passivetotal 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +7 -1
- data/lib/passivetotal/api.rb +11 -1
- data/lib/passivetotal/cli.rb +5 -0
- data/lib/passivetotal/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3a5c4295b8d9ad1670b868891fe25e1bdefd0b49
|
|
4
|
+
data.tar.gz: 1900ed9a136ea09cf7756f7119a4a59338ddc729
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7aa3c8d247c8388b3f7b0c46b88cacc10110af9418b59937e850c6442db1990ee16f6a02fdcee9d561e37af989164a01aacb9205c12d7c4a3df0bd371c3ad74a
|
|
7
|
+
data.tar.gz: 06de2d45b2f0ad06af9ec828ec5029fe75900635084124ab0d5d069b16e5edb9b07435b073ac4b1753a8e2045943df9fedd3359fb1c677dd40ba94866ee10602
|
data/README.md
CHANGED
|
@@ -41,11 +41,13 @@ Included in the gem is a command-line tool, passivetotal, with the following usa
|
|
|
41
41
|
-H <ip or hash> Queries for SSL certificate history associated with a given IP or SHA-1 hash
|
|
42
42
|
-T <ip or dom> Queries for Tracker information associated with a given IP or domain
|
|
43
43
|
-o <ip or dom> Queries for OSINT on a given IP or domain
|
|
44
|
+
-M <ip or dom> Queries for Malware sample records for a given IP or domain
|
|
44
45
|
SETTING VALUES -i <value> Sets the value, used in conjuntion with -c, -t, -e, -w, -d, or -x
|
|
45
46
|
Valid values for -i depend on what it's used with:
|
|
46
47
|
-c : malicious, non-malicious, suspicious, unknown
|
|
47
48
|
-t : <a tag name consisting of characters: [a-zA-Z_]>
|
|
48
49
|
-e, -w, -d, -x: true, false
|
|
50
|
+
|
|
49
51
|
## Usage
|
|
50
52
|
|
|
51
53
|
# Initialize the API wrapper with an apikey (using the default endpoint URL of https://api.passivetotal.org/v2/)
|
|
@@ -61,7 +63,7 @@ Included in the gem is a command-line tool, passivetotal, with the following usa
|
|
|
61
63
|
# query passive DNS results for the ipv4 address, 107.170.89.121
|
|
62
64
|
res << @pt.passive('107.170.89.121')
|
|
63
65
|
# query for subdomains of passivetotal.org
|
|
64
|
-
|
|
66
|
+
res << @pt.subdomains('*.passivetotal.org')
|
|
65
67
|
# query for unique IPv4 resolutions of passivetotal.org
|
|
66
68
|
res << @pt.unique('passivetotal.org')
|
|
67
69
|
# query for the classification of www.passivetotal.org
|
|
@@ -98,6 +100,10 @@ Included in the gem is a command-line tool, passivetotal, with the following usa
|
|
|
98
100
|
res << @pt.ssl_certificate_history('e9a6647d6aba52dc47b3838c920c9ee59bad7034')
|
|
99
101
|
# retrieve certificate history from IPv4 address of 52.8.228.23
|
|
100
102
|
res << @pt.ssl_certificate_history('52.8.228.23')
|
|
103
|
+
# query for malware sample records by the domain "noorno.com"
|
|
104
|
+
res << @pt.malware("noorno.com")
|
|
105
|
+
# query for malware sample records by the ip addres 98.124.243.47
|
|
106
|
+
res << @pt.malware("98.124.243.47")
|
|
101
107
|
# dump all this glorious information to feast your eyes upon
|
|
102
108
|
pp res
|
|
103
109
|
|
data/lib/passivetotal/api.rb
CHANGED
|
@@ -330,7 +330,17 @@ module PassiveTotal # :nodoc:
|
|
|
330
330
|
get('trackers/search', {'query' => query, 'type' => type})
|
|
331
331
|
end
|
|
332
332
|
end
|
|
333
|
-
|
|
333
|
+
|
|
334
|
+
# malware: get sample information based from domain
|
|
335
|
+
# query: ip or domain
|
|
336
|
+
def malware(query)
|
|
337
|
+
is_valid_with_error(__method__, [:ipv4, :domain], query)
|
|
338
|
+
if domain?(query)
|
|
339
|
+
query = normalize_domain(query)
|
|
340
|
+
end
|
|
341
|
+
get('enrichment/malware', {'query' => query})
|
|
342
|
+
end
|
|
343
|
+
|
|
334
344
|
private
|
|
335
345
|
|
|
336
346
|
# returns true if the given string is a dotted quad IPv4 address
|
data/lib/passivetotal/cli.rb
CHANGED
|
@@ -35,6 +35,7 @@ module PassiveTotal # :nodoc:
|
|
|
35
35
|
[ '--ssl_history', '-H', GetoptLong::REQUIRED_ARGUMENT ],
|
|
36
36
|
[ '--trackers', '-T', GetoptLong::REQUIRED_ARGUMENT ],
|
|
37
37
|
[ '--osint', '-o', GetoptLong::REQUIRED_ARGUMENT ],
|
|
38
|
+
[ '--malware', '-M', GetoptLong::REQUIRED_ARGUMENT ],
|
|
38
39
|
[ '--set', '-i', GetoptLong::REQUIRED_ARGUMENT ]
|
|
39
40
|
)
|
|
40
41
|
|
|
@@ -96,6 +97,9 @@ module PassiveTotal # :nodoc:
|
|
|
96
97
|
when '--osint'
|
|
97
98
|
options[:method] = :osint
|
|
98
99
|
options[:query] = arg
|
|
100
|
+
when '--malware'
|
|
101
|
+
options[:method] = :malware
|
|
102
|
+
options[:query] = arg
|
|
99
103
|
when '--set'
|
|
100
104
|
options[:set] = arg.dup
|
|
101
105
|
else
|
|
@@ -149,6 +153,7 @@ module PassiveTotal # :nodoc:
|
|
|
149
153
|
help_text << " -H <ip or hash> Queries for SSL certificate history associated with a given IP or SHA-1 hash\n"
|
|
150
154
|
help_text << " -T <ip or dom> Queries for Tracker information associated with a given IP or domain\n"
|
|
151
155
|
help_text << " -o <ip or dom> Queries for OSINT on a given IP or domain\n"
|
|
156
|
+
help_text << " -M <ip or dom> Queries for Malware sample records for a given IP or domain\n"
|
|
152
157
|
help_text << "SETTING VALUES"
|
|
153
158
|
help_text << " -i <value> Sets the value, used in conjuntion with -c, -t, -e, -w, -d, or -x\n"
|
|
154
159
|
help_text << " Valid values for -i depend on what it's used with:\n"
|
data/lib/passivetotal/version.rb
CHANGED