A cross-platform CLI tool which enables analyzing files with Intezer Analyze.
Python 3.6 and above
Python and pip should be available in your path
pip install intezer-analyze-cli
The CLI supports proxies. To use a proxy, set the environment variable HTTP_PROXY or HTTPS_PROXY to the proxy address.
To begin using the cli, first you should login with your API key:
intezer-analyze login <api_key>
If you are running the CLI against an on premise deployment, enter the url:
intezer-analyze login <api_key> http://<address>/api
Send a file or a directory for analysis in Intezer Analyze.
intezer-analyze analyze PATH
PATH: Path to file or directory to send the files inside for analysis.
Send a single file for analysis:
$ intezer-analyze analyze C:\threat.exe
Send all files in directory for analysis:
$ intezer-analyze analyze C:\files-to-analyze
For complete documentation please run intezer-analyze analyze --help
Send a text file with list of hashes
intezer-analyze analyze-by-list PATH
PATH: Path to txt file.
Send txt file with hashes for analysis:
$ intezer-analyze analyze-by-list ~/files/hashes.txt
For complete documentation please run intezer-analyze analyze-by-list --help
Send a file or a directory for indexing
intezer-analyze index PATH INDEX_AS [FAMILY_NAME]
PATH: Path to file or directory to index
INDEX_AS: malicious or trusted
FAMILY_NAME: The family name (optional)
index a single file:
$ intezer-analyze index ~/files/threat.exe.sample malicious family_name
index all files in directory:
$ intezer-analyze index ~/files/files-to-index trusted
For complete documentation please run intezer-analyze index --help
Send a text file with list of hashes to index
intezer-analyze index-by-list PATH --index-as=INDEX [FAMILY_NAME]
PATH: Path to txt file
--index-as: malicious or trusted
FAMILY_NAME: The family name (optional)
Send a file with hashes and verdict for indexing:
$ intezer-analyze index-by-list ~/files/hashes.txt --index-as=malicious family_name
For complete documentation please run intezer-analyze index-by-list --help
Upload an offline scan created by running the Intezer Endpoint Scanner with '-o' flag
intezer-analyze upload-endpoint-scan OFFLINE_SCAN_DIRECTORY
OFFLINE_SCAN_DIRECTORY: Path to directory with offline endpoint scan results
Upload a directory with offline endpoint scan results:
$ intezer-analyze upload-endpoint-scan /home/user/offline_scans/scan_MYPC_2019-01-01_00-00-00
For complete documentation please run intezer-analyze upload-endpoint-scan --help
Upload multiple offline scans created by running the Intezer Endpoint Scanner with '-o' flag
intezer-analyze upload-endpoint-scans-in-directory OFFLINE_SCANS_ROOT_DIRECTORY
OFFLINE_SCANS_ROOT_DIRECTORY: Path to root directory containing offline endpoint scan results
Upload a directory with offline endpoint scan results:
$ intezer-analyze upload-endpoint-scans-in-directory /home/user/offline_scans
For complete documentation please run intezer-analyze upload-endpoint-scans-in-directory --help
Upload a directory with .eml files
UPLOAD_EMAILS_IN_DIRECTORY: Path to root directory containing the .eml files
$ intezer-analyze upload-emails-in-directory /path/to/emails_root_directory
The cli produce a log file named intezer-analyze-cli.log in the current working directory.
To enable console output, set the environment variable INTEZER_DEBUG=1.