Last active
March 31, 2024 11:40
-
-
Save mgramin/0dd3872813047a27886d387a188781cd to your computer and use it in GitHub Desktop.
Simple REST service for osquery
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from flask import Flask, request | |
| from flask_restful import Api, Resource | |
| import osquery | |
| class User(Resource): | |
| @staticmethod | |
| def get(): | |
| instance = osquery.SpawnInstance() | |
| instance.open() | |
| query = request.args.get('query', default='', type=str) | |
| query = instance.client.query(query) | |
| return query.response, 200 | |
| @staticmethod | |
| def post(): | |
| instance = osquery.SpawnInstance() | |
| instance.open() | |
| query = request.data | |
| query = instance.client.query(query) | |
| return query.response, 200 | |
| app = Flask(__name__) | |
| api = Api(app) | |
| api.add_resource(User, "/exec") | |
| app.run(host='0.0.0.0', debug=True, threaded=True, port=8082) |
@RamrajSekar
Hi, its very simple:
curl -d 'select version from os_version' -H "Content-Type: application/json" -X POST http://127.0.0.1:8082/exec
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@mgramin, How do I curl this API?I'm ending up with below error,
[root@r00etyn0c osq]# curl -k http://127.0.0.1:5000/exec?query=select version from os_version
[]
curl: (6) Could not resolve host: version; Name or service not known
curl: (6) Could not resolve host: from; Name or service not known
curl: (6) Could not resolve host: os_version; Name or service not known
However with below code I'm able to run the query but need it to be dynamic any help on this would be helpful,
`from flask import Flask, request
from flask_restful import Api, Resource
import osquery
class User(Resource):
@staticmethod
def get():
instance = osquery.SpawnInstance()
instance.open()
query = "select name,pid from processes"
#query = request.args.get('query', default='', type=str)
query = instance.client.query(query)
return query.response, 200
#instance = osquery.SpawnInstance()
#instance.open()
app = Flask(name)
api = Api(app)
api.add_resource(User, "/exec")
app.run(debug=True)
`