Defaults to `https://api.appknox.com` |\n| `APPKNOX_ORGANIZATION_ID` | Your Appknox organization id |\n| `HTTP_PROXY` | Set your HTTP proxy ex: `http://proxy.local` |\n| `HTTPS_PROXY` | Set your HTTPS proxy ex: `https://proxy.local` |\n\n\n### Data fetch & actions\n\n| Available commands | Use |\n|--------------------|-----|\n| `organizations` | List organizations of user |\n| `projects` | List projects user has access to |\n| `files <project_id>` | List files for a project |\n| `analyses <file_id>` | List analyses for a file |\n| `vulnerability <vulnerability_id>` | Get vulnerability detail |\n| `owasp <owasp_id>` | Get OWASP detail |\n| `upload <path_to_app_package>` | Upload app file from given path and get the file_id |\n| `rescan <file_id>` | Rescan a file (this will create a new file under the same project.) |\n| `reports list <file_id>` | Lists all the reports associated with the file |\n| `reports create <file_id>` | Create a new report for the file and returns report ID|\n| `reports download summary-csv <report_id>` | Outputs the report summary in CSV format | \n| `reports download summary-excel <report_id>` | Outputs the report summary in Excel format |\n\n\nExample:\n\n```\n$ appknox organizations\n id name\n---- -------\n 2 MyOrganization\n\n$ appknox projects\n id created_on file_count package_name platform updated_on\n---- ------------------- ------------ ----------------------------- ---------- -------------------\n 3 2017-06-23 07:19:26 3 org.owasp.goatdroid.fourgoats 0 2017-06-23 07:26:55\n 4 2017-06-27 08:27:54 2 com.appknox.mfva 0 2017-06-27 08:30:04\n\n$ appknox files 4\n id name version version_code\n---- ------ --------- --------------\n 6 MFVA 1 6\n 7 MFVA 1 6\n\n$ appknox reports list 4\n id language \n---- ------ \n 1 en\n 2 en\n\n$ appknox reports create 4\n3\n\n$ appknox reports download summary-csv 3\nOrganization ID,Project ID,Application Name,Application Namespace,Platform,Version,Version Code,File ID,Test Case,Scan Type,Severity,Risk Override,CVSS Score,Findings,Description,Noncompliant Code Example,Compliant Solution,Business Implication,OWASP,CWE,MSTG,ASVS,PCI-DSS,GDPR,Created On\n1,1,MFVA,com.appknox.mfva,Android,1.1,1605631525,51,Broken SSL Trust Manager,Static,High,,6.9,\"BluK8lNUoeHkNxZ3GVrKN9BP2\nNVWmfbtHDiJBOTbOEpCnsbMhc6T31t...(Truncated)\n\n$ appknox reports download summary-csv 3 --output /path/to/output/report_summary.csv\n<No output: This command will download the report summary to given output path>\n```\n\n### Using Proxy\n\nAppknox client and CLI both supports HTTP and HTTPS proxy. While using the client, if you need to set-up a proxy then please follow the example below\n\n```\nfrom appknox.client import Appknox\n\nclient = Appknox(\n access_token=\"Your-Access-Token\", # This is your access token which you can get from developer setting\n https_proxy=\"http://proxy.local\", # Use https_proxy by default since cloud server connects to https service\n insecure=True, # Use insecure connections, because proxies might have their own set of certificates which maynot be trusted\n ) # Insecure connections are not reccomended though\n```\n\nTo use it in CLI example:\n\n```\n$ export HTTPS_PROXY=http://127.0.0.1:8080 \n$ appknox --insecure login\nUsername:\n```\n\n*Note*: Please avoid using `--insecure` flag or setting `insecure=True` in client, this will allow an attacker to perform MITM attack, but this might be required for proxies to work alongside.\n\n---\n\n## Development\n### Update docs\n\nInstall [sphinx-autobuild](https://github.com/GaretJax/sphinx-autobuild):\n```\npip install sphinx-autobuild\n```\n\nBuild docs:\n```\nsphinx-autobuild -b html sphinx-docs docs\n```\n\n---\n\nLicense: MIT\n\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Command-line interface & Python wrapper for the Appknox API",
"version": "4.3.0",
"split_keywords": [
"appknox",
"xysec",
"rest",
"api",
"wrapper",
"cli",
"mobile",
"security"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "df4f295ea5bf447fb83739dbe1b0c8faf07664c5e4154c4648a80c3c4d1effc6",
"md5": "ee4c6d616fb87bcd5a404d570ac6ce60",
"sha256": "d2d06a453282ae05d0365150b7d4c0ad0a4593e4e181979eeddb655c64721759"
},
"downloads": -1,
"filename": "appknox-4.3.0-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "ee4c6d616fb87bcd5a404d570ac6ce60",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": null,
"size": 16010,
"upload_time": "2023-02-01T15:38:34",
"upload_time_iso_8601": "2023-02-01T15:38:34.362782Z",
"url": "https://files.pythonhosted.org/packages/df/4f/295ea5bf447fb83739dbe1b0c8faf07664c5e4154c4648a80c3c4d1effc6/appknox-4.3.0-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "e71b646bd8441705141e584d3a62e2299ee9aec71b6b7efa4c7d8d36086f6741",
"md5": "371ed31fa83db0db515c1866dcb91f9b",
"sha256": "403c011ad2aad70386c282b461a1d4a29a8a6dd6515f5a76efa4455d4837c696"
},
"downloads": -1,
"filename": "appknox-4.3.0.tar.gz",
"has_sig": false,
"md5_digest": "371ed31fa83db0db515c1866dcb91f9b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 17332,
"upload_time": "2023-02-01T15:38:36",
"upload_time_iso_8601": "2023-02-01T15:38:36.395609Z",
"url": "https://files.pythonhosted.org/packages/e7/1b/646bd8441705141e584d3a62e2299ee9aec71b6b7efa4c7d8d36086f6741/appknox-4.3.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-02-01 15:38:36",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "appknox",
"github_project": "appknox-python",
"travis_ci": true,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "appknox"
}