README
¶
BadPackets REST API client library
BadPackets is TI IoT service provider with data about botnets and other threats.
Link to BadPackets:
Usage example
go get -u github.com/Rostelecom-CERT/gobadpackets
go test -api APIKEY -url URL
Simple example using library in cmd/gobadpackets/main.go
package main
import (
"flag"
"fmt"
"log"
"github.com/Rostelecom-CERT/gobadpackets"
)
func main () {
APIKeyPtr := flag.String("api", "", "API key Badpackets")
URLPtr := flag.String("url", "", "URL Badpackets")
flag.Parse()
var err error
var conf *gobadpackets.Client
// init function
conf,err = gobadpackets.New(*APIKeyPtr,*URLPtr)
if err != nil {
log.Fatalln(err)
}
// example ping function
status := conf.Ping()
fmt.Println(status)
// example Query function
data, err := conf.Query(&gobadpackets.Request{Country: "RU", Tags: "Mirai"})
if err!= nil {
log.Fatal(err)
}
fmt.Println(data.Count)
// print all tags description
for _, v := range data.Results {
for _, tv := range v.Tags {
fmt.Println(tv.Description)
}
}
// Format data from string to Time type
timeTest,err := time.Parse(time.RFC3339,"2018-12-31T09:04:22Z")
if err!= nil {
log.Fatal(err)
}
// Request data with time parameter
data, err = conf.Query(&gobadpackets.Request{LastSeenBefore: timeTest})
if err!= nil {
log.Fatal(err)
}
fmt.Println(data.Count)
// Format data from string to Time type
timeStart,err := time.Parse(time.RFC3339,"2021-05-19T07:50:00Z")
if err!= nil {
log.Fatal(err)
}
timeEnd,err := time.Parse(time.RFC3339,"2021-05-19T08:15:00Z")
if err!= nil {
log.Fatal(err)
}
// Request data between 2 datetime
data, err = conf.Query(&gobadpackets.Request{
FirstSeenAfter: timeStart.Add(-time.Minute * 15),
LastSeenBefore: timeEnd.Add(time.Minute * 15),
SourceIPAddress: "192.168.1.1",
})
if err!= nil {
log.Fatal(err)
}
fmt.Println(data.Count)
}
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Data ¶
type Data struct {
Count int `json:"count"`
Next string `json:"next"`
Previous string `json:"previous"`
Results []struct {
EventID string `json:"event_id"`
SourceIPAddress string `json:"source_ip_address"`
Country string `json:"country"`
UserAgent string `json:"user_agent"`
Payload string `json:"payload"`
PostData string `json:"post_data"`
TargetPort int `json:"target_port"`
Protocol string `json:"protocol"`
Tags []struct {
Cve string `json:"cve"`
Category string `json:"category"`
Description string `json:"description"`
} `json:"tags"`
EventCount int `json:"event_count"`
FirstSeen time.Time `json:"first_seen"`
LastSeen time.Time `json:"last_seen"`
} `json:"results"`
}
Data struct with data from query
type Request ¶
type Request struct {
SourceIPAddress string `url:"source_ip_address,omitempty"`
TargetPort uint16 `url:"target_port,omitempty"`
Protocol string `url:"protocol,omitempty"`
UserAgent string `url:"user_agent,omitempty"`
Payload string `url:"payload,omitempty"`
PostData string `url:"post_data,omitempty"`
Country string `url:"country,omitempty"`
FirstSeenBefore time.Time `url:"first_seen_before,omitempty"`
LastSeenBefore time.Time `url:"last_seen_before,omitempty"`
FirstSeenAfter time.Time `url:"first_seen_after,omitempty"`
LastSeenAfter time.Time `url:"last_seen_after,omitempty"`
EventCount uint64 `url:"event_count,omitempty"`
Limit uint32 `url:"limit,omitempty"`
Page uint32 `url:"page,omitempty"`
Tags string `url:"tags,omitempty"`
}
Request struct for making search
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.