ps-banshee 1.1.0__tar.gz

ps_banshee-1.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 RecordedFuture-ProfessionalServices
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

ps_banshee-1.1.0/PKG-INFO

@@ -0,0 +1,146 @@
+Metadata-Version: 2.4
+Name: ps-banshee
+Version: 1.1.0
+Summary: PS Banshee is a command line tool used to access Recorded Future Intelligence. PS Banshee is designed to get you working quickly with Recorded Future.
+Author-email: Moise Medici <moise.medici@recordedfuture.com>, Ernest Bartosevic <ernest.bartosevic@recordedfuture.com>
+Keywords: API,Recorded Future,Cyber Security Engineering,Threat Intelligence,command line tool,CLI,ioc enrichment
+Requires-Python: <3.14,>=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: typer<0.16.0
+Requires-Dist: pyshark==0.6
+Requires-Dist: polars~=1.34.0
+Requires-Dist: psengine~=2.4.0
+Provides-Extra: dev
+Requires-Dist: build==1.0.3; extra == "dev"
+Requires-Dist: ruff~=0.11.0; extra == "dev"
+Requires-Dist: pytest==8.3.4; extra == "dev"
+Requires-Dist: pytest-vcr==1.0.2; extra == "dev"
+Requires-Dist: pytest-cov==6.0.0; extra == "dev"
+Requires-Dist: pytest-mock==3.14.0; extra == "dev"
+Requires-Dist: urllib3<2.3.0; extra == "dev"
+Requires-Dist: mimesis>=12.1.0; extra == "dev"
+Provides-Extra: docs
+Requires-Dist: ruff~=0.11.0; extra == "docs"
+Requires-Dist: mike~=2.1.3; extra == "docs"
+Requires-Dist: mkdocs~=1.6.1; extra == "docs"
+Requires-Dist: mkdocs-material~=9.6.18; extra == "docs"
+Requires-Dist: mkdocstrings[python]>=0.18; extra == "docs"
+Requires-Dist: griffe-typingdoc~=0.2.8; extra == "docs"
+Dynamic: license-file
+
+# PS Banshee
+
+PS Banshee is a command-line interface (CLI) tool designed to provide quick and efficient access to Recorded Future Intelligence. Built for security professionals, PS Banshee helps streamline investigations and automate common security operations tasks.
+
+![Welcome](docs/img/welcome.gif)
+
+---
+
+## Table of Contents
+
+- [Features](#features)
+- [Installation](#installation)
+- [Usage](#usage)
+- [Development Environment Setup](#development-environment-setup)
+- [Documentation](#documentation)
+- [Support](#support)
+
+---
+
+## Key Features
+
+- IOC lookup and search
+- Packet capture (pcap) analysis
+- Recorded Future Alert search, lookup, and update
+- Recorded Future Detection Rules (YARA, Snort, Sigma) search and download
+- Recorded Future Entity search and lookup
+- Recorded Future List & Watch List management
+- Recorded Future Playbook Alert search, lookup, and update
+- Recorded Future Risk List download, and creation
+
+## Installation
+
+PS Banshee is available on PyPI and can be installed using `pip` or `pipx`.
+
+!!! tip "PS Banshee requires Python 3.9 or later (up to 3.13)."
+
+### Recommended: pipx (isolated environment)
+To install globally, run:
+
+```bash
+pipx install ps-banshee
+```
+
+
+!!! info "Installing pipx"
+    If you don't have pipx installed, see the [installation guide](https://github.com/pypa/pipx?tab=readme-ov-file#install-pipx).
+
+
+### Alternative: pip (current environment)
+To install in the current environment, run:
+```bash
+pip install ps-banshee
+```
+
+### Dependencies
+
+`pipx` will automatically resolve all Python dependencies.  
+If you want to use the `pcap` command, you will also need:
+
+- tshark 3.0.0 or later
+
+### Command Auto Completion
+
+After installing PS Banshee, you can enable command auto completion:
+
+```bash
+banshee --install-completion
+```
+
+Restart your shell to complete the installation. You can now use TAB to auto-complete commands.
+
+## Usage
+
+To see the list of available commands, run:
+
+```bash
+banshee -h
+```
+
+### Authorization
+
+PS Banshee requires a Recorded Future API key, which can be provided as the `-k` or `--api-key` argument, or set as the `RF_TOKEN` environment variable.
+
+```bash
+banshee -k <RF_TOKEN> <command> <sub-command> <arguments>
+```
+
+### Proxies
+
+If you are behind a proxy, set the `HTTP_PROXY` and `HTTPS_PROXY` environment variables.
+
+To disable SSL verification, use the `-s` flag:
+
+```bash
+banshee -s ca rules
+```
+
+### Command Help
+
+All commands support the `--help` (`-h`) option:
+
+```bash
+banshee -h
+banshee ca --help
+banshee ioc lookup --help
+banshee list bulk-add -h
+```
+
+## Support
+
+Submit a [support request](https://support.recordedfuture.com/hc/en-us/requests/new) for help alternatively reach out to [support@recordedfuture.com](mailto:support@recordedfuture.com).
+
+---
+
+**PS Banshee is developed and maintained by the Recorded Future Professional Services Cyber Security Engineers  🚀**

