7. API

Functions overview

Functions provided by the PyRAP API are listed in the table below.

Function	Return Type	Detail
get_status	dic	Gets PyRASP agent status
get_blacklist	lst	Retrieves current blacklisted entries
set_config	dic	Changes PyRASP agent configuration parameters
get_config	dic	Retrieves current PyRASP agent configuration

get_status()

The get_status() function provides core informations about the agent in a dictionnary structure. Available keys are listed in teh table below.

Key	Data Type	Detail
version	str	Version of the agent
config	str	Type of the running configuration (Default, Local, Cloud)
blacklist	int	Blacklists entries count
xss_loaded	bool	XSS Machine Learning engine enabled
sqli_loaded	bool	SQL Injection Machine Learning engine enabled

pyrasp = FlaskRASP()
print(pyrasp.get_status())

{
    'blacklist': 243,
    'config': 'Cloud',
    'sqli_loaded': True,
    'version': '0.7.2',
    'xss_loaded': True
}

get_blacklist()

The get_blacklist() function returns the current balcklist entries of the agent in teh form of a list.

pyrasp = FlaskRASP()
print(pyrasp.get_blacklist())

[ '194.98.65.65', '212.2.45.87' ]

set_config(params)

The set_config() function sets running configuration parameters.

Arguments

• params: A dictionary in the form { '<param_name>': '<param_value>', ... }

SECURITY_CHECKS parameters must be specified as SECURITY_CHECKS.<check> ex: { 'SECURITY_CHECKS.xss': 0 }

Return Value

A dictionnary with 2 keys:

• success: list of params successfully changed

• fail: list of params that were not changes

Example

pyrasp = FlaskRASP()
print(pyrasp.set_config({ 'XSS_PROBA': 0.8, 'SECURITY_CHECKS.dlp': 0, 'FOO': 0, 'SECURITY_CHECKS.bar': 0 }))

{
    'fail': ['FOO', 'SECURITY_CHECKS.bar'],
    'success': ['XSS_PROBA', 'SECURITY_CHECKS.dlp']
}

get_config()

The get_config() function collects the full runing configuration of the agent.

pyrasp = FlaskRASP()
print(pyrasp.get_config())

{
    'HOSTS' : ['mysite.mydomain.com'],
    'APP_NAME' : 'Web Server',
    'GTFO_MSG' : '<html><head /><body><h1>You have been blocked</h1></body></html>',
    'DENY_STATUS_CODE': 403,

    'VERBOSE' : 10,
    'DECODE_B64' : True,

    'SECURITY_CHECKS' : {
        'path': 3,
        'headers': 0,
        'flood': 2,
        'spoofing': 2,
        'decoy': 2,
        'sqli': 2,
        'xss': 2,
        'hpp': 2,
        'command': 2,
        'dlp': 2,
        'brute': 2
    },    

    'WHITELIST': [],

    'IGNORE_PATHS' : ['^/css','^/js','^/img'],

    'BRUTE_AND_FLOOD_PATHS' : ['^/'],
    'FLOOD_DELAY' : 60,
    'FLOOD_RATIO' : 50,
    'ERROR_FLOOD_DELAY' : 10,
    'ERROR_FLOOD_RATIO' : 100,

    'BLACKLIST_DELAY' : 3600,
    'BLACKLIST_OVERRIDE' : False,

    'DECOY_ROUTES' : [ 
        [ '/admin', 'ends' ],
        [ '/login', 'ends' ],
        [ '/logs', 'ends' ],
        [ '/version', 'ends' ],   
        [ '/cgi-bin/', 'starts' ],                      
        [ '/remote/', 'starts' ],                     
        [ '/.env', 'starts' ],                     
        [ '/owa/', 'starts' ],                        
        [ '/autodiscover', 'starts' ],
        [ '/Autodiscover', 'starts' ],
        [ '/.git/', 'starts' ],                
        [ '/.aws/ ', 'starts' ],
        [ 'wp-', 'contains' ]
    ],

    'EXCEPTIONS': [
        [ 'Skull & Bones', 'match' ]
    ],

    'XSS_PROBA' : 0.80,
    'MIN_XSS_LEN': 16,

    'SQLI_PROBA' : 0.725,
    'MIN_SQLI_LEN': 8,

    'DLP_PHONE_NUMBERS': False,
    'DLP_CC_NUMBERS': False,
    'DLP_PRIVATE_KEYS': False,
    'DLP_HASHES': False,
    'DLP_WINDOWS_CREDS': False,
    'DLP_LINUX_CREDS': False,

    'LOG_ENABLED': False,
    'LOG_FORMAT': 'Syslog',
    'LOG_SERVER': '127.0.0.1',        
    'LOG_PORT': 514,    
    'LOG_PROTOCOL': 'UDP',
    'LOG_PATH': '',
    'RESOLBVE_COUNTRY': False,

    'CHANGE_SERVER': True,
    'SERVER_HEADER': 'Apache',

    'BEACON': False,
    'TELEMETRY_DATA': False,
    'BEACON_URL': '',
    'BEACON_DELAY': 30
}