forked from onyphe/cli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
130 lines (91 loc) · 3.53 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
Metabrik::Client::Onyphe
========================
Official client to access the ONYPHE API.
To know more: https://www.onyphe.io/
INSTALLATION
A/ Install all dependencies (Ubuntu/Debian/Kali systems)
$ sudo apt-get install -y build-essential less cpanminus libreadline-dev \
coreutils libexpat1-dev phantomjs bsdutils libssl-dev libxml2-dev \
procps aptitude
B/ Install Metabrik and its Repository
$ sudo cpanm -n Metabrik Metabrik::Repository
C/ Install this module
$ git clone https://github.com/onyphe/client onyphe
$ cd onyphe
$ perl Makefile.PL
$ make
$ make test
$ sudo make install
D/ Install client::onyphe Brik
$ sudo perl -MMetabrik::Core::Context -e \
'Metabrik::Core::Context->new_brik_run("brik::tool","install","client::onyphe")'
E/ Set your API key in the configuration file
$ echo '<APIKEY>' > ~/.onyphe_rc
F/ Install custom functions (example: httpshot)
$ sudo perl -MMetabrik::Core::Context -e \
'Metabrik::Core::Context->new_brik_run("brik::tool","install","client::onyphe::function::httpshot")'
Current list of custom functions:
- addcount
- blacklist
- count
- dedup
- exec
- httpshot
- merge
- piechart
- search
- top
- uniq
- where
- whitelist
- whois
G/ Enjoy
$ onyphe
EXAMPLES
# Query profile information (like API endpoints, available categories or remaining credits)
$ onyphe -user | jq .
#
# Query the simple API
# See https://www.onyphe.io/documentation/api for more APIs
#
# Search reverse DNS information
$ onyphe -simple resolver_reverse -value 8.8.8.8
# Search data from free text
$ onyphe -simple datascan -value 'WD My Cloud'
# Get a summary of information from an IP address
$ onyphe -summary ip -value 8.8.8.8
#
# Query the search API (need subscription, see https://www.onyphe.io/pricing)
# See https://www.onyphe.io/documentation/api for more APIs
#
# Search for some NGINX products and encode data field as Base64
$ onyphe -search 'category:datascan product:Nginx' | jq .
# Just display useful information to you
$ onyphe -search 'category:datascan product:Nginx -field:ip,port,tls,product,productversion,cpe'
# Autoscroll through all results
# !!! WARNING: may consume up to 1,000 credits
$ onyphe -search 'category:datascan protocol:smb tag:smb::compression' \
-autoscroll 1
# Autoscroll feature but limit the number of pages to scroll
$ onyphe -search 'category:datascan protocol:smb tag:smb::compression' \
-autoscroll 1 -maxpage 10
# Save Mirai threatlist information from yesterday results
$ onyphe -search 'category:threatlist threatlist:"ONYPHE - botnet/mirai" -dayago:1' > mirai.json
# Execute a where clause to return results that match criterias from another query
# Here, we want to find modbus devices which also have a Web interface.
# !!! WARNING: may consume up to 11,000 credits.
$ onyphe -autoscroll 1 -search \
'category:datascan protocol:modbus -dayago:1 \
| search category:datascan protocol:http ip:$ip'
# Fetch all results
$ onyphe -export 'category:datascan protocol:mongo' > mongo.json
# List alert
$ onyphe -alert list
# Add data on alert
$ onyphe -alert add -value '{"name":"My alert","query":"category:datascan domain:example.com -exists:cve","email":"[email protected]"}'
# Del data on alert
$ onyphe -alert del -value 0
COPYRIGHT AND LICENSE
Copyright (c) 2018-2020, ONYPHE
You may distribute this module under the terms of The BSD 3-Clause License.
See LICENSE file in the source distribution archive.