apiosintDS


NameapiosintDS JSON
Version 2.0.3 PyPI version JSON
download
home_pagehttps://github.com/davidonzo/apiosintDS
SummaryOn demand query API for OSINT.digitalside.it project. You can query for souspicious domains, urls, IPv4 and file hashes.
upload_time2024-05-28 17:12:49
maintainerNone
docs_urlNone
authorDavide Baglieri
requires_python>3.5.2
licenseMIT
keywords apiosintds osint threat-intel ioc security
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # apiosintDS
Latest stable release is **v2.0.3**

**apiosintDS** is a [python client library](https://github.com/davidonzo/apiosintDS) for public *API* lookup service over *OSINT* IoCs stored  at [DigitalSide Threat-Intel](https://osint.digitalside.it) repository. It can be defined a **Service as a Library** tool designed to act both as a standard Python library to be included in your own Python application and as command line tool. Query can be performed against souspicious IPs, domains, urls and file hashes. Data stored has a 7 days retention.

![apiosintDS v2.0.3](https://raw.githubusercontent.com/davidonzo/apiosintDS/master/docs/_static/img/apiosintDS.png)

[DigitalSide Threat-Intel (also on GitHub.com)](https://github.com/davidonzo/Threat-Intel) shares a set of **Open Source Cyber Threat Intellegence** information, monstly based on malware analysis and compromised URLs, IPs and domains. The purpose of the project is to develop and test new wayes to hunt, analyze, collect and share relevants sets of IoCs to be used by SOC/CSIRT/CERT with minimun effort. 

**apiosintDS** is also available as [enrichment MISP Modules](https://misp.github.io/misp-modules/expansion/#apiosintds). Documentation is available on [apiosintDS Read The Docs](https://apiosintds.readthedocs.io/en/latest/userguidemisp.html).

This library has been specially designed for people and organizations don't want to import the whole [DigitalSide Threat-Intel](https://osint.digitalside.it) dataset and prefer to use it as an on demand service.

## Documentation
Complete documentation availables at [apiosintDS.ReadTheDocs.org](https://apiosintds.readthedocs.io/en/latest/)

## Install
### The easy way via pip
```
~# pip3 install apiosintDS
```

### From sources
```
~$ cd /your/path/src/
~$ git clone https://github.com/davidonzo/apiosintDS.git
~$ python3 -m pip install .
```

## Usage
```
usage: apiosintDS [-h] [-e [IPv4|domain|url|hash]] [-f /path/to/file.txt] [-st] [-o /path/to/output.json] [-p] [-nc] [-v] [-c] [-cd /path/to/cachedir] [-ct [0-9]] [-cc]
                  [-ld /path/to/git/clone/Threat-Intel/] [-ll [DEBUG|INFO|WARNING|ERROR|CRITICAL]] [-l /path/to/logfile.log] [-lc] [-i] [-s] [-vv]

apiosintDS v.2.0.3. On demand query API for OSINT.digitalside.it project. You can query for souspicious domains, urls and IPv4.

options:
  -h, --help            show this help message and exit
  -e [IPv4|domain|url|hash], --entity [IPv4|domain|url|hash]
                        Single item to search. Supported entities are IPv4/FQDN/URLs and file hashes in md5, sha1 or sha256. It can't be used in combination with the --file option.
  -f /path/to/file.txt, --file /path/to/file.txt
                        Path to file containing entities to search. Supported entities are IPv4/FQDN/URLs. It can't be used in combination with the --entity option.
  -st, --stix           Dowload and parse additional information from STIX report (if available). Default is False.
  -o /path/to/output.json, --output /path/to/output.json
                        Path to output file (/path/to/output.json). If not specified the output will be redirect to the STDOUT.
  -p, --pretty          Show results in terminal with a little bit of formatting applied. Default is False.
  -nc, --nocolor        Suppers colors in --pretty output. For accessibility purpose.
  -v, --verbose         Include unmatched results in report. Default is False.
  -c, --cache           Enable cache mode. Downloaded lists will be stored a won't be downloaded until the cache timeout period is reached. Default is False.
  -cd /path/to/cachedir, --cachedirectory /path/to/cachedir
                        The cache directory where the script check for cached lists files and where them will be stored on cache creation or update. Must be specified the same every script run unless
                        your are using the system temp directory. Default is '/tmp'
  -ct [0-9], --cachetimeout [0-9]
                        Define the cache timeout in hours. 0 is allowed but means no timeout. Default value is 4 hours. This option needs to be used in combination with --cache option configured to
                        True.
  -cc, --clearcache     Force the script to download updated lists and reports even if the cache timeout has not yet been reached. Default is False. Must be used in combination with --cache.
  -ld /path/to/git/clone/Threat-Intel/, --localdirectory /path/to/git/clone/Threat-Intel/
                        Absolute path to the 'Threat-Intel' directory related to local github repository clone. Searches are performed against local data. Before using this option, clone the GitHub
                        project repository. When this option is in use, all cache related options are ignored. Default is False.
  -ll [DEBUG|INFO|WARNING|ERROR|CRITICAL], --loglevel [DEBUG|INFO|WARNING|ERROR|CRITICAL]
                        Define the log level. Default value is DEBUG.
  -l /path/to/logfile.log, --logfile /path/to/logfile.log
                        Define the log file path. Default value is None. No file log will be created by default.
  -lc, --logconsole     Suppress log messages in the console STDOUT. Default value is False.
  -i, --info            Print information about the library.
  -s, --schema          Display the response json schema.
  -vv, --version        Show the library version.

