recordedfuture / rfapi-python Goto Github PK

Currently RFAPI does not work as expected for lookups of hash/IP/domains because it does not take multiple fields into account. Given the PoC below, you can see that only the first field analystNotes is returned and the rest is just discarded.

from rfapi import ConnectApiClient

fields = [
    'analystNotes',
    'intelCard',
    'risk',
    'sightings',
    'timestamps'
]

rf = ConnectApiClient(auth='API_KEY')
res = rf.lookup_hash('66643f3f2785f7e0de7d5bc8402495a1', fields=fields, metadata=False)
puts(res)

{'data': {'analystNotes': []}}

Probably because fields is not joined in list as in

p.s. thanks for the good work. However, a few examples on how to lookup hash via the RF-API would help in implementing the module. The examples in the ConnectAPI web interface shows Python3 examples but not once with the use of the module. I had to look multiple times in the source code to determine which parameters are allowed. But keep up the good work.

On line https://github.com/recordedfuture/rfapi-python/blob/master/rfapi/apiclient.py#L146
it doesn't match the article provided by support, see https://support.recordedfuture.com/hc/en-us/articles/360003936573-Adding-a-User-Agent-request-header-to-help-track-API-Calls?flash_digest=98f683b96af6c58613cf3b4eb071b12317467240

Would it be possible to get the contents of a hunting package yara rules file using the API?