ps_banshee-1.1.0/README.md

@@ -0,0 +1,115 @@
+# PS Banshee
+
+PS Banshee is a command-line interface (CLI) tool designed to provide quick and efficient access to Recorded Future Intelligence. Built for security professionals, PS Banshee helps streamline investigations and automate common security operations tasks.
+
+![Welcome](docs/img/welcome.gif)
+
+---
+
+## Table of Contents
+
+- [Features](#features)
+- [Installation](#installation)
+- [Usage](#usage)
+- [Development Environment Setup](#development-environment-setup)
+- [Documentation](#documentation)
+- [Support](#support)
+
+---
+
+## Key Features
+
+- IOC lookup and search
+- Packet capture (pcap) analysis
+- Recorded Future Alert search, lookup, and update
+- Recorded Future Detection Rules (YARA, Snort, Sigma) search and download
+- Recorded Future Entity search and lookup
+- Recorded Future List & Watch List management
+- Recorded Future Playbook Alert search, lookup, and update
+- Recorded Future Risk List download, and creation
+
+## Installation
+
+PS Banshee is available on PyPI and can be installed using `pip` or `pipx`.
+
+!!! tip "PS Banshee requires Python 3.9 or later (up to 3.13)."
+
+### Recommended: pipx (isolated environment)
+To install globally, run:
+
+```bash
+pipx install ps-banshee
+```
+
+
+!!! info "Installing pipx"
+    If you don't have pipx installed, see the [installation guide](https://github.com/pypa/pipx?tab=readme-ov-file#install-pipx).
+
+
+### Alternative: pip (current environment)
+To install in the current environment, run:
+```bash
+pip install ps-banshee
+```
+
+### Dependencies
+
+`pipx` will automatically resolve all Python dependencies.  
+If you want to use the `pcap` command, you will also need:
+
+- tshark 3.0.0 or later
+
+### Command Auto Completion
+
+After installing PS Banshee, you can enable command auto completion:
+
+```bash
+banshee --install-completion
+```
+
+Restart your shell to complete the installation. You can now use TAB to auto-complete commands.
+
+## Usage
+
+To see the list of available commands, run:
+
+```bash
+banshee -h
+```
+
+### Authorization
+
+PS Banshee requires a Recorded Future API key, which can be provided as the `-k` or `--api-key` argument, or set as the `RF_TOKEN` environment variable.
+
+```bash
+banshee -k <RF_TOKEN> <command> <sub-command> <arguments>
+```
+
+### Proxies
+
+If you are behind a proxy, set the `HTTP_PROXY` and `HTTPS_PROXY` environment variables.
+
+To disable SSL verification, use the `-s` flag:
+
+```bash
+banshee -s ca rules
+```
+
+### Command Help
+
+All commands support the `--help` (`-h`) option:
+
+```bash
+banshee -h
+banshee ca --help
+banshee ioc lookup --help
+banshee list bulk-add -h
+```
+
+## Support
+
+Submit a [support request](https://support.recordedfuture.com/hc/en-us/requests/new) for help alternatively reach out to [support@recordedfuture.com](mailto:support@recordedfuture.com).
+
+---
+
+**PS Banshee is developed and maintained by the Recorded Future Professional Services Cyber Security Engineers  🚀**