```

### Basic example
```
$ apiosintDS -e 7cb796c875cccc9233d82854a4e2fdf0
{
    "hash": {
        "items": [
            {
                "item": "7cb796c875cccc9233d82854a4e2fdf0",
                "response": true,
                "response_text": "Item found in latesthashes.json list",
                "hashes": {
                    "md5": "7cb796c875cccc9233d82854a4e2fdf0",
                    "sha1": "158514acfa87d0b99e2af07a28004480bbf66e83",
                    "sha256": "49e64d72d5ed4fb7967da4b6851d94cdceffe4ba0316587767a13901fe580239"
                },
                "online_reports": {
                    "MISP_EVENT": "https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/d6146389-4294-4a41-b4ca-6e74c74b7f8b.json",
                    "MISP_CSV": "https://osint.digitalside.it/Threat-Intel/csv/d6146389-4294-4a41-b4ca-6e74c74b7f8b.csv",
                    "OSINTDS_REPORT": "https://osint.digitalside.it/report/7cb796c875cccc9233d82854a4e2fdf0.html",
                    "STIX": "https://osint.digitalside.it/Threat-Intel/stix2/7cb796c875cccc9233d82854a4e2fdf0.json"
                },
                "related_urls": [
                    "http://185.246.220.60/plugmanzx.exe"
                ]
            }
        ],
        "statistics": {
            "itemsFound": 1,
            "itemsSubmitted": 1
        },
        "list": {
            "file": "latesthashes.json",
            "date": "2023-07-07 08:03:29+02:00",
            "url": "https://raw.githubusercontent.com/davidonzo/Threat-Intel/master/lists/latesthashes.json"
        }
    },
    "generalstatistics": {
        "url": 0,
        "ip": 0,
        "domain": 0,
        "hash": 1,
        "invalid": 0,
        "duplicates": 0,
        "itemsFound": 1,
        "itemsSubmitted": 1,
        "urlfound": 0,
        "ipfound": 0,
        "domainfound": 0,
        "hashfound": 1
    },
    "apiosintDSversion": "apiosintDS v.2.0.3"
}
```

### Example usage: one item using `--pretty`
```
$ apiosintDS -e h[REMOVED]p://193.35.18.147/bins/k.arm -st -p -nc
              _           _       _   ____  ____  
   __ _ _ __ (_) ___  ___(_)_ __ | |_|  _ \/ ___| 
  / _` | '_ \| |/ _ \/ __| | '_ \| __| | | \___ \ 
 | (_| | |_) | | (_) \__ \ | | | | |_| |_| |___) |
  \__,_| .__/|_|\___/|___/_|_| |_|\__|____/|____/ v.2.0.3
       |_|OSINT.DigitalSide.IT Threat-Intel Repository                             

 Submission summary
  -------------------------------------------------------
 | Items parsed: 1 | Items submitted: 1 | Items found: 1 | 
  -------------------------------------------------------
 | Invalid(s):   0 | URL(s):          1 | URL(s):      1 | 
 | Duplicate(s): 0 | Hash(es):        0 | Hash(es):    0 | 
 | Not found:    0 | Domain(s):       0 | Domain(s):   0 | 
 |                 | IP(s):           0 | IP(s):       0 | 
  -------------------------------------------------------
  ----------------------------------------------------------------------------
 | hXXp://193.35.18.147/bins/k.arm                                            | 
  ----------------------------------------------------------------------------
 | TLP:white | First Seen 2023-07-06 07:36:02 | Last Seen 2023-07-06 07:36:02 | 
  ----------------------------------------------------------------------------
 | Filename: k.arm                                                            | 
  ----------------------------------------------------------------------------
 | MD5:    bc152acad73829358847e5f5bbf3edc0                                   | 
 | SHA1:   f2e26e44709ba5a9766c3c00226bdb663ede5957                           | 
 | SHA256: c8b0e1c5fa98bb407fe5bd3f2760b0ec2e5e33db0cee10a0085cac4505ef16cc   | 
  ----------------------------------------------------------------------------
 | Size: 244647 | Type: application/x-executable | Observed: 1 | VT: 34/61    | 
  ----------------------------------------------------------------------------
 | Observation time frame: N/A                                                | 
  ----------------------------------------------------------------------------
 | STIX network indicators: URLs => 1 | Domains => 0 | IPs: 1                 | 
  ----------------------------------------------------------------------------
  Online Reports (availability depends on data retention)
  -> MISP EVENT: https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/f5e313d2-3d64-4d0f-af77-37a925bcd08f.json
  -> MISP CSV:   https://osint.digitalside.it/Threat-Intel/csv/f5e313d2-3d64-4d0f-af77-37a925bcd08f.csv
  -> DS Report:  https://osint.digitalside.it/report/bc152acad73829358847e5f5bbf3edc0.html
  -> STIX:       https://osint.digitalside.it/Threat-Intel/stix2/bc152acad73829358847e5f5bbf3edc0.json
#############################################################################
```

