Usage via command line (CLI)

~$ apiosintDS [-h] [-e [IPv4|domain|url|hash]] [-f /path/to/file.txt] [-st]
              [-o /path/to/output.json] [-p] [-nc] [-v] [-c] [-cd /path/to/cachedir]
              [-ct [0-9]] [-cc] [-ld /path/to/git/clone/Threat-Intel/]
              [-l /path/to/logfile.log]  [-ll [DEBUG|INFO|WARNING|ERROR|CRITICAL]]
              [-lc] [-i] [-s] [-vv]

Command line options

-h, --help

Show the help and exit.

Type:

boolean

Default:

False

-e, --entity

Single item to search. Supported entities are IPv4/FQDN/URLs or file hashes in MD5, SHA1 or SHA256 format.

Type:

string

Default:

None

Allowed:

[IPv4|domain|url|hash(['md5', 'sha1', 'sha256'])]

Note

It can’t be used in combination with the --file option.

-f, --file

Path to file containing entities to search. Supported entities are IPv4/FQDN/URLs and file hashes (MD5, SHA1, SHA256). Insert one item per row.

Type:

string

Default:

None

Example:

/path/to/file.txt

Note

It can’t be used in combination with the --entity option.

-st, --stix

Dowload and parse additional information from online STIX report.

Type:

boolean

Default:

False

Note

STIX2 reports may be not available due to data retention policy.

-o, --output

Path to output file. If not specified the output will be redirect to the system STDOUT.

Type:

string

Default:

STDOUT

Example:

/path/to/output.json

Note

It can’t be used in combination with the --pretty option.

-p, --pretty

Show results in terminal with a little bit of formatting applied.

Type:

boolean

Default:

False

Note

Default output format is JSON. Data displayed in pretty view does not cover all informations included in the JSON response format.

-nc, --nocolor

Suppers colors in –pretty output. For accessibility purpose.

Type:

boolean

Default:

False

-v, --verbose

Include unmatched results in report.

Type:

boolean

Default:

False

-c, --cache

Enable cache mode. Downloaded lists will be stored and won’t be downloaded untile the cache timeout is reached.

Type:

boolean

Default:

False

-cd, --cachedirectory

The cache directory where the script check for cached lists files and where them will be stored on cache creation or update.

Type:

string

Default:

System tmp directory

Example:

/path/to/cachedir

Note

Must be specified the same every script run unless your are using the system temp directory.

-ct, --cachetimeout

Define the cache timeout in hours.

Type:

integer

Default:

4

Note

0 is allowed but means no timeout. Default value is 4 hours. This option needs to be used in combination with --cache option configured to True.

-cc, --clearcache

Force the script to download updated lists even if the --cachetimeout period has not yet been reached.

Type:

boolean

Default:

False

Note

Must be used in combination with --cache

-ld, --localdirectory

Absolute path to the ‘Threat-Intel’ directory related to a local project clone. Searches are performed against local data.

Type:

string

Default:

False

Example:

/path/to/git/clone/Threat-Intel/

Note

Before using this option, clone the GitHub project in a file system where the library has read permissions. Don’t forget to use --depth=1 and --branch=master options if you don’t want to download all project commits.

$ cd /path/to/git/clone/
$ git clone --depth=1 --branch=master https://github.com/davidonzo/Threat-Intel.git

When this option is in use, all cache related options are ignored. To update data in your local repository destroy the existing data and clone it again.

$ cd /path/to/git/clone/
$ rm -rf Threat-Intel/
$ git clone --depth=1 --branch=master https://github.com/davidonzo/Threat-Intel.git

-l, --logfile

Define the log file path.

Type:

string

Default:

NONE

Example:

/path/to/logfile.log

Note

No log file is created by default. STDOUT is used instead.

-ll, --loglevel

Define the log level.

Type:

enum

Default:

DEBUG

Allowed:

[DEBUG|INFO|WARNING|ERROR|CRITICAL]

-lc, --logconsole

Suppress log messages to the console’s STDOUT.

Type:

boolean

Default:

False

-i, --info

Print information about the library.

Type:

boolean

Default:

False

-s, --schema

Display the response json schema.

Type:

boolean

Default:

False

-vv, --version

Show the library version.

Type:

boolean

Default:

False