ps_banshee-1.1.0/banshee/__init__.py

@@ -0,0 +1,16 @@
+##################################### TERMS OF USE ###########################################
+# The following code is provided for demonstration purpose only, and should not be used      #
+# without independent verification. Recorded Future makes no representations or warranties,  #
+# express, implied, statutory, or otherwise, regarding any aspect of this code or of the     #
+# information it may retrieve, and provides it both strictly “as-is” and without assuming    #
+# responsibility for any information it may retrieve. Recorded Future shall not be liable    #
+# for, and you assume all risk of using, the foregoing. By using this code, Customer         #
+# represents that it is solely responsible for having all necessary licenses, permissions,   #
+# rights, and/or consents to connect to third party APIs, and that it is solely responsible  #
+# for having all necessary licenses, permissions, rights, and/or consents to any data        #
+# accessed from any third party API.                                                         #
+##############################################################################################
+
+"""Base package for PS Banshee."""
+
+from ._version import __version__ as version

ps_banshee-1.1.0/banshee/_version.py

@@ -0,0 +1,15 @@
+#################################### TERMS OF USE ###########################################
+# The following code is provided for demonstration purpose only, and should not be used      #
+# without independent verification. Recorded Future makes no representations or warranties,  #
+# express, implied, statutory, or otherwise, regarding any aspect of this code or of the     #
+# information it may retrieve, and provides it both strictly “as-is” and without assuming    #
+# responsibility for any information it may retrieve. Recorded Future shall not be liable    #
+# for, and you assume all risk of using, the foregoing. By using this code, Customer         #
+# represents that it is solely responsible for having all necessary licenses, permissions,   #
+# rights, and/or consents to connect to third party APIs, and that it is solely responsible  #
+# for having all necessary licenses, permissions, rights, and/or consents to any data        #
+# accessed from any third party API.                                                         #
+##############################################################################################
+from importlib.metadata import version
+
+__version__ = version('ps-banshee')

ps_banshee-1.1.0/banshee/app_config.py

@@ -0,0 +1,40 @@
+#################################### TERMS OF USE ###########################################
+# The following code is provided for demonstration purpose only, and should not be used      #
+# without independent verification. Recorded Future makes no representations or warranties,  #
+# express, implied, statutory, or otherwise, regarding any aspect of this code or of the     #
+# information it may retrieve, and provides it both strictly “as-is” and without assuming    #
+# responsibility for any information it may retrieve. Recorded Future shall not be liable    #
+# for, and you assume all risk of using, the foregoing. By using this code, Customer         #
+# represents that it is solely responsible for having all necessary licenses, permissions,   #
+# rights, and/or consents to connect to third party APIs, and that it is solely responsible  #
+# for having all necessary licenses, permissions, rights, and/or consents to any data        #
+# accessed from any third party API.                                                         #
+##############################################################################################
+
+
+from psengine.config import Config
+from pydantic import ValidationError
+
+from ._version import __version__
+from .commands.errors import InitConfigError
+
+
+def config_init(cmd: str, rf_token: str = None, no_ssl_verify: bool = False) -> Config:
+    """Global configuration for the CLI.
+
+    Args:
+        cmd (str): The command name + sub command, used to generate the app_id,
+            typically will be the name one of the banshee commands,
+            confor example: 'ca-search', or 'entity-lookup'.
+        rf_token (str, optional): The Recorded Future API token.
+        no_ssl_verify (bool, optional): Disable SSL verification.
+    """
+    # invert no_ssl_verify
+    ssl_verify = not no_ssl_verify
+    app_id = f'banshee_{cmd}/{__version__}'
+    try:
+        Config.init(rf_token=rf_token, app_id=app_id, client_ssl_verify=ssl_verify)
+    except ValidationError as e:
+        if 'rf_token' in e.errors()[0]['loc']:
+            raise InitConfigError('Invalid Recorded Future API key')  # noqa: B904
+        raise InitConfigError(e.errors()[0]['msg'])  # noqa: B904