### Multiple items using `--file` with `--pretty` output 

Example file ioc.txt
```
~$ cat ioc.txt 
7cb796c875cccc9233d82854a4e2fdf0
monke.re

```

Response
```
~$ apiosintDS -f ioc.txt -p -nc -st

	      _           _       _   ____  ____  
   __ _ _ __ (_) ___  ___(_)_ __ | |_|  _ \/ ___| 
  / _` | '_ \| |/ _ \/ __| | '_ \| __| | | \___ \ 
 | (_| | |_) | | (_) \__ \ | | | | |_| |_| |___) |
  \__,_| .__/|_|\___/|___/_|_| |_|\__|____/|____/ v.2.0.3
       |_|OSINT.DigitalSide.IT Threat-Intel Repository                             

 Submission summary
  -------------------------------------------------------
 | Items parsed: 2 | Items submitted: 2 | Items found: 2 | 
  -------------------------------------------------------
 | Invalid(s):   0 | URL(s):          0 | URL(s):      0 | 
 | Duplicate(s): 0 | Hash(es):        1 | Hash(es):    1 | 
 | Not found:    0 | Domain(s):       1 | Domain(s):   1 | 
 |                 | IP(s):           0 | IP(s):       0 | 
  -------------------------------------------------------
  ----------------------------------------------------------------------------
 | 7cb796c875cccc9233d82854a4e2fdf0                                           | 
  ----------------------------------------------------------------------------
 | TLP:white | First Seen 2023-07-04 09:33:03 | Last Seen 2023-07-04 09:33:03 | 
  ----------------------------------------------------------------------------
 | Filename: plugmanzx.exe                                                    | 
  ----------------------------------------------------------------------------
 | MD5:    7cb796c875cccc9233d82854a4e2fdf0                                   | 
 | SHA1:   158514acfa87d0b99e2af07a28004480bbf66e83                           | 
 | SHA256: 49e64d72d5ed4fb7967da4b6851d94cdceffe4ba0316587767a13901fe580239   | 
  ----------------------------------------------------------------------------
 | Size: 924672 | Type: application/x-dosexec | Observed: 1 | VT: 32/71       | 
  ----------------------------------------------------------------------------
 | Observation time frame: N/A                                                | 
  ----------------------------------------------------------------------------
 | STIX network indicators: URLs => 1 | Domains => 0 | IPs: 1                 | 
  ----------------------------------------------------------------------------
  Online Reports (availability depends on data retention)
  -> MISP EVENT: https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/d6146389-4294-4a41-b4ca-6e74c74b7f8b.json
  -> MISP CSV:   https://osint.digitalside.it/Threat-Intel/csv/d6146389-4294-4a41-b4ca-6e74c74b7f8b.csv
  -> DS Report:  https://osint.digitalside.it/report/7cb796c875cccc9233d82854a4e2fdf0.html
  -> STIX:       https://osint.digitalside.it/Threat-Intel/stix2/7cb796c875cccc9233d82854a4e2fdf0.json
#############################################################################

  ---------------------------------------------------------------------------
 | monke[.]re - Related URL(s) 2                                              | 
  ---------------------------------------------------------------------------
  ----------------------------------------------------------------------------
 | hXXp://monke.re/arm7                                                       | 
  ----------------------------------------------------------------------------
 | TLP:white | First Seen 2023-07-06 23:51:01 | Last Seen 2023-07-06 23:51:01 | 
  ----------------------------------------------------------------------------
