API reference¶
Lookyloo¶
- class pylookyloo.Lookyloo(root_url: str = 'https://lookyloo.circl.lu/', useragent: str | None = None)¶
- compare_captures(capture_left: str, capture_right: str, /, *, compare_settings: CompareSettings | None = None) Dict[str, Any] ¶
Compares two captures
- Parameters:
capture_left – UUID of the capture to compare from
capture_right – UUID of the capture to compare to
compare_settings – The settings for the comparison itself (what to ignore without marking the captures as different)
- enqueue(url: str | None = None, quiet: bool = False, document: Path | BytesIO | None = None, document_name: str | None = None, **kwargs) str ¶
Enqueue an URL.
- Parameters:
url – URL to enqueue
quiet – Returns the UUID only, instead of the whole URL
document – A document to submit to Lookyloo. It can be anything suported by a browser.
document_name – The name of the document (only if you passed a pseudofile).
kwargs – accepts all the parameters supported by Lookyloo.capture
- get_apikey(username: str, password: str) Dict[str, str] ¶
Get the API key for the given user.
- get_capture_stats(tree_uuid: str) Dict[str, Any] ¶
Get statistics of the capture
- get_comparables(tree_uuid: str) Dict[str, Any] ¶
Get comparable information from the capture
- get_complete_capture(capture_uuid: str) BytesIO ¶
Returns a zip files that contains the screenshot, the har, the rendered HTML, and the cookies.
- Parameters:
capture_uuid – UUID of the capture
- get_cookies(capture_uuid: str) List[Dict[str, str]] ¶
Returns the complete cookies jar.
- Parameters:
capture_uuid – UUID of the capture
- get_data(capture_uuid: str) BytesIO ¶
Returns the downloaded data.
- Parameters:
capture_uuid – UUID of the capture
- get_hash_occurrences(h: str) Dict[str, Any] ¶
Returns the base 64 body related the the hash, and a list of all the captures containing that hash.
- Parameters:
h – sha512 to search
- get_hashes(capture_uuid: str, algorithm: str = 'sha512', hashes_only: bool = True) StringIO ¶
Returns all the hashes of all the bodies (including the embedded contents)
- Parameters:
capture_uuid – UUID of the capture
algorithm – The algorithm of the hashes
hashes_only – If False, will also return the URLs related to the hashes
- get_hostname_occurrences(hostname: str, with_urls_occurrences: bool = False, limit: int = 20, cached_captures_only: bool = True) Dict[str, Any] ¶
Returns all the captures contining the hostname. It will be pretty slow on very common domains.
- Parameters:
hostname – Hostname to lookup
with_urls_occurrences – If true, add details about the related URLs.
limit – The max amount of entries to return.
cached_captures_only – If False, Lookyloo will attempt to re-cache the missing captures. It might take some time.
- get_hostnames(capture_uuid: str) Dict[str, Any] ¶
Returns all the hostnames seen during the capture.
- Parameters:
capture_uuid – UUID of the capture
- get_html(capture_uuid: str) StringIO ¶
Returns the rendered HTML as it would be in the browser after the page loaded.
- Parameters:
capture_uuid – UUID of the capture
- get_info(tree_uuid: str) Dict[str, Any] ¶
Get information about the capture (url, timestamp, user agent)
- get_redirects(capture_uuid: str) Dict[str, Any] ¶
Returns the initial redirects.
- Parameters:
capture_uuid – UUID of the capture
- get_screenshot(capture_uuid: str) BytesIO ¶
Returns the screenshot.
- Parameters:
capture_uuid – UUID of the capture
- get_stats() Dict[str, Any] ¶
Returns all the captures contining the URL
- get_status(tree_uuid: str) Dict[str, Any] ¶
Get the status of a capture: * -1: Unknown capture. * 0: The capture is queued up but not processed yet. * 1: The capture is ready. * 2: The capture is ongoing and will be ready soon.
- get_takedown_information(capture_uuid: str) Dict[str, Any] ¶
Returns information required to request a takedown for a capture
- Parameters:
capture_uuid – UUID of the capture
- get_url_occurrences(url: str, limit: int = 20, cached_captures_only: bool = True) Dict[str, Any] ¶
Returns all the captures contining the URL
- Parameters:
url – URL to lookup
limit – The max amount of entries to return.
cached_captures_only – If False, Lookyloo will attempt to re-cache the missing captures. It might take some time.
- get_urls(capture_uuid: str) Dict[str, Any] ¶
Returns all the URLs seen during the capture.
- Parameters:
capture_uuid – UUID of the capture
- hide_capture(tree_uuid: str) Dict ¶
Hide a capture from the index page (requires an authenticated user, use init_apikey first)
- init_apikey(username: str | None = None, password: str | None = None, apikey: str | None = None)¶
Init the API key for the current session. All the requests against lookyloo after this call will be authenticated.
- property is_up: bool¶
Test if the given instance is accessible
- misp_export(tree_uuid: str) Dict ¶
Export the capture in MISP format
- misp_push(tree_uuid: str) Dict | List ¶
Push the capture to a pre-configured MISP instance (requires an authenticated user, use init_apikey first) Note: if the response is a dict, it is an error mesage. If it is a list, it’s a list of MISP event.
- rebuild_capture(tree_uuid: str) Dict ¶
Force rebuild a capture (requires an authenticated user, use init_apikey first)
- submit(*, quiet: bool = False, capture_settings: CaptureSettings | None = None) str ¶
- submit(*, quiet: bool = False, url: str | None = None, document_name: str | None = None, document: Path | BytesIO | None = None, browser: str | None = None, device_name: str | None = None, user_agent: str | None = None, proxy: str | Dict[str, str] | None = None, general_timeout_in_sec: int | None = None, cookies: List[Dict[str, Any]] | None = None, headers: str | Dict[str, str] | None = None, http_credentials: Dict[str, int] | None = None, geolocation: Dict[str, float] | None = None, timezone_id: str | None = None, locale: str | None = None, color_scheme: str | None = None, viewport: Dict[str, int] | None = None, referer: str | None = None, listing: bool | None = None, auto_report: Dict[str, str] | None = None) str
Submit a URL to a lookyloo instance.
- Parameters:
quiet – Returns the UUID only, instead of the whole URL
capture_settings – Settings as a dictionary. It overwrites all other parmeters.
url – URL to capture (incompatible with document and document_name)
document_name – Filename of the document to capture (required if document is used)
document – Document to capture itself (requires a document_name)
browser – The browser to use for the capture, must be something Playwright knows
device_name – The name of the device, must be something Playwright knows
user_agent – The user agent the browser will use for the capture
proxy – SOCKS5 proxy to use for capturing
general_timeout_in_sec – The capture will raise a timeout it it takes more than that time
cookies – A list of cookies
headers – The headers to pass to the capture
http_credentials – HTTP Credentials to pass to the capture
geolocation – The geolocation of the browser latitude/longitude
timezone_id – The timezone, warning, it m ust be a valid timezone (continent/city)
locale – The locale of the browser
color_scheme – The prefered color scheme of the browser (light or dark)
viewport – The viewport of the browser used for capturing
referer – The referer URL for the capture
listing – If False, the capture will be not be on the publicly accessible index page of lookyloo
auto_report –
If set, the capture will automatically be forwarded to an analyst (if the instance is configured this way) Dictionary with two keys:
email (required): the email of the submitter, so the analyst to get in touch
comment (optional): a comment about the capture to help the analyst
- trigger_modules(tree_uuid: str, force: bool = False) Dict ¶
Trigger all the available 3rd party modules on the given capture. :param force: Trigger the modules even if they were already triggered today.