PassiveTotal¶
This analyzer uses PassvieTotal API.
An API endpoint to use is changed based on a type of a query.
| Query | API endpoint | Artifact |
|---|---|---|
| IP address | /v2/dns/passive |
Domain |
| Domain | /v2/dns/passive |
IP address |
/v2/whois/search |
Domain | |
| Hash (SSL certificate SHA1 fingerprint) | /v2/ssl-certificate/history |
IP address |
analyzer: passivetotal
query: ...
username: ...
api_key: ...
Components¶
Analyzer¶
analyzer (string) should be either of passivetotal and pt.
Query¶
query (string) is a passive DNS/SSL or reverse whois search query. Domain, IP address, mail or SHA1 certificate fingerprint.
- Passive DNS: Domain, IP Address
- Passive SSL: SHA1 certificate fingerprint
- Reverse whois: mail
Username¶
username (string) is a username. Optional. Configurable via PASSIVETOTAL_USERNAME environment variable.
API Key¶
api_key (string) is an API key. Optional. Configurable via PASSIVETOTAL_API_KEY environment variable.