 | Filename: arm7                                                             | 
  ----------------------------------------------------------------------------
 | MD5:    318323c9da34bf25833f7da32eab23d6                                   | 
 | SHA1:   e2bb927b08ebcbaad8f304d02309af776312c9bf                           | 
 | SHA256: bb1f9e108daa389e62b79067d1cdbef548f9934c9cc85a92565da7063cf36f89   | 
  ----------------------------------------------------------------------------
 | Size: 57148 | Type: application/x-executable | Observed: 1 | VT: 14/61     | 
  ----------------------------------------------------------------------------
 | Observation time frame: N/A                                                | 
  ----------------------------------------------------------------------------
 | STIX network indicators: URLs => 1 | Domains => 1 | IPs: 0                 | 
  ----------------------------------------------------------------------------
  Online Reports (availability depends on data retention)
  -> MISP EVENT: https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/f83d06e6-aa2f-452e-a19d-59d40e874355.json
  -> MISP CSV:   https://osint.digitalside.it/Threat-Intel/csv/f83d06e6-aa2f-452e-a19d-59d40e874355.csv
  -> DS Report:  https://osint.digitalside.it/report/318323c9da34bf25833f7da32eab23d6.html
  -> STIX:       https://osint.digitalside.it/Threat-Intel/stix2/318323c9da34bf25833f7da32eab23d6.json
  ----------------------------------------------------------------------------
 | hXXp://monke.re/mips                                                       | 
  ----------------------------------------------------------------------------
 | TLP:white | First Seen 2023-07-07 00:31:02 | Last Seen 2023-07-07 00:31:02 | 
  ----------------------------------------------------------------------------
 | Filename: mips                                                             | 
  ----------------------------------------------------------------------------
 | MD5:    579081f528d9279a87b298b9838c377b                                   | 
 | SHA1:   45048073aad5997881dffe41e32f9b17beb1c2e1                           | 
 | SHA256: 8186a1d140631e6391978c08c35e01efb58963f65a86fddf7dec44eec7681c6b   | 
  ----------------------------------------------------------------------------
 | Size: 48272 | Type: application/x-executable | Observed: 1 | VT: 12/61     | 
  ----------------------------------------------------------------------------
 | Observation time frame: N/A                                                | 
  ----------------------------------------------------------------------------
 | STIX network indicators: URLs => 1 | Domains => 1 | IPs: 0                 | 
  ----------------------------------------------------------------------------
  Online Reports (availability depends on data retention)
  -> MISP EVENT: https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/d01c2ad1-0e2c-4b26-9725-f8a86025bd75.json
  -> MISP CSV:   https://osint.digitalside.it/Threat-Intel/csv/d01c2ad1-0e2c-4b26-9725-f8a86025bd75.csv
  -> DS Report:  https://osint.digitalside.it/report/579081f528d9279a87b298b9838c377b.html
  -> STIX:       https://osint.digitalside.it/Threat-Intel/stix2/579081f528d9279a87b298b9838c377b.json
##################################################################################################################################
```

[Json schema](https://github.com/davidonzo/apiosintDS/blob/master/apiosintDS/schema/schema.json)

