-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtest.py
More file actions
106 lines (79 loc) · 3.03 KB
/
test.py
File metadata and controls
106 lines (79 loc) · 3.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
import os
from datetime import date, timedelta
from pprint import pprint
from rstapi import ioclookup, noisecontrol, reporthub, threatfeed, whoisapi
USER_APIKEY = "REPLACE_ME"
# # # # # # # # # # # # # #
# --- RST Threat Feed --- #
# # # # # # # # # # # # # #
print("\n--- RST Threat Feed ---\n")
# args: APIKEY,APIURL
rst_threatfeed = threatfeed(APIKEY=USER_APIKEY)
# args: ioctype, filetype="csv|json", compressed=True|False,
# fdate="latest|yyyymmdd", path="path_to_your_output_file"
print("Downloading...")
file = rst_threatfeed.GetFeed(ioctype="url", filetype="csv")
pprint(file)
if "status" in file and file["status"] == "ok":
print(f"File {file['message']} downloaded.")
os.remove(file["message"])
print(f"File {file['message']} removed.")
# # # # # # # # # # # # # #
# --- RST IoC Lookup --- #
# # # # # # # # # # # # # #
print("\n--- RST IoC Lookup ---\n")
# args: APIKEY,APIURL
rst_ioclookup = ioclookup(APIKEY=USER_APIKEY)
# args: ioc_value
pprint(rst_ioclookup.GetIndicator("7eb800559bfa2c1980b0cc711cec120b"))
# args: ioc_value, description
pprint(rst_ioclookup.SubmitIndicator("1.1.1.1", "detected by sandbox"))
pprint(rst_ioclookup.SubmitFalsePositive("1.1.1.1", "cdn address"))
# # # # # # # # # # # # # #
# --- RST Noise Control --- #
# # # # # # # # # # # # # #
print("\n--- RST Noise Control ---\n")
# args: APIKEY,APIURL
rst_noisecontrol = noisecontrol(APIKEY=USER_APIKEY)
# args: ioc_value
pprint(rst_noisecontrol.ValueLookup("1.1.1.1"))
# args: ioc_type, list of entries
data = "google.com\nmicrosoft.com\ntest.com"
ioc_type = "domain"
token = rst_noisecontrol.BatchLookup(ioctype=ioc_type, data=data)
pprint(token)
# args: ioctype, token, attempts=5, timeout=1
result = rst_noisecontrol.BatchResult(ioctype=ioc_type, token=token, attempts=2)
pprint(result)
# # # # # # # # # # # # # #
# --- RST Report Hub --- #
# # # # # # # # # # # # # #
# args: APIKEY,APIURL
print("\n--- RST Report Hub ---\n")
# args: APIKEY,APIURL
rst_reporthub = reporthub(APIKEY=USER_APIKEY)
# args: a string date in format yyyymmdd
startDate = (date.today() - timedelta(days=1)).strftime("%Y%m%d")
report_digest = rst_reporthub.GetReports(startDate)
print(len(report_digest))
if len(report_digest) > 0:
# args: ID of a report, path to the output file
report_pdf = rst_reporthub.GetReportPDF(reportid=report_digest[0]["id"])
print(report_pdf)
os.remove(report_pdf["message"])
# args: ID of a report, lang=eng
report_json = rst_reporthub.GetReportJSON(reportid=report_digest[0]["id"])
print(report_json["id"])
# 20231220_malwarebytes_com_report_0x7ea0f65
# args: ID of a report, lang=eng
report_stix = rst_reporthub.GetReportSTIX(reportid=report_digest[0]["id"])
print(report_stix["id"])
# bundle--f462f3db-52f7-417c-9527-089381ba4d69
# # # # # # # # # # # # # #
# --- RST Whois API --- #
# # # # # # # # # # # # # #
# args: APIKEY,APIURL
print("\n--- RST Whois API ---\n")
rst_whois = whoisapi(APIKEY=USER_APIKEY)
# args: any domain name, raw=True|False
pprint(rst_whois.GetDomainInfo(domain="domain.com", raw=False))