passivetotalx 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 489c68db79e0c9e37b37f5ca916e2358c1f04d2639dd4e8d888d6ea02ae97a1e
+  data.tar.gz: e063f27ce5d7a5cac82751ff0450e2f2cc1ce93c362cba864b0496937c5e750e
+SHA512:
+  metadata.gz: 1062e63210b36d9ba6d982063c90ae2bcce52a36639002d3f308e041440ebbf608d733f38f7e722305f179cce2032ecd895ca33cc1cf3a04075bdbc32c063018
+  data.tar.gz: 43301ec9cf335e863f4f2b4ad3decfab5e28c900d69cadf54dfdd937e804b5884f46a09ebb7e157a5e0962afc29c5355f46f305e6197e35bfa8dc57a7ed25bc3

data/.gitignore

@@ -0,0 +1,52 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# Used by dotenv library to load environment variables.
+.env
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+Gemfile.lock
+.ruby-version
+.ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.6
+before_install: gem install bundler -v 2.0.2

data/Gemfile

@@ -0,0 +1,4 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in passivetotal.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Manabu Niseki
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,46 @@
+# passivetotalx
+
+[![Build Status](https://travis-ci.com/ninoseki/passivetotal.svg?branch=master)](https://travis-ci.com/ninoseki/passivetotal)
+[![Coverage Status](https://coveralls.io/repos/github/ninoseki/passivetotal/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/passivetotal?branch=master)
+[![CodeFactor](https://www.codefactor.io/repository/github/ninoseki/passivetotal/badge)](https://www.codefactor.io/repository/github/ninoseki/passivetotal)
+
+Yet another [PassiveTotal](https://community.riskiq.com/) API wrapper for Ruby.
+
+## Why I created this
+
+There is an official PassiveTotal API wrapper for Ruby.
+
+- [chrislee35/passivetotal](https://github.com/chrislee35/passivetotal)
+
+But I don't like that in several reasons.
+
+- A lack of proxy support.
+- Not well structured (IMHO).
+- Not tested with Ruby >= 2.6.
+
+## Installation
+
+```bash
+gem install passivetotalx
+```
+
+## Usage
+
+```ruby
+require "passivetotal"
+
+# when given nothing, it tries to load your usernamem & API key via ENV["PASSIVETOTAL_USERNAME"] and ENV["PASSIVETOTAL_API_KEY"]
+api = PassiveTotal::API.new
+# or you can set them manually
+api = PassiveTotal::API.new(username: "USERNAME", api_key: "API_KEY")
+
+query =  "passivetotal.org"
+
+api.dns.passive(query)
+api.dns.passive_unique(query)
+api.dns.search(query)
+```
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "passivetotal"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/passivetotal.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require "passivetotal/version"
+
+require "passivetotal/clients/base"
+
+require "passivetotal/clients/account"
+require "passivetotal/clients/action"
+require "passivetotal/clients/artifact"
+require "passivetotal/clients/base"
+require "passivetotal/clients/dns"
+require "passivetotal/clients/enrichment"
+require "passivetotal/clients/host"
+require "passivetotal/clients/monitor"
+require "passivetotal/clients/project"
+require "passivetotal/clients/ssl"
+require "passivetotal/clients/tag"
+require "passivetotal/clients/tracker"
+require "passivetotal/clients/whois"
+require "passivetotal/clients/host"
+
+require "passivetotal/api"
+
+module PassiveTotal
+  class Error < StandardError; end
+end