## Python 3 requiremet
The script runs using python intepreter at version 3.x. No support will be given to python 2.x.


            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/davidonzo/apiosintDS",
    "name": "apiosintDS",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">3.5.2",
    "maintainer_email": null,
    "keywords": "apiosintDS, OSINT, Threat-Intel, IoC, Security",
    "author": "Davide Baglieri",
    "author_email": "info@digitalside.it",
    "download_url": null,
    "platform": null,
    "description": "# apiosintDS\nLatest stable release is **v2.0.3**\n\n**apiosintDS** is a [python client library](https://github.com/davidonzo/apiosintDS) for public *API* lookup service over *OSINT* IoCs stored  at [DigitalSide Threat-Intel](https://osint.digitalside.it) repository. It can be defined a **Service as a Library** tool designed to act both as a standard Python library to be included in your own Python application and as command line tool. Query can be performed against souspicious IPs, domains, urls and file hashes. Data stored has a 7 days retention.\n\n![apiosintDS v2.0.3](https://raw.githubusercontent.com/davidonzo/apiosintDS/master/docs/_static/img/apiosintDS.png)\n\n[DigitalSide Threat-Intel (also on GitHub.com)](https://github.com/davidonzo/Threat-Intel) shares a set of **Open Source Cyber Threat Intellegence** information, monstly based on malware analysis and compromised URLs, IPs and domains. The purpose of the project is to develop and test new wayes to hunt, analyze, collect and share relevants sets of IoCs to be used by SOC/CSIRT/CERT with minimun effort. \n\n**apiosintDS** is also available as [enrichment MISP Modules](https://misp.github.io/misp-modules/expansion/#apiosintds). Documentation is available on [apiosintDS Read The Docs](https://apiosintds.readthedocs.io/en/latest/userguidemisp.html).\n\nThis library has been specially designed for people and organizations don't want to import the whole [DigitalSide Threat-Intel](https://osint.digitalside.it) dataset and prefer to use it as an on demand service.\n\n## Documentation\nComplete documentation availables at [apiosintDS.ReadTheDocs.org](https://apiosintds.readthedocs.io/en/latest/)\n\n## Install\n### The easy way via pip\n```\n~# pip3 install apiosintDS\n```\n\n### From sources\n```\n~$ cd /your/path/src/\n~$ git clone https://github.com/davidonzo/apiosintDS.git\n~$ python3 -m pip install .\n```\n\n## Usage\n```\nusage: apiosintDS [-h] [-e [IPv4|domain|url|hash]] [-f /path/to/file.txt] [-st] [-o /path/to/output.json] [-p] [-nc] [-v] [-c] [-cd /path/to/cachedir] [-ct [0-9]] [-cc]\n                  [-ld /path/to/git/clone/Threat-Intel/] [-ll [DEBUG|INFO|WARNING|ERROR|CRITICAL]] [-l /path/to/logfile.log] [-lc] [-i] [-s] [-vv]\n\napiosintDS v.2.0.3. On demand query API for OSINT.digitalside.it project. You can query for souspicious domains, urls and IPv4.\n\noptions:\n  -h, --help            show this help message and exit\n  -e [IPv4|domain|url|hash], --entity [IPv4|domain|url|hash]\n                        Single item to search. Supported entities are IPv4/FQDN/URLs and file hashes in md5, sha1 or sha256. It can't be used in combination with the --file option.\n  -f /path/to/file.txt, --file /path/to/file.txt\n                        Path to file containing entities to search. Supported entities are IPv4/FQDN/URLs. It can't be used in combination with the --entity option.\n  -st, --stix           Dowload and parse additional information from STIX report (if available). Default is False.\n  -o /path/to/output.json, --output /path/to/output.json\n                        Path to output file (/path/to/output.json). If not specified the output will be redirect to the STDOUT.\n  -p, --pretty          Show results in terminal with a little bit of formatting applied. Default is False.\n  -nc, --nocolor        Suppers colors in --pretty output. For accessibility purpose.\n  -v, --verbose         Include unmatched results in report. Default is False.\n  -c, --cache           Enable cache mode. Downloaded lists will be stored a won't be downloaded until the cache timeout period is reached. Default is False.\n  -cd /path/to/cachedir, --cachedirectory /path/to/cachedir\n                        The cache directory where the script check for cached lists files and where them will be stored on cache creation or update. Must be specified the same every script run unless\n                        your are using the system temp directory. Default is '/tmp'\n  -ct [0-9], --cachetimeout [0-9]\n                        Define the cache timeout in hours. 0 is allowed but means no timeout. Default value is 4 hours. This option needs to be used in combination with --cache option configured to\n                        True.\n  -cc, --clearcache     Force the script to download updated lists and reports even if the cache timeout has not yet been reached. Default is False. Must be used in combination with --cache.