{"config":{"lang":["en"],"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"expansion export import","title":"Home"},{"location":"expansion/","text":"apiosintds\u00b6OndemandqueryAPIforOSINT.digitalside.itproject.-features:ThemodulesimplyqueriestheAPIofOSINT.digitalside.itwithadomain,ip,urlorhashattribute.Theresultofthequeryisthenparsedtoextractadditionalhashesorurls.Amoduleparametersalsoallowstoparsethehashesrelatedtotheurls.Furthermore,itispossibletocachetheurlsandhashescollectedoverthelast7daysbyOSINT.digitalside.it-input:Adomain,ip,urlorhashattribute.-output:HashesandurlsresultingfromthequerytoOSINT.digitalside.it-references:https://osint.digitalside.it/#About - requirements : The apiosintDS python library to query the OSINT.digitalside.it API. apivoid \u00b6 Module to query APIVoid with some domain attributes. - features : This module takes a domain name and queries API Void to get the related DNS records and the SSL certificates. It returns then those pieces of data as MISP objects that can be added to the event. To make it work, a valid API key and enough credits to proceed 2 queries (0.06 + 0.07 credits) are required. - input : A domain attribute. - output : DNS records and SSL certificates related to the domain. - references : https://www.apivoid.com/ - requirements : A valid APIVoid API key with enough credits to proceed 2 queries assemblyline_query \u00b6 A module tu query the AssemblyLine API with a submission ID to get the submission report and parse it. - features : The module requires the address of the AssemblyLine server you want to query as well as your credentials used for this instance. Credentials include the used-ID and an API key or the password associated to the user-ID. The submission ID extracted from the submission link is then used to query AssemblyLine and get the full submission report. This report is parsed to extract file objects and the associated IPs, domains or URLs the files are connecting to. Some more data may be parsed in the future. - input : Link of an AssemblyLine submission report. - output : MISP attributes & objects parsed from the AssemblyLine submission. - references : https://www.cyber.cg.ca/en/assemblyline - requirements : assemblyline_client: Python library to query the AssemblyLine rest API. assemblyline_submit \u00b6 A module to submit samples and URLs to AssemblyLine for advanced analysis, and return the link of the submission. - features : The module requires the address of the AssemblyLine server you want to query as well as your credentials used for this instance. Credentials include the user-ID and an API key or the password associated to the user-ID. If the sample or url is correctly submitted, you get then the link of the submission. - input : Sample, or url to submit to AssemblyLine. - output : Link of the report generated in AssemblyLine. - references : https://www.cyber.gc.ca/en/assemblyline - requirements : assemblyline_client: Python library to query the AssemblyLine rest API. backscatter_io \u00b6 Query backscatter.io ( https://backscatter.io/ ). - features : The module takes a source or destination IP address as input and displays the information known by backscatter.io. input : IP addresses. output : Text containing a history of the IP addresses especially on scanning based on backscatter.io information . references : https://pypi.org/project/backscatter/ requirements : backscatter python library bgpranking \u00b6 Query BGP Ranking ( https://bgpranking-ng.circl.lu/ ). - features : The module takes an AS number attribute as input and displays its description as well as its ranking position in BGP Ranking for a given day. input : Autonomous system number. output : An asn object with its related bgp-ranking object. references : https://github.com/D4-project/BGP-Ranking/ requirements : pybgpranking python library btc_scam_check \u00b6 An expansion hover module to query a special dns blacklist to check if a bitcoin address has been abu
