-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathSearch-AlienVault.ps1
151 lines (132 loc) · 6.23 KB
/
Search-AlienVault.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
<#
.SYNOPSIS
Gather Open-Source Intelligence using PowerShell.
.DESCRIPTION
Gather Open-Source Intelligence from AlienVault using PowerShell.
.EXAMPLE
Search-AlienVault -Endpoint IPv4 -Section general -Query 187.233.152.78 | Format-List
sections : {general, geo, reputation, url_list...}
city : Aguascalientes
area_code : 0
pulse_info : @{count=8; references=System.Object[]; pulses=System.Object[]}
continent_code : NA
country_name : Mexico
postal_code : 20270
dma_code : 0
country_code : MX
flag_url : /static/img/flags/mx.png
asn : AS8151 Uninet S.A. de C.V.
city_data : True
indicator : 187.233.152.78
whois : http://whois.domaintools.com/187.233.152.78
type_title : IPv4
region : AGU
charset : 0
longitude : -102.2705
country_code3 : MEX
reputation : 0
base_indicator : @{indicator=187.233.152.78; description=; title=; access_reason=; access_type=public; content=; type=IPv4; id=1818097001}
latitude : 21.8956
type : IPv4
flag_title : Mexico
##########################################################################
Available options not found in 'Get-Help Search-AlienVault' SYNTAX section
##########################################################################
Endpoint: IPv4
Section : [general,geo,http_scans,malware,passive_dns,reputation,url_list]
Query : STRING
Endpoint: IPv6
Section : [general,geo,http_scans,malware,passive_dns,reputation]
Query : STRING
Endpoint: domain
Section : [general,geo,http_scans,malware,passive_dns,url_list,whois]
Query : STRING
Endpoint: hostname
Section : [general,geo,http_scans,malware,passive_dns,url_list]
Query : STRING
Endpoint: file
Section : [analysis,general]
Query : STRING
Endpoint: url
Section : [general,url_list]
Query : STRING
Endpoint: cve
Section : [general]
Query : STRING
##########################################################################
Available options not found in 'Get-Help Search-AlienVault' SYNTAX section
##########################################################################
.LINK
https://github.com/ecstatic-nobel/pOSINT/
#>
function Search-AlienVault {
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)]
[ValidateSet("IPv4","IPv6","domain","hostname","file","url","cve")]
[string]$Endpoint,
[Parameter(Mandatory=$true, ValueFromPipeline=$true)]
##### Merging later. PS6 Core Needed #####
# [ValidateSet([Sections]::New($Endpoint))]
##### Merging later. PS6 Core Needed #####
[ValidateSet("analysis","general","geo","http_scans","malware","passive_dns","reputation","url_list","whois")]
[ValidateScript({
#
# Mismatch detected. Use 'Get-Help Search-AlienVault -Examples' to see available options.
#
if ($Endpoint -eq "IPv4") {
if ($_ -in @("general","geo","http_scans","malware","passive_dns","reputation","url_list")) {$True}
} elseif ($Endpoint -eq "IPv6") {
if ($_ -in @("general","geo","http_scans","malware","passive_dns","reputation")) {$True}
} elseif ($Endpoint -eq "domain") {
if ($_ -in @("general","geo","http_scans","malware","passive_dns","url_list","whois")) {$True}
} elseif ($Endpoint -eq "hostname") {
if ($_ -in @("general","geo","http_scans","malware","passive_dns","url_list")) {$True}
} elseif ($Endpoint -eq "file") {
if ($_ -in @("analysis","general")) {$True}
} elseif ($Endpoint -eq "url") {
if ($_ -in @("general","url_list")) {$True}
} elseif ($Endpoint -eq "cve") {
if ($_ -in @("general")) {$True}
}
})]
[string]$Section,
[Parameter(Mandatory=$true)]
[string]$Query
)
Begin {
Set-SslDefaults
Set-ModuleDefaults
if ($Endpoint -in @("IPv4", "IPv6") -and $Endpoint -cnotlike "IPv*") {
$IpVersion = $Endpoint[-1]
$Endpoint = "IPv$IpVersion"
}
$Uri = "https://otx.alienvault.com/api/v1/indicators/$Endpoint/$Query/$Section"
}
Process {Search-Api}
End {Reset-SslDefaults; Write-Verbose "Complete"}
}
##### Merging later. PS6 Core Needed #####
# Class AlienVaultSections : System.Management.Automation.IValidateSetValuesGenerator {
# [string[]]$Sections
# AlienVaultSections(
# [string]$Endpoint
# ) {
# $this.Sections = if ($Endpoint -eq "IPv4") {
# @("general","geo","http_scans","malware","passive_dns","reputation","url_list")
# } elseif ($Endpoint -eq "IPv6") {
# @("general","geo","http_scans","malware","passive_dns","reputation")
# } elseif ($Endpoint -eq "domain") {
# @("general","geo","http_scans","malware","passive_dns","url_list","whois")
# } elseif ($Endpoint -eq "hostname") {
# @("general","geo","http_scans","malware","passive_dns","url_list")
# } elseif ($Endpoint -eq "file") {
# @("analysis","general")
# } elseif ($Endpoint -eq "url") {
# @("general","url_list")
# } elseif ($Endpoint -eq "cve") {
# @("general")
# }
# }
# }
##### Merging later. PS6 Core Needed #####