data/lib/passivetotal/api.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+module PassiveTotal
+  class API
+    attr_reader :username
+    attr_reader :api_key
+
+    def initialize(username: ENV["PASSIVETOTAL_USERNAME"], api_key: ENV["PASSIVETOTAL_API_KEY"])
+      @username = username
+      raise ArgumentError, "No usernamme has been found or provided!" unless @username
+
+      @api_key = api_key
+      raise ArgumentError, "No api key has been found or provided!" unless @api_key
+    end
+
+    def account
+      @account ||= Client::Account.new(username: username, api_key: api_key)
+    end
+
+    def action
+      @action ||= Client::Action.new(username: username, api_key: api_key)
+    end
+
+    def artifact
+      @artifact ||= Client::Artifact.new(username: username, api_key: api_key)
+    end
+
+    def base
+      @base ||= Client::Base.new(username: username, api_key: api_key)
+    end
+
+    def dns
+      @dns ||= Client::DNS.new(username: username, api_key: api_key)
+    end
+
+    def enrichment
+      @enrichment ||= Client::Enrichment.new(username: username, api_key: api_key)
+    end
+
+    def host
+      @host ||= Client::Host.new(username: username, api_key: api_key)
+    end
+
+    def monitor
+      @monitor ||= Client::Monitor.new(username: username, api_key: api_key)
+    end
+
+    def project
+      @project ||= Client::Project.new(username: username, api_key: api_key)
+    end
+
+    def ssl
+      @ssl ||= Client::SSL.new(username: username, api_key: api_key)
+    end
+
+    def tag
+      @tag ||= Client::Tag.new(username: username, api_key: api_key)
+    end
+
+    def tracker
+      @tracker ||= Client::Tracker.new(username: username, api_key: api_key)
+    end
+
+    def whois
+      @whois ||= Client::WHOIS.new(username: username, api_key: api_key)
+    end
+  end
+end

data/lib/passivetotal/clients/account.rb

@@ -0,0 +1,121 @@
+# frozen_string_literal: true
+
+module PassiveTotal
+  module Client
+    class Account < Base
+      #
+      # Read current account metadata and settings.
+      # http://api.passivetotal.org/api/docs/#api-Account-GetV2Account
+      #
+      #
+      # @return [Hash]
+      #
+      def get
+        _get("/account") { |json| json }
+      end
+
+      #
+      # Read API usage history of the account.
+      # http://api.passivetotal.org/api/docs/#api-Account-GetV2AccountHistory
+      #
+      # @param [String, nil] source history type (api/ui), defaults to both
+      #
+      # @return [Hash]
+      #
+      def history(source = nil)
+        params = {
+          source: source
+        }.compact
+
+        _get("/account/history", params) { |json| json }
+      end
+
+      #
+      # Get active monitors
+      # http://api.passivetotal.org/api/docs/#api-Account-GetV2AccountMonitors
+      #
+      #
+      # @return [Hash]
+      #
+      def monitors
+        _get("/account/monitors") { |json| json }
+      end
+
+      #
+      # Read current organization metadata
+      # http://api.passivetotal.org/api/docs/#api-Account-GetV2AccountOrganization
+      #
+      #
+      # @return [Hash]
+      #
+      def organization
+        _get("/account/organization") { |json| json }
+      end
+
+      #
+      # Read current account and organization quotas.
+      # http://api.passivetotal.org/api/docs/#api-Account-GetV2AccountQuotas
+      #
+      #
+      # @return [Hash]
+      #
+      def quotas
+        _get("/account/quotas") { |json| json }
+      end
+
+      #
+      # Check sources being used for queries.
+      # http://api.passivetotal.org/api/docs/#api-Account-GetV2AccountSources
+      #
+      # @param [String, nil] source the source to filter on
+      #
+      # @return [Hash]
+      #
+      def sources(source: nil)
+        params = {
+          source: source
+        }.compact
+
+        _get("/account/sources", params) { |json| json }
+      end
+
+      #
+      # Read team activity.
+      # http://api.passivetotal.org/api/docs/#api-Account-GetV2AccountOrganizationTeamstream
+      #
+      # @param [String, nil] source filter to this source
+      # @param [String, nil] dt filter to this datetime
+      # @param [String, nil] type filter by type field
+      # @param [String, nil] focus filter by focus (domain, ip, etc)
+      #
+      # @return [Hash]
+      #
+      def teamstream(source: nil, dt: nil, type: nil, focus: nil)
+        params = {
+          source: source,
+          dt: dt,
+          type: type,
+          focus: focus,
+        }.compact
+
+        _get("/account/organization/teamstream", params) { |json| json }
+      end
+
+      #
+      # Retrieve items with the specified classification.
+      # http://api.passivetotal.org/api/docs/#api-Account-GetV2AccountClassifications
+      #
+      # @param [String] classification classification for which to retrieve items for
+      #
+      # @return [Hash]
+      #
+      def classifications(classification)
+        params = {
+          classification: classification
+        }.compact
+
+        _get("/account/classifications", params) { |json| json }
+      end
+    end
+  end
+end

