Python client for RiskIQ's PassiveTotal API services

passivetotal provides a Python client library implementation into RiskIQ API services. The library currently provides support for the following services:

• Passive DNS queries and filters
• WHOIS queries (search and details)
• SSL Certificates (search and details)
• Account configuration
• Site actions (tagging, classifying, etc.)

The following command line scripts are installed with the library:

• pt-config: utility to set or query API configuration options for the library (username and API key).
• pt-info: client to query for your local account information and services.
• pt-client: primary client to issue queries against PassiveTotal services including passive DNS, WHOIS, SSL certificates, etc.

See the Usage section for more information.

From the downloaded source distribution:

$ python setup.py install

Or from PyPI:

$ pip install passivetotal [--upgrade]

The package depends on the Python Requests library. If Requests is not installed, it will be installed as a dependency.

First-time setup requires configuring your API token and private key for authentication:

$ pt-config setup <USERNAME> <API_KEY>

At any time, the current API configuration parameters can be queried using the same utility:

$ pt-config show

Configuration parameters are stored in $HOME/.config/passivetotal/api_config.json.

Our libraries support Python 3 through futures. On certain platforms, this causes issues when doing upgrades of the library. When performing an update, use the following:

sudo pip install passivetotal --upgrade --ignore-installed six

Every command-line script has several sub-commands that may be passed to it. The commands usage may be described with the -h/--help option.

For example:

$ pt-client -h
usage: pt-client [-h] {action,pdns,whois,ssl} ...

PassiveTotal Command Line Client

positional arguments:
  {action,pdns,whois,ssl}
    pdns                Query passive DNS data
    whois               Query WHOIS data
    ssl                 Query SSL certificate data
    action              Query and input feedback

optional arguments:
  -h, --help            show this help message and exit

Every sub-command has further help options::

$ pt-client pdns -h
usage: pt-client pdns [-h] --query QUERY [--sources SOURCES [SOURCES ...]]
                      [--end END] [--start START] [--timeout TIMEOUT]
                      [--unique] [--format {json,text,csv,stix,table,xml}]

optional arguments:
  -h, --help            show this help message and exit
  --query QUERY, -q QUERY
                        Query for a domain, IP address or wildcard
  --sources SOURCES [SOURCES ...]
                        CSV string of passive DNS sources
  --end END, -e END     Filter records up to this end date (YYYY-MM-DD)
  --start START, -s START
                        Filter records from this start date (YYYY-MM-DD)
  --timeout TIMEOUT, -t TIMEOUT
                        Timeout to use for passive DNS source queries
  --unique              Use this to only get back unique resolutons
  --format {json,text,csv,stix,table,xml}
                        Format of the output from the query

All commands will have the --format option to return raw responses in a number of different formats, which often contain more information than present in the default, human readable format.

For more information you can find documentation in the 'docs' directory, check the Github wiki, or readthedocs.