Using as Python library¶
Below a few examples of how to use apiosintDS in your code.
#!/usr/bin/env python3
from apiosintDS import apiosintDS
try:
OSINTCHECK = apiosintDS.request(
entities=['192.168.1.54',
'0a2d170abbf5031566377b01431e3b82d3426301',
'somehost.ext',
'http://www.example.com/malicious.exe'],
stix=True
cache=True,
cachedirectory="/tmp",
verbose=True)
print(OSINTCHECK) # print dict results
except ValueError as e:
print(e) # some error
Module contents¶
- apiosintDS.request(entities=list, stix=False, cache=False, cachedirectory=None, clearcache=False, cachetimeout=False, verbose=False, loglevel='DEBUG', logconsole=True, logfile=False, localdirectory=False, *args, **kwargs)¶
Uniq method to query the service. Return a dict
that can be validated against the json schema returned by the apiosintDS.schema()
method.
Parameters¶
- entities¶
List of entities to be submitted. One per row.
- Type:
list
- Default:
None
- Allowed:
[IPv4|domain|url|hash(['md5', 'sha1', 'sha256'])]
- stix¶
Dowload and parse additional information from online STIX report.
- Type:
boolean
- Default:
False
Note
STIX2 reports may be not available due to data retention policy.
- cache¶
Enable cache mode. Downloaded lists will be stored and won’t be downloaded untile the cache timeout is reached.
- Type:
boolean
- Default:
False
- cachedirectory¶
The cache directory where the script check for cached lists files and where them will be stored on cache creation or update.
- Type:
string
- Default:
System tmp directory
- Example:
/path/to/cachedir
Note
Must be specified the same every script run unless your are using the system temp directory.
- clearcache¶
Force the script to download updated lists even if the
cachetimeout
period has not yet been reached.- Type:
boolean
- Default:
False
Note
Must be used in combination with
cache
- cachetimeout¶
Define the cache timeout in hours.
- Type:
integer
- Default:
4
Note
0
is allowed but means no timeout. Default value is4
hours. This option needs to be used in combination withcache
option configured to True.
- verbose¶
Include unmatched results in report.
- Type:
boolean
- Default:
False
- loglevel¶
Define the log level.
- Type:
enum
- Default:
DEBUG
- Allowed:
[DEBUG|INFO|WARNING|ERROR|CRITICAL]
- logconsole¶
Suppress log messages to the console’s
STDOUT
.- Type:
boolean
- Default:
True
- logfile¶
Define the log file path.
- Type:
string
- Default:
False
- Example:
/path/to/logfile.log
Note
No log file is created by default.
STDOUT
is used instead.
- localdirectory¶
Absolute path to the ‘Threat-Intel’ directory related to a local project clone. Searches are performed against local data.
- Type:
string
- Default:
False
- Example:
/path/to/git/clone/Threat-Intel/
Note
Before using this option, clone the GitHub project in a file system where the library has read permissions. Don’t forget to use –depth=1 and –branch=master options if you don’t want to download all project commits.
$ cd /path/to/git/clone/ $ git clone --depth=1 --branch=master https://github.com/davidonzo/Threat-Intel.git
When this option is in use, all cache related options are ignored. To update data in your local repository destroy the existing data and clone it again.
$ cd /path/to/git/clone/ $ rm -rf Threat-Intel/ $ git clone --depth=1 --branch=master https://github.com/davidonzo/Threat-Intel.git
- apiosintDS.schema()¶
Return an object containing the json
schema.