Using the Chariot SDK in your Script Using the Chariot SDK in your Script

Using the Chariot SDK in your Script

The Chariot SDK provides a robust interface for interacting with the Chariot API. In this section, we will explore some simple use-cases that deal with inserting data into the Chariot system. These examples assume the context of a script function, similar to the one defined in this nmap-example script. For these examples, the sdk variable is used for accessing the Chariot API

The Chariot SDK provides more functionality than just what is described here. Curious users are recommended to learn more by seeing how the Chariot handler implements functionality such as searching for specific items or listing all assets.

 

Within your python script, you can experiment with the following actions using the Chariot SDK.

Add an Asset

# Add an Asset

hostname = 'hostname.value.here'
ipaddress = '8.8.8.8'
sdk.add('asset', dict( dns=hostname, name=ipaddress))

Add an Attribute to an Asset

Note that an asset_key is required in order to link an attribute. This value can be built by combining #asset# with the DNS and IP Address value. 

 

# Add an attribute to an asset

hostname = 'hostname.value.here'
ipaddress = '8.8.8.8'
asset_key = f'#asset#{hostname}#{ipaddress}'

sdk.add(
'attribute', dict(key=asset_key, name='attrKey', value='attrValue'))

Add a Risk to an Asset

Note that an asset_key is required in order to link an attribute. This value can be built by combining #asset# with the DNS and IP Address value. 

 

# Add a risk tied to an asset

hostname = 'hostname.value.here'
ipaddress = '8.8.8.8'
asset_key = f'#asset#{hostname}#{ipaddress}'
status = 'TC'
# Status codes can be: # Status codes can be:
# TI [triage info]
# TL [triage low]
# TM [triage medium]
# TH [triage high]
# TC [triage critical]


vuln
= "vuln-risk-id"
proof_of_exploit = "Dump Whatever Content you consider Proof of Exploitation for the Risk here"
comment = 'Any additional comments (or empty string)'
sdk.add('risk', dict(key=asset_key, name=vuln, source='scriptname', status=status, comment=comment))
if proof_of_exploit is not None:
   sdk._upload(f'proofs/{hostname}/{vuln}', proof_of_exploit)


The Chariot SDK has much more functionality. Experiment with these actions and discover more with our example script.

If you find a topic that you would like discussed in detail, or need further assistance, please let us know at support@praetorian.com!