The Chariot SDK provides a robust interface for interacting with the Chariot API. In this section, we will explore some simple use-cases that deal with inserting data into the Chariot system. These examples assume the context of a script function, similar to the one defined in this nmap-example script. For these examples, the sdk
variable is used for accessing the Chariot API
The Chariot SDK provides more functionality than just what is described here. Curious users are recommended to learn more by seeing how the Chariot handler implements functionality such as searching for specific items or listing all assets.
Within your python script, you can experiment with the following actions using the Chariot SDK.
Add an Asset
# Add an Asset
hostname = 'hostname.value.here'
ipaddress = '8.8.8.8'
sdk.add('asset', dict( dns=hostname, name=ipaddress))
Add an Attribute to an Asset
Note that an asset_key is required in order to link an attribute. This value can be built by combining #asset# with the DNS and IP Address value.
# Add an attribute to an asset
hostname = 'hostname.value.here'
ipaddress = '8.8.8.8'
asset_key = f'#asset#{hostname}#{ipaddress}'
sdk.add('attribute', dict(key=asset_key, name='attrKey', value='attrValue'))
Add a Risk to an Asset
Note that an asset_key is required in order to link an attribute. This value can be built by combining #asset# with the DNS and IP Address value.
# Add a risk tied to an asset
hostname = 'hostname.value.here'
ipaddress = '8.8.8.8'
asset_key = f'#asset#{hostname}#{ipaddress}'
status = 'TC'
# Status codes can be: # Status codes can be:
# TI [triage info]
# TL [triage low]
# TM [triage medium]
# TH [triage high]
# TC [triage critical]
vuln = "vuln-risk-id"
proof_of_exploit = "Dump Whatever Content you consider Proof of Exploitation for the Risk here"
comment = 'Any additional comments (or empty string)'
sdk.add('risk', dict(key=asset_key, name=vuln, source='scriptname', status=status, comment=comment))
if proof_of_exploit is not None:
sdk._upload(f'proofs/{hostname}/{vuln}', proof_of_exploit)
The Chariot SDK has much more functionality. Experiment with these actions and discover more with our example script.
If you find a topic that you would like discussed in detail, or need further assistance, please let us know at support@praetorian.com!