Sha256: 857f72e4fa0cfbc786e8f767c25910fd27288af3b6ec49ce0d92c6ea813799df
Contents?: true
Size: 1.46 KB
Versions: 3
Compression:
Stored size: 1.46 KB
Contents
--- tags: - Artifact:IP - Artifact:Domain - Passive DNS - Passive SSL - Reverse Whois --- # PassiveTotal - [https://community.riskiq.com/](https://community.riskiq.com/home) This analyzer uses [PassvieTotal API](https://api.passivetotal.org/index.html). An API endpoint to use is changed based on a type of a query. | Query | API endpoint | Artifact | | --------------------------------------- | ----------------------------- | ---------- | | IP address | `/v2/dns/passive` | Domain | | Domain | `/v2/dns/passive` | IP address | | Mail | `/v2/whois/search` | Domain | | Hash (SSL certificate SHA1 fingerprint) | `/v2/ssl-certificate/history` | IP address | ```yaml analyzer: passivetotal query: ... username: ... api_key: ... ``` ## Components ### Analyzer `analyzer` (`string`) should be either of `passivetotal` and `pt`. ### Query `query` (`string`) is a passive DNS/SSL or reverse whois search query. Domain, IP address, mail or SHA1 certificate fingerprint. - Passive DNS: Domain, IP Address - Passive SSL: SHA1 certificate fingerprint - Reverse whois: mail ### Username `username` (`string`) is a username. Optional. Defaults to `ENV[”PASSIVETOTAL_USERNAME"]`. ### API Key `api_key` (`string`) is an API key. Optional. Defaults to `ENV[”PASSIVETOTAL_API_KEY"]`.
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| mihari-5.7.0 | docs/analyzers/passivetotal.md |
| mihari-5.6.2 | docs/analyzers/passivetotal.md |
| mihari-5.6.1 | docs/analyzers/passivetotal.md |