data/lib/passivetotal/clients/action.rb

@@ -0,0 +1,279 @@
+# frozen_string_literal: true
+
+module PassiveTotal
+  module Client
+    class Action < Base
+      #
+      # Adds tags to a given artifact.
+      # http://api.passivetotal.org/api/docs/#api-Actions-PostV2ActionsTags
+      #
+      # @param [String] query artifact for which to add tags
+      # @param [Array<String>] tags tags to add to artifact
+      #
+      # @return [Hash]
+      #
+      def add_tags(query:, tags:)
+        params = {
+          query: query,
+          tags: tags,
+        }.compact
+
+        _post("/actions/tags", params) { |json| json }
+      end
+
+      #
+      # Removes tags from an artifact.
+      # http://api.passivetotal.org/api/docs/#api-Actions-DeleteV2ActionsTags
+      #
+      # @param [String] query artifact from which to remove tags
+      # @param [Array<String>] tags tags to remove from artifact
+      #
+      # @return [Hash]
+      #
+      def delete_tags(query:, tags:)
+        params = {
+          query: query,
+          tags: tags,
+        }.compact
+
+        _delete("/actions/tags", params) { |json| json }
+      end
+
+      #
+      # Retrieve classification statuses for given domains.
+      # http://api.passivetotal.org/api/docs/#api-Actions-GetV2ActionsBulkClassification
+      #
+      # @param [Array<String>] query domains for which to retrieve classification statuses
+      #
+      # @return [Hash]
+      #
+      def bulk_classification(*query)
+        params = {
+          query: query,
+        }.compact
+
+        _get("/actions/bulk/classification", params) { |json| json }
+      end
+
+      #
+      # Retrieve classification status for a given domain.
+      # http://api.passivetotal.org/api/docs/#api-Actions-GetV2ActionsClassification
+      #
+      # @param [String] query domain for which to retrieve classification status
+      #
+      # @return [Hash]
+      #
+      def classification(query)
+        params = {
+          query: query,
+        }.compact
+
+        _get("/actions/classification", params) { |json| json }
+      end
+
+      #
+      # Indicates whether or not a given domain has ever been compromised.
+      # http://api.passivetotal.org/api/docs/#api-Actions-GetV2ActionsEverCompromised
+      #
+      # @param [String] query domain to check for compromised status
+      #
+      # @return [Hash]
+      #
+      def ever_compromised(query)
+        params = {
+          query: query,
+        }.compact
+
+        _get("/actions/ever-compromised", params) { |json| json }
+      end
+
+      #
+      # Indicates whether or not a domain's DNS records are updated via dynamic DNS.
+      # http://api.passivetotal.org/api/docs/#api-Actions-GetV2ActionsDynamicDns
+      #
+      # @param [String] query domain for which to retrieve dynamic DNS status
+      #
+      # @return [Hash]
+      #
+      def dynamic_dns(query)
+        params = {
+          query: query,
+        }.compact
+
+        _get("/actions/dynamic-dns", params) { |json| json }
+      end
+
+      #
+      # Indicates whether or not a domain is monitored.
+      # http://api.passivetotal.org/api/docs/#api-Actions-GetV2ActionsMonitor
+      #
+      # @param [String] query domain for which to check for monitoring
+      #
+      # @return [Hash]
+      #
+      def monitor(query)
+        params = {
+          query: query,
+        }.compact
+
+        _get("/actions/monitor", params) { |json| json }
+      end
+
+      #
+      # Indicates whether or not an IP address is a sinkhole.
+      # http://api.passivetotal.org/api/docs/#api-Actions-GetV2ActionsSinkhole
+      #
+      # @param [String] query IP address to check for sinkhole status
+      #
+      # @return [Hash]
+      #
+      def sinkhole(query)
+        params = {
+          query: query,
+        }.compact
+
+        _get("/actions/sinkhole", params) { |json| json }
+      end
+
+      #
+      # Retrieves tags for a given artifact.
+      # http://api.passivetotal.org/api/docs/#api-Actions-GetV2ActionsTags
+      #
+      # @param [String] query artifact for which to retrieve tags
+      #
