New API broke this code

[maphilli14]

Anyone here can help? I tried the new URL but it still 403's

#investigate_url = "https://investigate.api.umbrella.com/domains/categorization/"
investigate_url = "https://api.umbrella.com/investigate/v2/domains/categorization/"

~/Umbrella_Investigate_Check_Domain_Reputations$ python3 ./1-test_access_to_investigate.py
An error has ocurred with the following code 403, please consult the following link: https://docs.umbrella.com/investigate-api/

[pcardotatgit]

Hi !

Umbrella API V2 requires you to ask for an authentication token with your Umbrella API key and Umbrella Secret

You have to ask for it first. and then you will be able to use it into your API Calls

Just create a function which does this

Have a look to the following :

https://developer.cisco.com/docs/cloud-security/#!authentication/generate-an-api-access-token https://developer.cisco.com/docs/cloud-security/#!authentication/token-authorization-request Open the python code

[maphilli14]

This does indeed work! Are there any plans to update the scripts int this repo to function? I used the curl to grab a key and save it into token.txt but only 1-test works, 2-check domain leaves the files pretty empty:

$ python3 ./0-PoC.py
Required environment variable: API_SECRET not set
maphilli14@DESKTOP-9M5QMHM:~/Umbrella_Investigate_Check_Domain_Reputations$ nano 0-PoC.py
maphilli14@DESKTOP-9M5QMHM:~/Umbrella_Investigate_Check_Domain_Reputations$ nano 1-test_access_to_investigate.py
maphilli14@DESKTOP-9M5QMHM:~/Umbrella_Investigate_Check_Domain_Reputations$ python3 ./1-test_access_to_investigate.py
SUCCESS: The domain internetbadguys.com is found MALICIOUS at 2024-04-01T09:57:49.680057
maphilli14@DESKTOP-9M5QMHM:~/Umbrella_Investigate_Check_Domain_Reputations$ python3 ./2-check_domain_reputation_and_categorization.py
automox.com
digicert.com
digicertcdn.com
app.launchdarkly.com
clientstream.launchdarkly.com
d1ovafk2iqpmhd.cloudfront.netrc.automox.net
region1.v2.argotunnel.com
region2.v2.argotunnel.com
cftunnel.com
h2.cftunnel.com
quic.cftunnel.com
api.cloudflare.com
update.cloudflare.com
pqtunnels.cloudflareresearch.com
automox-policy-files.s3.us-west-2.amazonaws.com
maphilli14@DESKTOP-9M5QMHM:~/Umbrella_Investigate_Check_Domain_Reputations$ ls output/
info.txt  resultat.txt  resultat_categorie.txt  resultat_reputation.txt
maphilli14@DESKTOP-9M5QMHM:~/Umbrella_Investigate_Check_Domain_Reputations$ ls -la output/
total 16
drwxr-xr-x 2 maphilli14 maphilli14 4096 Mar 27 15:00 .
drwxr-xr-x 4 maphilli14 maphilli14 4096 Apr  1 09:57 ..
-rw-r--r-- 1 maphilli14 maphilli14   54 Mar 27 14:47 info.txt
-rw-r--r-- 1 maphilli14 maphilli14   93 Mar 28 16:00 resultat.txt
-rw-r--r-- 1 maphilli14 maphilli14    0 Apr  1 09:58 resultat_categorie.txt
-rw-r--r-- 1 maphilli14 maphilli14    0 Apr  1 09:58 resultat_reputation.txt

[pcardotatgit]

Sure I will share a new version of the script that manages the token request.

It is not a priority. but I will do it

The solution is there actually

https://developer.cisco.com/docs/cloud-security/#!authentication/token-authorization-request

Copy the python code given at the URL above. And just add to it python snippet that creates the token.txt file with the negociated Umbrella Token inside... and That's it

I will update this part later, probably into a wider investigation project

[maphilli14]

Sure I will share a new version of the script that manages the token request.

It is not a priority. but I will do it

The solution is there actually

https://developer.cisco.com/docs/cloud-security/#!authentication/token-authorization-request

Copy the python code given at the URL above. And just add to it python snippet that creates the token.txt file with the negociated Umbrella Token inside... and That's it

I will update this part later, probably into a wider investigation project

I love your work and appreciate your efforts, thanks!!! Close this out when you feel is right