\n  -ld /path/to/git/clone/Threat-Intel/, --localdirectory /path/to/git/clone/Threat-Intel/\n                        Absolute path to the 'Threat-Intel' directory related to local github repository clone. Searches are performed against local data. Before using this option, clone the GitHub\n                        project repository. When this option is in use, all cache related options are ignored. Default is False.\n  -ll [DEBUG|INFO|WARNING|ERROR|CRITICAL], --loglevel [DEBUG|INFO|WARNING|ERROR|CRITICAL]\n                        Define the log level. Default value is DEBUG.\n  -l /path/to/logfile.log, --logfile /path/to/logfile.log\n                        Define the log file path. Default value is None. No file log will be created by default.\n  -lc, --logconsole     Suppress log messages in the console STDOUT. Default value is False.\n  -i, --info            Print information about the library.\n  -s, --schema          Display the response json schema.\n  -vv, --version        Show the library version.\n\n```\n\n### Basic example\n```\n$ apiosintDS -e 7cb796c875cccc9233d82854a4e2fdf0\n{\n    \"hash\": {\n        \"items\": [\n            {\n                \"item\": \"7cb796c875cccc9233d82854a4e2fdf0\",\n                \"response\": true,\n                \"response_text\": \"Item found in latesthashes.json list\",\n                \"hashes\": {\n                    \"md5\": \"7cb796c875cccc9233d82854a4e2fdf0\",\n                    \"sha1\": \"158514acfa87d0b99e2af07a28004480bbf66e83\",\n                    \"sha256\": \"49e64d72d5ed4fb7967da4b6851d94cdceffe4ba0316587767a13901fe580239\"\n                },\n                \"online_reports\": {\n                    \"MISP_EVENT\": \"https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/d6146389-4294-4a41-b4ca-6e74c74b7f8b.json\",\n                    \"MISP_CSV\": \"https://osint.digitalside.it/Threat-Intel/csv/d6146389-4294-4a41-b4ca-6e74c74b7f8b.csv\",\n                    \"OSINTDS_REPORT\": \"https://osint.digitalside.it/report/7cb796c875cccc9233d82854a4e2fdf0.html\",\n                    \"STIX\": \"https://osint.digitalside.it/Threat-Intel/stix2/7cb796c875cccc9233d82854a4e2fdf0.json\"\n                },\n                \"related_urls\": [\n                    \"http://185.246.220.60/plugmanzx.exe\"\n                ]\n            }\n        ],\n        \"statistics\": {\n            \"itemsFound\": 1,\n            \"itemsSubmitted\": 1\n        },\n        \"list\": {\n            \"file\": \"latesthashes.json\",\n            \"date\": \"2023-07-07 08:03:29+02:00\",\n            \"url\": \"https://raw.githubusercontent.com/davidonzo/Threat-Intel/master/lists/latesthashes.json\"\n        }\n    },\n    \"generalstatistics\": {\n        \"url\": 0,\n        \"ip\": 0,\n        \"domain\": 0,\n        \"hash\": 1,\n        \"invalid\": 0,\n        \"duplicates\": 0,\n        \"itemsFound\": 1,\n        \"itemsSubmitted\": 1,\n        \"urlfound\": 0,\n        \"ipfound\": 0,\n        \"domainfound\": 0,\n        \"hashfound\": 1\n    },\n    \"apiosintDSversion\": \"apiosintDS v.2.0.3\"\n}\n```\n\n### Example usage: one item using `--pretty`\n```\n$ apiosintDS -e h[REMOVED]p://193.35.18.147/bins/k.arm -st -p -nc\n              _           _       _   ____  ____  \n   __ _ _ __ (_) ___  ___(_)_ __ | |_|  _ \\/ ___| \n  / _` | '_ \\| |/ _ \\/ __| | '_ \\| __| | | \\___ \\ \n | (_| | |_) | | (_) \\__ \\ | | | | |_| |_| |___) |\n  \\__,_| .__/|_|\\___/|___/_|_| |_|\\__|____/|____/ v.2.0.3\n       |_|OSINT.DigitalSide.IT Threat-Intel Repository                             \n\n Submission summary\n  -------------------------------------------------------\n | Items parsed: 1 | Items submitted: 1 | Items found: 1 | \n  -------------------------------------------------------\n | Invalid(s):   0 | URL(s):          1 | URL(s):      1 | \n | Duplicate(s): 0 | Hash(es):        0 | Hash(es):    0 | \n | Not found:    0 | Domain(s):       0 | Domain(s):   0 | \n |                 | IP(s):           0 | IP(s):       0 | \n  -------------------------------------------------------\n  ----------------------------------------------------------------------------\n | hXXp://193.35.18.147/bins/k.arm                                            | \n  ----------------------------------------------------------------------------\n | TLP:white | First Seen 2023-07-06 07:36:02 | Last Seen 2023-07-06 07:36:02 | \n  ----------------------------------------------------------------------------\n | Filename: k.arm                                                            | \n  ----------------------------------------------------------------------------\n | MD5:    bc152acad73829358847e5f5bbf3edc0                                   | \n | SHA1:   f2e26e44709ba5a9766c3c00226bdb663ede5957                           | \n | SHA256: c8b0e1c5fa98bb407fe5bd3f2760b0ec2e5e33db0cee10a0085cac4505ef16cc   | \n  ----------------------------------------------------------------------------\n | Size: 244647 | Type: application/x-executable | Observed: 1 | VT: 34/61    | \n  ----------------------------------------------------------------------------\n | Observation time frame: N/A                                                | \n  ----------------------------------------------------------------------------\n | STIX network indicators: URLs => 1 | Domains => 0 | IPs: 1                 | \n  ----------------------------------------------------------------------------\n  Online Reports (availability depends on data retention)\n  -> MISP EVENT: https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/f5e313d2-3d64-4d0f-af77-37a925bcd08f.json\n  -> MISP CSV:   https://osint.digitalside.it/Threat-Intel/csv/f5e313d2-3d64-4d0f-af77-37a925bcd08f.csv\n  -> DS Report:  https://osint.digitalside.it/report/bc152acad73829358847e5f5bbf3edc0.html\n  -> STIX:       https://osint.digitalside.it/Threat-Intel/stix2/bc152acad73829358847e5f5bbf3edc0.json\n#############################################################################\n```\n\n### Multiple items using `--file` with `--pretty` output \n\nExample file ioc.txt\n```\n~$ cat ioc.txt \n7cb796c875cccc9233d82854a4e2fdf0\nmonke.re\n\n```\n\nResponse\n```\n~$ apiosintDS -f ioc.txt -p -nc -st\n\n\t      _           _       _   ____  ____  \n   __ _ _ __ (_) ___  ___(_)_ __ | |_|  _ \\/ ___| \n  / _` | '_ \\| |/ _ \\/ __| | '_ \\| __| | | \\___ \\ \n | (_| | |_) | | (_) \\__ \\ | | | | |_| |_| |___) |\n  \\__,_| .__/|_|\\___/|___/_|_| |_|\\__|____/|____/ v.2.0.3\n       |_|OSINT.DigitalSide.IT Threat-Intel Repository                             \n\n Submission summary\n  -------------------------------------------------------\n | Items parsed: 2 | Items submitted: 2 | Items found: 2 | \n  -------------------------------------------------------\n | Invalid(s):   0 | URL(s):          0 | URL(s):      0 | \n | Duplicate(s): 0 | Hash(es):        1 | Hash(es):    1 | \n | Not found:    0 | Domain(s):       1 | Domain(s):   1 | \n |                 | IP(s):           0 | IP(s):       0 | \n  -------------------------------------------------------\n  ----------------------------------------------------------------------------\n | 7cb796c875cccc9233d82854a4e2fdf0                                           | \n  ----------------------------------------------------------------------------\n | TLP:white | First Seen 2023-07-04 09:33:03 | Last Seen 2023-07-04 09:33:03 | \n  ----------------------------------------------------------------------------\n | Filename: plugmanzx.exe                                                    | \n  ----------------------------------------------------------------------------\n | MD5:    7cb796c875cccc9233d82854a4e2fdf0                                   | \n | SHA1:   158514acfa87d0b99e2af07a28004480bbf66e83                           | \n | SHA256: 49e64d72d5ed4fb7967da4b6851d94cdceffe4ba0316587767a13901fe580239   | \n  ----------------------------------------------------------------------------\n | Size: 924672 | Type: application/x-dosexec | Observed: 1 | VT: 32/71       | \n  ----------------------------------------------------------------------------\n | Observation time frame: N/A                                                | \n  ----------------------------------------------------------------------------\n | STIX network indicators: URLs => 1 | Domains => 0 | IPs: 1                 | \n  ----------------------------------------------------------------------------\n  Online Reports (availability depends on data retention)\n  -> MISP EVENT: https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/d6146389-4294-4a41-b4ca-6e74c74b7f8b.json\n  -> MISP CSV:   https://osint.digitalside.it/Threat-Intel/csv/d6146389-4294-4a41-b4ca-6e74c74b7f8b.csv\n  -> DS Report:  https://osint.digitalside.it/report/7cb796c875cccc9233d82854a4e2fdf0.html\n  -> STIX:       https://osint.digitalside.it/Threat-Intel/stix2/7cb796c875cccc9233d82854a4e2fdf0.json\n#############################################################################\n\n  ---------------------------------------------------------------------------\n | monke[.]re - Related URL(s) 2                                              | \n  ---------------------------------------------------------------------------\n  ----------------------------------------------------------------------------\n | hXXp://monke.re/arm7                                                       | \n  ----------------------------------------------------------------------------\n | TLP:white | First Seen 2023-07-06 23:51:01 | Last Seen 2023-07-06 23:51:01 | \n  ----------------------------------------------------------------------------\n | Filename: arm7                                                             | \n  ----------------------------------------------------------------------------\n | MD5:    318323c9da34bf25833f7da32eab23d6                                   | \n | SHA1:   e2bb927b08ebcbaad8f304d02309af776312c9bf                           | \n | SHA256: bb1f9e108daa389e62b79067d1cdbef548f9934c9cc85a92565da7063cf36f89   | \n  ----------------------------------------------------------------------------\n | Size: 57148 | Type: application/x-executable | Observed: 1 | VT: 14/61     | \n  ----------------------------------------------------------------------------\n | Observation time frame: N/A                                                | \n  ----------------------------------------------------------------------------\n | STIX network indicators: URLs => 1 | Domains => 1 | IPs: 0                 | \n  ----------------------------------------------------------------------------\n  Online Reports (availability depends on data retention)\n  -> MISP EVENT: https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/f83d06e6-aa2f-452e-a19d-59d40e874355.json\n  -> MISP CSV:   https://osint.digitalside.it/Threat-Intel/csv/f83d06e6-aa2f-452e-a19d-59d40e874355.csv\n  -> DS Report:  https://osint.digitalside.it/report/318323c9da34bf25833f7da32eab23d6.html\n  -> STIX:       https://osint.digitalside.it/Threat-Intel/stix2/318323c9da34bf25833f7da32eab23d6.json\n  ----------------------------------------------------------------------------\n | hXXp://monke.re/mips                                                       | \n  ----------------------------------------------------------------------------\n | TLP:white | First Seen 2023-07-07 00:31:02 | Last Seen 2023-07-07 00:31:02 | \n  ----------------------------------------------------------------------------\n | Filename: mips                                                             | \n  ----------------------------------------------------------------------------\n | MD5:    579081f528d9279a87b298b9838c377b                                   | \n | SHA1:   45048073aad5997881dffe41e32f9b17beb1c2e1                           | \n | SHA256: 8186a1d140631e6391978c08c35e01efb58963f65a86fddf7dec44eec7681c6b   | \n  ----------------------------------------------------------------------------\n | Size: 48272 | Type: application/x-executable | Observed: 1 | VT: 12/61     | \n  ----------------------------------------------------------------------------\n | Observation time frame: N/A                                                | \n  ----------------------------------------------------------------------------\n | STIX network indicators: URLs => 1 | Domains => 1 | IPs: 0                 | \n  ----------------------------------------------------------------------------\n  Online Reports (availability depends on data retention)\n  -> MISP EVENT: https://osint.digitalside.it/Threat-Intel/digitalside-misp-feed/d01c2ad1-0e2c-4b26-9725-f8a86025bd75.json\n  -> MISP CSV:   https://osint.digitalside.it/Threat-Intel/csv/d01c2ad1-0e2c-4b26-9725-f8a86025bd75.csv\n  -> DS Report:  https://osint.digitalside.it/report/579081f528d9279a87b298b9838c377b.html\n  -> STIX:       https://osint.digitalside.it/Threat-Intel/stix2/579081f528d9279a87b298b9838c377b.json\n##################################################################################################################################\n```\n\n[Json schema](https://github.com/davidonzo/apiosintDS/blob/master/apiosintDS/schema/schema.json)\n\n## Python 3 requiremet\nThe script runs using python intepreter at version 3.x. No support will be given to python 2.x.\n\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "On demand query API for OSINT.digitalside.it project. You can query for souspicious domains, urls, IPv4 and file hashes.",
    "version": "2.0.3",
    "project_urls": {
        "Homepage": "https://github.com/davidonzo/apiosintDS"
    },
    "split_keywords": [
        "apiosintds",
        " osint",
        " threat-intel",
        " ioc",
        " security"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "ab306b0b177dc9a2fed71d3fd454078c908fb85cb14d5dfe4103a56a2828a22c",
                "md5": "46d0ae89d461c78c8e9d4a47529c4ff0",
                "sha256": "e80163a69f8ca0f9fc01bd37b4c6f5937bdc828be8754a79da1da2958dac7493"
            },
            "downloads": -1,
            "filename": "apiosintDS-2.0.3-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "46d0ae89d461c78c8e9d4a47529c4ff0",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">3.5.2",
            "size": 27627,
            "upload_time": "2024-05-28T17:12:49",
            "upload_time_iso_8601": "2024-05-28T17:12:49.896332Z",
            "url": "https://files.pythonhosted.org/packages/ab/30/6b0b177dc9a2fed71d3fd454078c908fb85cb14d5dfe4103a56a2828a22c/apiosintDS-2.0.3-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-05-28 17:12:49",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "davidonzo",
    "github_project": "apiosintDS",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "requirements": [],
    "lcname": "apiosintds"
}
        
Elapsed time: 4.15093s