ps_banshee-1.1.0/banshee/branding.py

@@ -0,0 +1,36 @@
+#################################### TERMS OF USE ###########################################
+# The following code is provided for demonstration purpose only, and should not be used      #
+# without independent verification. Recorded Future makes no representations or warranties,  #
+# express, implied, statutory, or otherwise, regarding any aspect of this code or of the     #
+# information it may retrieve, and provides it both strictly “as-is” and without assuming    #
+# responsibility for any information it may retrieve. Recorded Future shall not be liable    #
+# for, and you assume all risk of using, the foregoing. By using this code, Customer         #
+# represents that it is solely responsible for having all necessary licenses, permissions,   #
+# rights, and/or consents to connect to third party APIs, and that it is solely responsible  #
+# for having all necessary licenses, permissions, rights, and/or consents to any data        #
+# accessed from any third party API.                                                         #
+##############################################################################################
+
+
+from typer import Typer
+
+BRANDING = ':rocket: \033[93mBrought to you by the Cyber Security Engineers at Recorded Future\033[0m :rocket:'  # noqa: E501
+
+
+def banshee_cmd(app: Typer, help_: str, epilog: str, *args, **kwargs):
+    """Main decorator create banshee commands.
+    Under the hood, it adds branding to the help text of the command.
+
+
+    Args:
+        app (Typer): The Typer app instance
+        help_ (str): The help text for the command
+        epilog (str): The epilog text for the command
+        *args: Additional arguments to pass to the command
+        **kwargs: Additional keyword arguments to pass to the command
+
+    Returns:
+        Typer: The updated Typer app instance
+    """
+    help_ += f'\n\n{BRANDING}'
+    return app.command(help=help_, epilog=epilog, *args, **kwargs)  # noqa: B026

ps_banshee-1.1.0/banshee/commands/__init__.py

@@ -0,0 +1,12 @@
+##################################### TERMS OF USE ###########################################
+# The following code is provided for demonstration purpose only, and should not be used      #
+# without independent verification. Recorded Future makes no representations or warranties,  #
+# express, implied, statutory, or otherwise, regarding any aspect of this code or of the     #
+# information it may retrieve, and provides it both strictly “as-is” and without assuming    #
+# responsibility for any information it may retrieve. Recorded Future shall not be liable    #
+# for, and you assume all risk of using, the foregoing. By using this code, Customer         #
+# represents that it is solely responsible for having all necessary licenses, permissions,   #
+# rights, and/or consents to connect to third party APIs, and that it is solely responsible  #
+# for having all necessary licenses, permissions, rights, and/or consents to any data        #
+# accessed from any third party API.                                                         #
+##############################################################################################

ps_banshee-1.1.0/banshee/commands/args.py

@@ -0,0 +1,44 @@
+##################################### TERMS OF USE ###########################################
+# The following code is provided for demonstration purpose only, and should not be used      #
+# without independent verification. Recorded Future makes no representations or warranties,  #
+# express, implied, statutory, or otherwise, regarding any aspect of this code or of the     #
+# information it may retrieve, and provides it both strictly “as-is” and without assuming    #
+# responsibility for any information it may retrieve. Recorded Future shall not be liable    #
+# for, and you assume all risk of using, the foregoing. By using this code, Customer         #
+# represents that it is solely responsible for having all necessary licenses, permissions,   #
+# rights, and/or consents to connect to third party APIs, and that it is solely responsible  #
+# for having all necessary licenses, permissions, rights, and/or consents to any data        #
+# accessed from any third party API.                                                         #
+##############################################################################################
+
+from typing import Annotated, Optional
+
+from typer import Option
+
+################################
+# Global options / arguments
+################################
+
+# How to use: api_key: RF_API_KEY = None
+OPT_RF_API_KEY = Annotated[
+    Optional[str],
+    Option(
+        '--api-key', '-k', help='Recorded Future API Key', envvar='RF_TOKEN', show_default=False
+    ),
+]
+
+# How to use: pretty: PRETTY_PRINT = False
+OPT_PRETTY_PRINT = Annotated[
+    bool, Option('--pretty', '-p', help='Pretty print the results in a human readable format')
+]
+
+
+OPT_NO_SSL_VERIFY = Annotated[
+    Optional[bool],
+    Option(
+        '--no-ssl-verify',
+        '-s',
+        help="""Disable SSL Verification. Useful when using proxies. To
+            utilize a proxy set the environment variable HTTP_PROXY or HTTPS_PROXY.""",
+    ),
+]

