Giters

google / grr

GRR Rapid Response: remote live forensics for incident response

Home Page:https://grr-doc.readthedocs.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Python Client Behaviour

rukisec opened this issue · comments

commented

Hey guys, i played around with the python api and created a script to start a memory dump flow for my client. The flow was created, but now everytime i call the InitHttp function, another memory dump flow is created for this client.

Here is my code:


fromgrr_api_client import api
grrapi = api.InitHttp(api_endpoint="http://localhost:8000",
                      auth=("*", "*"))
search_result = grrapi.SearchClients()
for client in search_result:
  client_id = client.client_id
  client_obj = grrapi.Client(client_id)
  flow_args = grrapi.types.CreateFlowArgs("DumpProcessMemory")
  flow_args.dump_all_processes = True
  client_obj.CreateFlow(name="DumpProcessMemory", args=flow_args)

Is this normal behaviour?

commented

Calling InitHttp should not re-execute old flows or a DumpProcessMemory flow specifically.

The code you pasted specifically creates a DumpProcessMemory flow. Try running only the first three lines, what happens then?

from grr_api_client import api
grrapi = api.InitHttp(api_endpoint="http://localhost:8000",
                      auth=("*", "*"))
print(list(grrapi.SearchClients()))