{% extends "base.html" %} {% block content %}
The malcarve API is currently implemented as a blocking, synchronous HTTP POST.
URL | Method | Description | Successful Response | Unsuccessful Response |
---|---|---|---|---|
/api/submit | POST | Accepts a multipart/form-data submission containing the sample file to scan and returns a results json dictionary. |
{"apiversion": "version", "status": "Success", "filename": "filename" "filesize": bytes, "md5": "hexstring", "start": "YYYY-MM-DDTHH:mm:SS.sssssss", "finish": "YYYY-MM-DDTHH:mm:SS.sssssss", "duration": seconds, "carved": [ {"pattern": "matched pattern as escaped string", "key": "key in hex", "keysize": bytes, "offset": offset in bytes, "scheme": "obfuscation scheme", "modifiers": {"modifier_key": "modifier_value", ... }, "payload": "payload type carved", "content": "base64 of carved content", "length": bytes, "content_with_overlay": "base64 of carved content including overlay", "length_with_overlay": bytes, }, ... ]} |
{"apiversion": "version", "status": "Failure", "filename": "filename" "filesize": bytes, "md5": "hexstring", "start": "YYYY-MM-DDTHH:mm:SS.sssssss", "finish": "YYYY-MM-DDTHH:mm:SS.sssssss", "duration": seconds, "carved": [], "error": "exception message", } |
curl -i --form file=@xor_xf00d_countup3_nulls_embedded http://localhost:8080/api/submit HTTP/1.0 200 OK Date: Sun, 18 Dec 2015 08:58:17 GMT Server: WSGIServer/0.1 Python/2.7.6 Content-Length: 42407 Content-Type: application/json { "status": "Success", "started": "2015-12-18T08:58:17.466162", "apiversion": "0.1", "filename": "xor_xf00d_countup3_nulls_embedded", "filesize": 32009, "md5": "6833092570b32cf92fbd8ce4ca181683", "finished": "2015-12-18T08:58:17.495110", "duration": 0.028948, "carved": [ { "modifiers": { "step": 3, "null_preserve": true }, "pattern": "\x0e\x1f\xba\x0e\x00\xb4\t\xcd!\xb8\x01L\xcd!This program cannot", "content": "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA...", "length": 31232, "keysize": 2, "key": "0xf00d", "offset": "0x00000309", "scheme": "xor", "payload_type": "pe" } ] }