Work with PT Sandbox like a pro
Documentation: https://security-experts-community.github.io/sandbox-cli
Source Code: https://github.com/Security-Experts-Community/sandbox-cli
Note
python >= 3.11 is required.
Using pipx:
pipx install sandbox-cliUsing PyPi:
pip install sandbox-cliNixOS:
nix shell 'github:Security-Experts-Community/sandbox-cli'You must create default config file as described in docs/config-examples/config.toml:
Linux/MacOS:
~/.config/sandbox-cli/config.toml
or
$XDG_HOME_CONFIG_HOME/sandbox-cli/config.tomlWindows:
%APPDATA%\sandbox-cli\config.tomlscanner- Scan with the sandbox.images- Get available images in the sandbox.download- Download any artifact from the sandbox.email- Upload an email and get its headers.report- Generate short report from sandbox scans.unpack/conv- Convert sandbox logs into an analysis-friendly format.rules- Working with raw sandbox rules.
Get all availables images:
sandbox-cli images┏━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━┓
┃ Name ┃ ID ┃ Version ┃ Product version ┃
┡━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━┩
│ altlinux │ altworkstation-10-x64 │ ... │ ... │
│ astra │ astralinux-smolensk-x64 │ ... │ ... │
│ redos │ redos-murom-x64 │ ... │ ... │
│ ubuntu │ ubuntu-jammy-x64 │ ... │ ... │
│ Windows 10 Pro │ win10-1803-x64 │ ... │ ... │
│ Windows 10 Enterprise │ win10-22H2-x64 │ ... │ ... │
│ Windows 10 Pro │ win11-23H2-x64 │ ... │ ... │
│ Windows 7 Enterprise │ win7-sp1-x64 │ ... │ ... │
│ Windows 7 Enterprise │ win7-sp1-x64-ics │ ... │ ... │
└───────────────────────┴─────────────────────────┴────────────┴─────────────────┘Scan the file on all available windows images with timeout 60s and with automatic logs unpacking:
sandbox-cli scanner scan-new -i windows -t 60 -U malware.exe
uv is used to build the project.
uv sync
