Download files
As noted in Download files (Public API), the sandbox has restrictions on downloading files from the task.
In order to circumvent this limitation, you can download files using the UI API.
Code example
import asyncio
from ptsandbox import Sandbox
from ptsandbox.models import SandboxKey, StorageItem
async def main():
sandbox = Sandbox(SandboxKey(...))
await sandbox.ui.authorize()
data = await sandbox.ui.get_system_components_status()
items: list[StorageItem] = [
{"sha256": "..."},
{"sha256": "...", "name": "..."}
]
async with aiofiles.open("./artifacts.zip", "wb") as fd:
async for chunk in sandbox.ui.get_files(items):
await fd.write(chunk)
Note
A zip archive with the password "infected" is returned, so you need to process the archive yourself.
For example, using pyzipper.
Download logs from recent tasks
import asyncio
from pathlib import Path
import aiofiles
from ptsandbox import Sandbox, SandboxKey
from ptsandbox.models import StorageItem, ScanArtifactType
async def main():
sandbox = Sandbox(SandboxKey(...))
await sandbox.ui.authorize()
tasks = await sandbox.ui.get_tasks()
for task in tasks.tasks:
summary = await sandbox.ui.get_task_tree(task.id)
items: list[StorageItem] = []
for children in summary.children:
if not children.scan_artifacts:
continue
for artifact in children.scan_artifacts:
if artifact.type in {
ScanArtifactType.CORRELATED,
ScanArtifactType.NORMALIZED,
ScanArtifactType.DEBUG,
ScanArtifactType.VIDEO,
}:
items.append({"sha256": artifact.sha256, "name": artifact.name})
path = Path("./tasks") / str(task.id)
path.mkdir(parents=True, exist_ok=True)
async with aiofiles.open(path / "logs.zip", "wb") as fd:
async for chunk in sandbox.ui.get_files(items):
await fd.write(chunk)
asyncio.run(main())