API reference

Lookyloo

class pylookyloo.Lookyloo(root_url: str = 'https://lookyloo.circl.lu/')

enqueue(url: Optional[str] = None, quiet: bool = False, **kwargs) → str

Enqueue an URL.

Parameters:

• url – URL to enqueue

• quiet – Returns the UUID only, instead of the whole URL

• kwargs – accepts all the parameters supported by Lookyloo.scrape

get_apikey(username: str, password: str) → Dict[str, str]

Get the API key for the given user.

get_capture_stats(tree_uuid: str) → Dict[str, Any]

Get statistics of the capture

get_complete_capture(capture_uuid: str) → BytesIO

Returns a zip files that contains the screenshot, the har, the rendered HTML, and the cookies.

Parameters:

capture_uuid – UUID of the capture

get_cookies(capture_uuid: str) → List[Dict[str, str]]

Returns the complete cookies jar.

Parameters:

capture_uuid – UUID of the capture

get_hash_occurrences(h: str) → Dict[str, Any]

Returns the base 64 body related the the hash, and a list of all the captures containing that hash.

Parameters:

h – sha512 to search

get_hashes(capture_uuid: str, algorithm: str = 'sha512', hashes_only: bool = True) → StringIO

Returns all the hashes of all the bodies (including the embedded contents)

Parameters:

• capture_uuid – UUID of the capture

• algorithm – The algorithm of the hashes

• hashes_only – If False, will also return the URLs related to the hashes

get_hostname_occurrences(hostname: str, with_urls_occurrences: bool = False) → Dict[str, Any]

Returns all the captures contining the hostname. It will be pretty slow on very common domains.

Parameters:

• hostname – Hostname to lookup

• with_urls_occurrences – If true, add details about the related URLs.

get_hostnames(capture_uuid: str) → Dict[str, Any]

Returns all the hostnames seen during the capture.

Parameters:

capture_uuid – UUID of the capture

get_html(capture_uuid: str) → StringIO

Returns the rendered HTML as it would be in the browser after the page loaded.

Parameters:

capture_uuid – UUID of the capture

get_info(tree_uuid: str) → Dict[str, Any]

Get information about the capture (url, timestamp, user agent)

get_redirects(capture_uuid: str) → Dict[str, Any]

Returns the initial redirects.

Parameters:

capture_uuid – UUID of the capture

get_screenshot(capture_uuid: str) → BytesIO

Returns the screenshot.

Parameters:

capture_uuid – UUID of the capture

get_stats() → Dict[str, Any]

Returns all the captures contining the URL

get_status(tree_uuid: str) → Dict[str, Any]

Get the status of a capture: * -1: Unknown capture. * 0: The capture is queued up but not processed yet. * 1: The capture is ready. * 2: The capture is ongoing and will be ready soon.

get_url_occurrences(url: str) → Dict[str, Any]

Returns all the captures contining the URL

Parameters:

url – URL to lookup

get_urls(capture_uuid: str) → Dict[str, Any]

Returns all the URLs seen during the capture.

Parameters:

capture_uuid – UUID of the capture

hide_capture(tree_uuid: str) → Dict

Hide a capture from the index page (requires an authenticated user, use init_apikey first)

init_apikey(username: Optional[str] = None, password: Optional[str] = None, apikey: Optional[str] = None)

Init the API key for the current session. All the requests against lookyloo after this call will be authenticated.

property is_up: bool

Test if the given instance is accessible

misp_export(tree_uuid: str) → Dict

Export the capture in MISP format

misp_push(tree_uuid: str) → Union[Dict, List]

Push the capture to a pre-configured MISP instance (requires an authenticated user, use init_apikey first) Note: if the response is a dict, it is an error mesage. If it is a list, it’s a list of MISP event.

rebuild_capture(tree_uuid: str) → Dict

Force rebuild a capture (requires an authenticated user, use init_apikey first)

trigger_modules(tree_uuid: str, force: bool = False) → Dict

Trigger all the available 3rd party modules on the given capture. :param force: Trigger the modules even if they were already triggered today.