ps_banshee-1.1.0/banshee/commands/cmd_classic_alerts.py

@@ -0,0 +1,175 @@
+##################################### TERMS OF USE ###########################################
+# The following code is provided for demonstration purpose only, and should not be used      #
+# without independent verification. Recorded Future makes no representations or warranties,  #
+# express, implied, statutory, or otherwise, regarding any aspect of this code or of the     #
+# information it may retrieve, and provides it both strictly “as-is” and without assuming    #
+# responsibility for any information it may retrieve. Recorded Future shall not be liable    #
+# for, and you assume all risk of using, the foregoing. By using this code, Customer         #
+# represents that it is solely responsible for having all necessary licenses, permissions,   #
+# rights, and/or consents to connect to third party APIs, and that it is solely responsible  #
+# for having all necessary licenses, permissions, rights, and/or consents to any data        #
+# accessed from any third party API.                                                         #
+##############################################################################################
+
+import re
+import sys
+from typing import Annotated
+
+from typer import Argument, BadParameter, Option, Typer
+
+from ..branding import banshee_cmd
+from ..legacy_alerts.alert_lookup import lookup_alert
+from ..legacy_alerts.alert_search import search_alerts
+from ..legacy_alerts.alert_update import update_alerts
+from ..legacy_alerts.constants import AlertStatus
+from ..legacy_alerts.rules_search import search_alert_rules
+from .args import OPT_PRETTY_PRINT
+from .epilogs import (
+    EPILOG_ALERT_LOOKUP,
+    EPILOG_ALERT_RULES_SEARCH,
+    EPILOG_ALERT_SEARCH,
+    EPILOG_ALERT_UPDATE,
+)
+
+CMD_NAME = 'ca'
+CMD_HELP = 'Search and lookup Classic Alerts'
+CMD_RICH_HELP = 'Recorded Future Classic Alerts'
+
+app = Typer(no_args_is_help=True)
+
+ALERT_ID_INVALID_MSG = "Alert ID '{}' is not valid. Alert ID should be at least 6 characters long."  # noqa: E501
+
+###################################
+# Callbacks
+###################################
+
+
+def validate_alert_id(alert_id: str):
+    # if value is less than 6 char long
+    if len(alert_id) < 6:
+        raise BadParameter(ALERT_ID_INVALID_MSG.format(alert_id))
+
+    return alert_id
+
+
+def parse_alert_ids_input(value: list[str]):
+    if not value:
+        raise BadParameter('No Alert IDs supplied')
+
+    alert_ids = value
+    if isinstance(value, str):
+        alert_ids = [x for x in re.split(r'[\s]+', value) if x]
+
+        if not len(alert_ids):
+            raise BadParameter('No Alert IDs provided')
+
+    # Now check that each ID is valid
+    for alert_id in alert_ids:
+        validate_alert_id(alert_id)
+
+    return alert_ids
+
+
+def parse_triggered(value: str):
+    if not value.startswith('[') and not value.startswith('('):
+        value = f'-{value.strip()}'
+
+    return value
+
+
+###################################
+# Commands
+###################################
+
+
+@banshee_cmd(app=app, help_='Lookup a single Classic Alert', epilog=EPILOG_ALERT_LOOKUP)
+def lookup(
+    alert_id: Annotated[
+        str, Argument(help='Alert ID to lookup', callback=validate_alert_id, show_default=False)
+    ],
+    pretty: OPT_PRETTY_PRINT = False,
+):
+    lookup_alert(id_=alert_id, pretty=pretty)
+
+
+@banshee_cmd(app=app, help_='Search for Classic Alerts', epilog=EPILOG_ALERT_SEARCH)
+def search(
+    triggered: Annotated[
+        str,
+        Option(
+            '--triggered',
+            '-t',
+            callback=parse_triggered,
+            help='Filter on triggered time, e.g. 1d; 12h; [2024-08-01, 2024-08-14]; [2024-09-23 12:03:58.000, 2024-09-23 12:03:58.567)',  # noqa: E501
+            show_default=True,
+        ),
+    ] = '1d',
+    alert_rules: Annotated[
+        list[str],
+        Option('--rule', '-r', help='Filter by an alert rule name (freetext)', show_default=False),
+    ] = None,
+    status: Annotated[
+        AlertStatus, Option('-s', '--status', help='Filter by alert status', show_default=False)
+    ] = None,
+    pretty: OPT_PRETTY_PRINT = False,
+):
+    search_alerts(
+        triggered=triggered,
+        alert_rules=alert_rules,
+        status=status,
+        pretty=pretty,
+    )
+
+
+@banshee_cmd(app=app, help_='Search Classic Alert rules', epilog=EPILOG_ALERT_RULES_SEARCH)
+def rules(
+    freetext: Annotated[str, Argument(help='Freetext to search in alert rules')] = None,
+    pretty: OPT_PRETTY_PRINT = False,
+):
+    search_alert_rules(pretty=pretty, freetext=freetext)
+
+
+@banshee_cmd(app=app, help_='Update a classic alert', epilog=EPILOG_ALERT_UPDATE)
+def update(
+    alert_ids: list[str] = Argument(  # noqa: B008
+        ... if sys.stdin.isatty() else None,  # noqa: B008
+        show_default=False,
+        help='One or more whitespace separated Alert ID',
+    ),
+    status: Annotated[
+        AlertStatus, Option('-s', '--status', help='New alert status', show_default=False)
+    ] = None,
+    note: Annotated[str, Option('-n', '--note', help='Add a text note', show_default=False)] = None,
+    note_append: Annotated[
+        bool,
+        Option(
+            '-A',
+            '--append',
+            help='Append to the existing text note, instead of overwriting it.',
+            show_default=True,
+        ),
+    ] = False,
+    assignee: Annotated[
+        str,
+        Option(
+            '--assignee',
+            '-a',
+            help='New user to assign the alert(s) to. Accepts uhash or email address of the user, for example: uhash:3aXZxdkM12; analyst@acme.com',  # noqa: E501
+            show_default=False,
+        ),
+    ] = None,
+):
+    if alert_ids is None:
+        alert_ids = sys.stdin.read()
+
+    parsed_ids = parse_alert_ids_input(alert_ids)
+
+    if status is None and note is None and assignee is None:
+        raise BadParameter('At least one of --status, --note or --assignee must be privded.')
+
+    if note_append and note is None:
+        raise BadParameter('note argument must be provided when append option is set')
+
+    update_alerts(
+        alert_ids=parsed_ids, status=status, note=note, note_append=note_append, assignee=assignee
+    )

