Scan | Malwation ThreatZone Documentation

URL will be analyzed by Threat.Zone URL Scanner, use the UUID to track the status of the submission

post

Authorizations

Body

urlstringOptional

URL to be analyzed

Example: https://example.com

privatebooleanOptional

Determines if the scan should be private

Default: false

Responses

200

Successful analysis

400

Bad Request - Invalid URL or body

401

Unauthorized

post

POST /public-api/scan/url-analysis HTTP/1.1
Host: 
Authorization: Bearer 
Content-Type: application/json
Accept: */*
Content-Length: 45

{
  "url": "https://example.com",
  "private": false
}

No content

File will be scanned by Threat.Zone Sandbox & Static Scanner, use the UUID to track the status of the submission

post

Authorizations

Query parameters

autostringOptional

If this passed as "true", all of the metafields and environment will be set automatically

Example: false

Body

filestring · binaryRequired

File to be analyzed

extensionCheckstringOptional

Make a MIMEType check for the file and auto-assign the extension

Example: true

modulesstring[]Optional

Modules to be used in analysis

Example: ["csi","cdr"]

entrypointstring | nullableOptional

Select the file to be executed within the archive

Example: file.exe

passwordstring | nullableOptional

Enter the password that will be used to open the archive file

Example: password

Responses

200

Successful analysis

401

Unauthorized

422

Unprocessable Entity - Invalid file or body

post

POST /public-api/scan/sandbox HTTP/1.1
Host: 
Authorization: Bearer 
Content-Type: multipart/form-data
Accept: */*
Content-Length: 671

{
  "file": "binary",
  "analyzeConfig": [
    {
      "metafieldId": "environment",
      "value": "w10_x64"
    },
    {
      "metafieldId": "private",
      "value": false
    },
    {
      "metafieldId": "timeout",
      "value": 180
    },
    {
      "metafieldId": "work_path",
      "value": "desktop"
    },
    {
      "metafieldId": "mouse_simulation",
      "value": true
    },
    {
      "metafieldId": "https_inspection",
      "value": false
    },
    {
      "metafieldId": "internet_connection",
      "value": false
    },
    {
      "metafieldId": "raw_logs",
      "value": false
    },
    {
      "metafieldId": "snapshot",
      "value": false
    },
    {
      "metafieldId": "sleep_evasion",
      "value": false
    },
    {
      "metafieldId": "smart_tracing",
      "value": false
    },
    {
      "metafieldId": "dump_collector",
      "value": false
    }
  ],
  "extensionCheck": "true",
  "modules": [
    "csi",
    "cdr"
  ],
  "entrypoint": "file.exe",
  "password": "password"
}

No content

File will be scanned by Threat.Zone Static Scanner, use the UUID to track the status of the submission

post

This endpoint allows users to upload a file and perform a static scan on it.

Authorizations

Body

filestring · binaryRequired

The file to be scanned

extensionCheckone ofOptional

Option to check file extension

booleanOptional

or

stringOptional

isPublicbooleanOptional

Whether the scan results should be public

entrypointstring | nullableOptional

Select the file to be executed within the archive

Example: file.exe

passwordstring | nullableOptional

Enter the password that will be used to open the archive file

Example: password

Responses

200

The file has been successfully scanned

401

Unauthorized

422

Unprocessable Entity - Invalid file or body

post

POST /public-api/scan/static-scan HTTP/1.1
Host: 
Authorization: Bearer 
Content-Type: multipart/form-data
Accept: */*
Content-Length: 103

{
  "file": "binary",
  "extensionCheck": "text",
  "isPublic": true,
  "entrypoint": "file.exe",
  "password": "password"
}

No content

Perform a CDR (Content Disarm and Reconstruction) scan on an uploaded file

post

This endpoint allows users to upload a file and perform a CDR scan on it, extension check is not optional because it is necessary for CDR module to work properly.

Authorizations

Body

filestring · binaryRequired

The file to be scanned

isPublicbooleanOptional

Whether the scan results should be public

entrypointstring | nullableOptional

Select the file to be executed within the archive

Example: file.exe

passwordstring | nullableOptional

Enter the password that will be used to open the archive file

Example: password

Responses

200

The file has been successfully submitted for CDR

application/json

401

Unauthorized

422

Unprocessable Entity - Invalid file or body

post

POST /public-api/scan/cdr HTTP/1.1
Host: 
Authorization: Bearer 
Content-Type: multipart/form-data
Accept: */*
Content-Length: 79

{
  "file": "binary",
  "isPublic": true,
  "entrypoint": "file.exe",
  "password": "password"
}

{
  "message": "text",
  "uuid": "text"
}