passivetotal 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +7 -1
- data/lib/passivetotal/api.rb +11 -1
- data/lib/passivetotal/cli.rb +5 -0
- data/lib/passivetotal/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3a5c4295b8d9ad1670b868891fe25e1bdefd0b49
|
|
4
|
+
data.tar.gz: 1900ed9a136ea09cf7756f7119a4a59338ddc729
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7aa3c8d247c8388b3f7b0c46b88cacc10110af9418b59937e850c6442db1990ee16f6a02fdcee9d561e37af989164a01aacb9205c12d7c4a3df0bd371c3ad74a
|
|
7
|
+
data.tar.gz: 06de2d45b2f0ad06af9ec828ec5029fe75900635084124ab0d5d069b16e5edb9b07435b073ac4b1753a8e2045943df9fedd3359fb1c677dd40ba94866ee10602
|
data/README.md
CHANGED
|
@@ -41,11 +41,13 @@ Included in the gem is a command-line tool, passivetotal, with the following usa
|
|
|
41
41
|
-H <ip or hash> Queries for SSL certificate history associated with a given IP or SHA-1 hash
|
|
42
42
|
-T <ip or dom> Queries for Tracker information associated with a given IP or domain
|
|
43
43
|
-o <ip or dom> Queries for OSINT on a given IP or domain
|
|
44
|
+
-M <ip or dom> Queries for Malware sample records for a given IP or domain
|
|
44
45
|
SETTING VALUES -i <value> Sets the value, used in conjuntion with -c, -t, -e, -w, -d, or -x
|
|
45
46
|
Valid values for -i depend on what it's used with:
|
|
46
47
|
-c : malicious, non-malicious, suspicious, unknown
|
|
47
48
|
-t : <a tag name consisting of characters: [a-zA-Z_]>
|
|
48
49
|
-e, -w, -d, -x: true, false
|
|
50
|
+
|
|
49
51
|
## Usage
|
|
50
52
|
|
|
51
53
|
# Initialize the API wrapper with an apikey (using the default endpoint URL of https://api.passivetotal.org/v2/)
|
|
@@ -61,7 +63,7 @@ Included in the gem is a command-line tool, passivetotal, with the following usa
|
|
|
61
63
|
# query passive DNS results for the ipv4 address, 107.170.89.121
|
|
62
64
|
res << @pt.passive('107.170.89.121')
|
|
63
65
|
# query for subdomains of passivetotal.org
|
|
64
|
-
|
|
66
|
+
res << @pt.subdomains('*.passivetotal.org')
|
|
65
67
|
# query for unique IPv4 resolutions of passivetotal.org
|
|
66
68
|
res << @pt.unique('passivetotal.org')
|
|
67
69
|
# query for the classification of www.passivetotal.org
|
|
@@ -98,6 +100,10 @@ Included in the gem is a command-line tool, passivetotal, with the following usa
|
|
|
98
100
|
res << @pt.ssl_certificate_history('e9a6647d6aba52dc47b3838c920c9ee59bad7034')
|
|
99
101
|
# retrieve certificate history from IPv4 address of 52.8.228.23
|
|
100
102
|
res << @pt.ssl_certificate_history('52.8.228.23')
|
|
103
|
+
# query for malware sample records by the domain "noorno.com"
|
|
104
|
+
res << @pt.malware("noorno.com")
|
|
105
|
+
# query for malware sample records by the ip addres 98.124.243.47
|
|
106
|
+
res << @pt.malware("98.124.243.47")
|
|
101
107
|
# dump all this glorious information to feast your eyes upon
|
|
102
108
|
pp res
|
|
103
109
|
|
data/lib/passivetotal/api.rb
CHANGED
|
@@ -330,7 +330,17 @@ module PassiveTotal # :nodoc:
|
|
|
330
330
|
get('trackers/search', {'query' => query, 'type' => type})
|
|
331
331
|
end
|
|
332
332
|
end
|
|
333
|
-
|
|
333
|
+
|
|
334
|
+
# malware: get sample information based from domain
|
|
335
|
+
# query: ip or domain
|
|
336
|
+
def malware(query)
|
|
337
|
+
is_valid_with_error(__method__, [:ipv4, :domain], query)
|
|
338
|
+
if domain?(query)
|
|
339
|
+
query = normalize_domain(query)
|
|
340
|
+
end
|
|
341
|
+
get('enrichment/malware', {'query' => query})
|
|
342
|
+
end
|
|
343
|
+
|
|
334
344
|
private
|
|
335
345
|
|
|
336
346
|
# returns true if the given string is a dotted quad IPv4 address
|
data/lib/passivetotal/cli.rb
CHANGED
|
@@ -35,6 +35,7 @@ module PassiveTotal # :nodoc:
|
|
|
35
35
|
[ '--ssl_history', '-H', GetoptLong::REQUIRED_ARGUMENT ],
|
|
36
36
|
[ '--trackers', '-T', GetoptLong::REQUIRED_ARGUMENT ],
|
|
37
37
|
[ '--osint', '-o', GetoptLong::REQUIRED_ARGUMENT ],
|
|
38
|
+
[ '--malware', '-M', GetoptLong::REQUIRED_ARGUMENT ],
|
|
38
39
|
[ '--set', '-i', GetoptLong::REQUIRED_ARGUMENT ]
|
|
39
40
|
)
|
|
40
41
|
|
|
@@ -96,6 +97,9 @@ module PassiveTotal # :nodoc:
|
|
|
96
97
|
when '--osint'
|
|
97
98
|
options[:method] = :osint
|
|
98
99
|
options[:query] = arg
|
|
100
|
+
when '--malware'
|
|
101
|
+
options[:method] = :malware
|
|
102
|
+
options[:query] = arg
|
|
99
103
|
when '--set'
|
|
100
104
|
options[:set] = arg.dup
|
|
101
105
|
else
|
|
@@ -149,6 +153,7 @@ module PassiveTotal # :nodoc:
|
|
|
149
153
|
help_text << " -H <ip or hash> Queries for SSL certificate history associated with a given IP or SHA-1 hash\n"
|
|
150
154
|
help_text << " -T <ip or dom> Queries for Tracker information associated with a given IP or domain\n"
|
|
151
155
|
help_text << " -o <ip or dom> Queries for OSINT on a given IP or domain\n"
|
|
156
|
+
help_text << " -M <ip or dom> Queries for Malware sample records for a given IP or domain\n"
|
|
152
157
|
help_text << "SETTING VALUES"
|
|
153
158
|
help_text << " -i <value> Sets the value, used in conjuntion with -c, -t, -e, -w, -d, or -x\n"
|
|
154
159
|
help_text << " Valid values for -i depend on what it's used with:\n"
|
data/lib/passivetotal/version.rb
CHANGED