ps_banshee-1.1.0/banshee/commands/cmd_entity.py

@@ -0,0 +1,54 @@
+##################################### TERMS OF USE ###########################################
+# The following code is provided for demonstration purpose only, and should not be used      #
+# without independent verification. Recorded Future makes no representations or warranties,  #
+# express, implied, statutory, or otherwise, regarding any aspect of this code or of the     #
+# information it may retrieve, and provides it both strictly “as-is” and without assuming    #
+# responsibility for any information it may retrieve. Recorded Future shall not be liable    #
+# for, and you assume all risk of using, the foregoing. By using this code, Customer         #
+# represents that it is solely responsible for having all necessary licenses, permissions,   #
+# rights, and/or consents to connect to third party APIs, and that it is solely responsible  #
+# for having all necessary licenses, permissions, rights, and/or consents to any data        #
+# accessed from any third party API.                                                         #
+##############################################################################################
+
+from typing import Annotated
+
+from typer import Argument, Option, Typer
+
+from ..branding import banshee_cmd
+from ..entity_match import EntityType, entity_lookup, entity_search
+from .args import OPT_PRETTY_PRINT
+from .epilogs import EPILOG_ENTITY_LOOKUP, EPILOG_ENTITY_SEARCH
+
+CMD_NAME = 'entity'
+CMD_HELP = 'Search and lookup entities'
+CMD_RICH_HELP = 'Entity Match'
+
+app = Typer(no_args_is_help=True)
+
+
+@banshee_cmd(app=app, help_='Lookup an entity by its ID', epilog=EPILOG_ENTITY_LOOKUP)
+def lookup(
+    entity_id: str = Argument(show_default=False, help='ID of the entity to lookup'),
+    pretty: OPT_PRETTY_PRINT = False,
+):
+    entity_lookup(entity_id=entity_id, pretty=pretty)
+
+
+@banshee_cmd(
+    app=app, help_='Search entities by name and optically by type', epilog=EPILOG_ENTITY_SEARCH
+)
+def search(
+    name: str = Argument(show_default=False, help='Name of the entity to search for'),
+    type_: Annotated[
+        list[EntityType],
+        Option(
+            '-t', '--type', help='One or more type of the entity to search for', show_default=False
+        ),
+    ] = None,
+    limit: Annotated[
+        int, Option('-l', '--limit', help='Limit number of results', min=1, max=100)
+    ] = 100,
+    pretty: OPT_PRETTY_PRINT = False,
+):
+    entity_search(name=name, type_=type_, limit=limit, pretty=pretty)