Skip to content
The PacketTotal SDK is a collection of modules that provide access to PacketTotal's REST API interface.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs
packettotal_sdk
scripts
CHANGELOG.md removed test print statement May 12, 2019
LICENSE
Makefile
README.md
conf.py
index.rst
make.bat moved sphinx configs/builds out of sdk modules directory Apr 29, 2019
requirements.txt
setup.py

README.md

PacketTotal SDK

The PacketTotal SDK is a collection of modules that provide access to PacketTotal's REST API interface.

The official API documentation can be found here

Getting Started

Prerequisites

  • Python 3.5 or higher.

Installation

  • pip install -r requirements.txt
  • python setup.py install

Optional Configurations

If you need to override the API base URL or version you can do so with the below environmental variables.

export PACKETTOTAL_API_BASE_URL="https://api.packettotal.com/"
export PACKETTOTAL_API_VERSION_STRING="v1"

Request an API key

You can request an API key here.

Basic Usage

The SDK ships with a library for interacting with the PacketTotal API, as well as a script to provide easy access to this library.

Retrieving API Usage Information

Via packettotal commandline
packettotal usage
Via packettotal_api module
from packettotal_sdk import packettotal_api

api = packettotal_api.PacketTotalApi('my-api-key')

response = api.usage()

print(response.status_code, response.json())

Analyze a pcap file

Via packettotal commandline
packettotal analyze --path /path/to/my/pcap.pcap --name my-publicly-shared-pcap-name
Via packettotal_api module
from packettotal_sdk import packettotal_api

api = packettotal_api.PacketTotalApi('my-api-key')

response = api.analyze(open('/path/to/my/pcap.pcap', 'rb'), pcap_name='my-publicly-shared-pcap-name')

print(response.status_code, response.json())

Run a search

Via packettotal commandline
packettotal search --query google.com

Search by PCAP file

Via packettotal commandline
packettotal search_by_pcap --path /path/to/my/pcap.pcap 
Via search_tools module
from packettotal_sdk import search_tools

api = search_tools.SearchTools('my-api-key')

response = api.search_by_pcap(open('my-public-pcap.pcap', 'rb'))

print(response.status_code, response.json())

Search by list of IOCs

Via packettotal commandline
packettotal ioc_search --ioc-path /path/to/my_line_delim_iocs.txt
Via search_tools module
from packettotal_sdk import search_tools

api = search_tools.SearchTools('my-api-key')

response = api.search_by_iocs(open('my_line_delim_iocs.txt', 'r'))

print(response.status_code, response.json())

Documentation

Static HTML version of the SDK's API Module can be found here.

The official REST API documentation is available here

Or ...

Build Sphinx Docs with search by following the seps below:

  1. From the root directory run make html or make.bat if on Windows.
  2. Navigate to _build/html/index.html in a web-browser.
You can’t perform that action at this time.