/
README.Rmd
92 lines (74 loc) · 4.02 KB
/
README.Rmd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
---
output: rmarkdown::github_document
---
`passivetotal` is an R package to interface with the [PassiveTotal API](https://api.passivetotal.org/api/docs/)
This has BREAKNG CHANGES since it now only works with version 2 of the API.
You should set `PASSIVETOTAL_USER` & `PASSIVETOTAL_API_KEY` in `.Renviron` or you'll either be prompted for them or will need to pass them to each function manually.
NOTE that all the API functions are wrapped with `memoise::meomoise`, meaning that
they cache results. Use the `forget` function to clear the cache for any given
function.
The following functions are implemented:
- `account_history`: Get history associated with your account.
- `account_info`: Get account details your account.
- `account_notifications`: Get notifications that have been posted to your account.
- `account_organization`: Get details about the organization your account is associated with.
- `account_sources`: Get source details for a specific source.
- `account_teamstream`: Get the teamstream for the organization your account is associated with.
- `is_compromised`: Get the status of an observable
- `is_dynamic`: Get the status of an observable
- `is_fqdn`: Validate that a string looks like a fully qualified domain name
- `is_ipv4`: Validate that a string is an IPv4 address
- `is_monitored`: Get the status of an observable
- `is_sinkhole`: Get the status of an observable
- `passive_auth`: Get or set `PASSIVETOTAL_USER` & `PASSIVETOTAL_API_KEY` values
- `passive_classification`: Get the status of a classification domain
- `passive_dns`: Get passive DNS data
- `passive_enrich`: Enrich the given query with metadata
- `passive_host`: Get detailed information about a host
- `passive_malware`: Get malware data
- `passive_osint`: Get opensource intelligence data
- `passive_ssl_certificate`: Get the SSL certificate associated with the SHA-1.
- `passive_ssl_history`: Get the SSL certificate history associated with an IP address or SHA-1
- `passive_ssl_search`: Get the SSL certificate associated with the SHA-1.
- `passive_status`: Get the status of an observable
- `passive_subdomains`: Get subdomains using a wildcard query
- `passive_tags`: Get the tags for a query value
- `passive_tag_search`: Search for items based on tag value
- `passive_tracker`: Get all tracking codes for a domain or IP address.
- `passive_tracker_search`: Get hosts matching a specific tracker ID
- `passive_unique`: Get unique resolutions from passive DNS data
- `passive_whois`: Get WHOIS data for a domain or IP address
- `passive_whois_search`: Get WHOIS records based on field matching queries.
### Installation
```{r eval=FALSE}
devtools::install_github("hrbrmstr/passivetotal")
```
```{r message=FALSE, eval=FALSE}
library(passivetotal)
library(dplyr)
library(jsonlite)
is_fqdn("rud.is")
is_ipv4("10.10.10.10")
toJSON(passive_classification("passivetotal.org"), pretty=TRUE)
tbl_df(passive_dns("passivetotal.org")$results)
toJSON(passive_subdomains("*.passivetotal.org"), pretty=TRUE)
toJSON(passive_unique("passivetotal.org"), pretty=TRUE)
passive_host("passivetotal.org")
passive_malware("xxxmobiletubez.com")
passive_osint("xxxmobiletubez.com")
toJSON(passive_enrich("passivetotal.org"), pretty=TRUE)
toJSON(passive_ssl_certificate("e9a6647d6aba52dc47b3838c920c9ee59bad7034"), pretty=TRUE)
toJSON(passive_ssl_history("52.8.228.23"), pretty=TRUE)
toJSON(passive_ssl_search(query="www.passivetotal.org", field="subjectCommonName"), pretty=TRUE)
passive_status("passivetotal.org", "compromised")
passive_status("passivetotal.org", "dynamic")
passive_status("passivetotal.org", "monitor")
passive_status("52.8.228.23", "sinkhole")
passive_status("52.8.228.23", "s")
passive_tracker_search(query="UA-61048133", type="GoogleAnalyticsAccountNumber")
passive_tracker("passivetotal.org")
toJSON(passive_whois("passivetotal.org"), pretty=TRUE)
passive_whois_search(query="domains@riskiq.com", field="email")
```
### Code of Conduct
Please note that this project is released with a [Contributor Code of Conduct](CONDUCT.md). By participating in this project you agree to abide by its terms.