Open maphilli14 opened 3 months ago
Hi !
Umbrella API V2 requires you to ask for an authentication token with your Umbrella API key and Umbrella Secret
You have to ask for it first. and then you will be able to use it into your API Calls
Just create a function which does this
Have a look to the following :
https://developer.cisco.com/docs/cloud-security/#!authentication/generate-an-api-access-token https://developer.cisco.com/docs/cloud-security/#!authentication/token-authorization-request Open the python code
This does indeed work! Are there any plans to update the scripts int this repo to function? I used the curl to grab a key and save it into token.txt but only 1-test works, 2-check domain leaves the files pretty empty:
$ python3 ./0-PoC.py
Required environment variable: API_SECRET not set
maphilli14@DESKTOP-9M5QMHM:~/Umbrella_Investigate_Check_Domain_Reputations$ nano 0-PoC.py
maphilli14@DESKTOP-9M5QMHM:~/Umbrella_Investigate_Check_Domain_Reputations$ nano 1-test_access_to_investigate.py
maphilli14@DESKTOP-9M5QMHM:~/Umbrella_Investigate_Check_Domain_Reputations$ python3 ./1-test_access_to_investigate.py
SUCCESS: The domain internetbadguys.com is found MALICIOUS at 2024-04-01T09:57:49.680057
maphilli14@DESKTOP-9M5QMHM:~/Umbrella_Investigate_Check_Domain_Reputations$ python3 ./2-check_domain_reputation_and_categorization.py
automox.com
digicert.com
digicertcdn.com
app.launchdarkly.com
clientstream.launchdarkly.com
d1ovafk2iqpmhd.cloudfront.netrc.automox.net
region1.v2.argotunnel.com
region2.v2.argotunnel.com
cftunnel.com
h2.cftunnel.com
quic.cftunnel.com
api.cloudflare.com
update.cloudflare.com
pqtunnels.cloudflareresearch.com
automox-policy-files.s3.us-west-2.amazonaws.com
maphilli14@DESKTOP-9M5QMHM:~/Umbrella_Investigate_Check_Domain_Reputations$ ls output/
info.txt resultat.txt resultat_categorie.txt resultat_reputation.txt
maphilli14@DESKTOP-9M5QMHM:~/Umbrella_Investigate_Check_Domain_Reputations$ ls -la output/
total 16
drwxr-xr-x 2 maphilli14 maphilli14 4096 Mar 27 15:00 .
drwxr-xr-x 4 maphilli14 maphilli14 4096 Apr 1 09:57 ..
-rw-r--r-- 1 maphilli14 maphilli14 54 Mar 27 14:47 info.txt
-rw-r--r-- 1 maphilli14 maphilli14 93 Mar 28 16:00 resultat.txt
-rw-r--r-- 1 maphilli14 maphilli14 0 Apr 1 09:58 resultat_categorie.txt
-rw-r--r-- 1 maphilli14 maphilli14 0 Apr 1 09:58 resultat_reputation.txt
Sure I will share a new version of the script that manages the token request.
It is not a priority. but I will do it
The solution is there actually
https://developer.cisco.com/docs/cloud-security/#!authentication/token-authorization-request
Copy the python code given at the URL above. And just add to it python snippet that creates the token.txt file with the negociated Umbrella Token inside... and That's it
I will update this part later, probably into a wider investigation project
Sure I will share a new version of the script that manages the token request.
It is not a priority. but I will do it
The solution is there actually
https://developer.cisco.com/docs/cloud-security/#!authentication/token-authorization-request
Copy the python code given at the URL above. And just add to it python snippet that creates the token.txt file with the negociated Umbrella Token inside... and That's it
I will update this part later, probably into a wider investigation project
I love your work and appreciate your efforts, thanks!!! Close this out when you feel is right
Anyone here can help? I tried the new URL but it still 403's