+      # @return [Hash]
+      #
+      def tags(query)
+        params = {
+          query: query,
+        }.compact
+
+        _get("/actions/tags", params) { |json| json }
+      end
+
+      #
+      # Retrieve artifacts for a given tag.
+      # http://api.passivetotal.org/api/docs/#api-Actions-GetV2ActionsTagsSearch
+      #
+      # @param [String] query tag for which to retrieve artifacts
+      #
+      # @return [Hash]
+      #
+      def search_by_tags(query)
+        params = {
+          query: query,
+        }.compact
+
+        _get("/actions/tags/search", params) { |json| json }
+      end
+
+      #
+      # Set classification statuses for given domains.
+      # http://api.passivetotal.org/api/docs/#api-Actions-PostV2ActionsBulkClassification
+      #
+      # @param [Arra<String>] queries domain for which to set classification status
+      # @param [String] classification classification status to set for domain
+      #
+      # @return [Hash]
+      #
+      def set_bulk_classification(queries:, classification:)
+        params = {
+          queries: queries,
+          classification: classification,
+        }.compact
+
+        _post("/actions/bulk/classification", params) { |json| json }
+      end
+
+      #
+      # Sets the classification status for a given domain.
+      # https://api.passivetotal.org/api/docs/#api-Actions-PostV2ActionsClassification
+      #
+      # @param [String] query domain for which to set classification status
+      # @param [String] classification classification status to set for domain
+      #
+      # @return [Hash]
+      #
+      def set_classification(query:, classification:)
+        params = {
+          query: query,
+          classification: classification,
+        }.compact
+
+        _post("/actions/classification", params) { |json| json }
+      end
+
+      #
+      # Sets status for a domain to indicate if it has ever been compromised.
+      # http://api.passivetotal.org/api/docs/#api-Actions-PostV2ActionsEverCompromised
+      #
+      # @param [String] query domain for which to set compromised status
+      # @param [Boolean] status if the domain has ever been compromised
+      #
+      # @return [Hash]
+      #
+      def set_ever_compromised(query:, status:)
+        params = {
+          query: query,
+          status: status,
+        }.compact
+
+        _post("/actions/ever-compromised", params) { |json| json }
+      end
+
+      #
+      # Sets a domain's status to indicate whether or not its DNS records are updated via dynamic DNS.
+      # http://api.passivetotal.org/api/docs/#api-Actions-PostV2ActionsDynamicDns
+      #
+      # @param [String] query domain for which to set dynamic DNS status
+      # @param [Boolean] status if the domain's DNS records are updated via dynamic DNS
+      #
+      # @return [Hash]
+      #
+      def set_dynamic_dns(query:, status:)
+        params = {
+          query: query,
+          status: status,
+        }.compact
+
+        _post("/actions/dynamic-dns", params) { |json| json }
+      end
+
+      #
+      # Sets status for an IP address to indicate whether or not it is a sinkhole.
+      # http://api.passivetotal.org/api/docs/#api-Actions-PostV2ActionsSinkhole
+      #
+      # @param [String] query IP address for which to set sinkhole status
+      # @param [Boolean] status if the IP address is a sinkhole
+      #
+      # @return [Hash]
+      #
+      def set_sinkhole(query:, status:)
+        params = {
+          query: query,
+          status: status,
+        }.compact
+
+        _post("/actions/sinkhole", params) { |json| json }
+      end
+
+      #
+      # Sets the tags for a given artifact.
+      # http://api.passivetotal.org/api/docs/#api-Actions-PutV2ActionsTags
+      #
+      # @param [String] query artifact for which to set tags
+      # @param [Array<String>] tags tags to set for artifact
+      #
+      # @return [Hash]
+      #
+      def set_tags(query:, tags:)
+        params = {
+          query: query,
+          tags: tags,
+        }.compact
+
+        _put("/actions/tags", params) { |json| json }
+      end
+    end
+  end
+end