Documentation
¶
Index ¶
- Constants
- Variables
- func DecodeResponse(resp *http.Response, target any) error
- func GetReport(report_id string)
- func GetResource(report_id string, hash string)
- func NewClient(opts ...OptionsClientFunc) (*httpClient, error)
- type Alerts
- type AnalyzerAlert
- type AnalyzerSensor
- type CertInfo
- type Client
- type FileAnalyzer
- type FileObservation
- type FingerprintInfo
- type HttpContent
- type HttpCookie
- type HttpHeaderValue
- type HttpPostData
- type HttpPostDataParams
- type HttpRequest
- type HttpResponse
- type HttpSecurityInfo
- type HttpTimings
- type HttpTransaction
- type IDSAlert
- type IDSSensor
- type IP
- type IssuerInfo
- type JSCode
- type JSSourceCode
- type JavaScriptCode
- type OptionsClientFunc
- type QueuedJob
- type Report
- type ReportOverview
- type ReportSummary
- type ReputationResult
- type SearchReportResponse
- type SubjectInfo
- type SubmitJob
- type URL
- type UrlqueryAlert
- type UrlqueryApiError
- type ValidityInfo
Constants ¶
Variables ¶
View Source
var ( ErrNotFound = errors.New("not found") ErrForbidden = errors.New("forbidden") ErrBadRequest = errors.New("bad request") ErrNotAcceptable = errors.New("not acceptable") ErrTooManyRequests = errors.New("too many requests") ErrUnprocessableEntity = errors.New("unprocessable entity") ErrUnexpectedStatus = errors.New("unexpected status code") )
View Source
var DefaultClient, _ = NewClient()
Default Client NewClient should not return any error when called without any options, and therefore safe to ignore
Functions ¶
func DecodeResponse ¶
DecodeResponse decodes the HTTP response body.
func GetResource ¶
func NewClient ¶
func NewClient(opts ...OptionsClientFunc) (*httpClient, error)
Types ¶
type Alerts ¶
type Alerts struct {
IDSAlerts []IDSAlert `json:"ids"`
AnalyzerAlerts []AnalyzerAlert `json:"analyzer"`
UrlqueryAlerts []UrlqueryAlert `json:"urlquery"`
}
type AnalyzerAlert ¶
type AnalyzerAlert struct {
SensorName string `json:"sensor_name"`
SensorType string `json:"sensor_type"`
Description string `json:"description"`
ScanDate string `json:"scan_date"`
Alert string `json:"alert"`
Trigger string `json:"trigger"`
Verdict string `json:"verdict"`
Severity string `json:"severity"`
Comment string `json:"comment"`
ResourceLink *string `json:"link"`
Meta *map[string]string `json:"meta"`
}
type AnalyzerSensor ¶
type AnalyzerSensor struct {
SensorName string `json:"sensor_name"`
Type string `json:"type"`
Description string `json:"description"`
Link string `json:"link"`
Alerts []AnalyzerAlert `json:"alerts"`
}
type CertInfo ¶
type CertInfo struct {
Subject SubjectInfo `json:"subject"`
Issuer IssuerInfo `json:"issuer"`
Validity ValidityInfo `json:"validity"`
Fingerprint FingerprintInfo `json:"fingerprint"`
}
type Client ¶
type Client interface {
NewRequest(method string, path string, body io.Reader) (*http.Request, error)
NewRequestWithContext(ctx context.Context, method string, path string, body io.Reader) (*http.Request, error)
Do(req *http.Request) (*http.Response, error)
DoRequest(method string, path string, body io.Reader) (*http.Response, error)
DoRequestWithContext(ctx context.Context, method string, path string, body io.Reader) (*http.Response, error)
}
Client defines the interface for HTTP operations
type FileAnalyzer ¶
type FileObservation ¶
type FileObservation struct {
Md5 string `json:"md5"`
Sha1 string `json:"sha1"`
Sha256 string `json:"sha256"`
Sha512 string `json:"sha512"`
Magic string `json:"magic"`
Size int `json:"size"`
Url URL `json:"url"`
Ip IP `json:"ip"`
Alerts struct {
AnalyzerAlerts []AnalyzerAlert `json:"analyzer"`
} `json:"alerts"`
}
type FingerprintInfo ¶
type HttpContent ¶
type HttpCookie ¶
type HttpCookie struct {
Name string `json:"name"`
Value string `json:"value"`
Path string `json:"path"`
Domain string `json:"domain"`
Expires string `json:"expire"`
HttpOnly bool `json:"http_only"` // HAR - TRUE if the cookie is HTTP only
Secure bool `json:"secure"` // HAR - TRUE if the cookie was transmitted of ssl, otherwise false
}
type HttpHeaderValue ¶
type HttpPostData ¶
type HttpPostData struct {
MimeType string `json:"mime_type"`
// Note that text and params fields are mutually exclusive.
Params []HttpPostDataParams `json:"params"`
Text string `json:"text"`
}
type HttpPostDataParams ¶
type HttpRequest ¶
type HttpRequest struct {
Raw string `json:"raw"`
Headers []HttpHeaderValue `json:"headers"`
Cookies []HttpHeaderValue `json:"cookies"`
Method string `json:"method"`
}
type HttpResponse ¶
type HttpResponse struct {
Raw string `json:"raw"`
Headers []HttpHeaderValue `json:"headers"`
Cookies []HttpHeaderValue `json:"cookies"`
StatusCode string `json:"status_code"`
StatusText string `json:"status_text"`
Content HttpContent `json:"data"`
}
type HttpSecurityInfo ¶
type HttpTimings ¶
type HttpTimings struct {
Blocked int `json:"blocked"` // Time spent in a queue waiting for a network connection. Use -1 if the timing does not apply to the current request.
DNS int `json:"dns"` // DNS resolution time. The time required to resolve a host name. Use -1 if the timing does not apply to the current request.
Connect int `json:"connect"` // Time required to create TCP connection. Use -1 if the timing does not apply to the current request.
Send int `json:"send"` // Time required to send HTTP request to the server.
Wait int `json:"wait"` // Waiting for a response from the server.
Receive int `json:"receive"` // Time required to read entire response from the server (or cache).
SSL int `json:"ssl"` // Time required for SSL/TLS negotiation. If this field is defined then the time is also included in the connect field (to ensure backward compatibility with HAR 1.1). Use -1 if the timing does not apply to the current request.
}
type HttpTransaction ¶
type HttpTransaction struct {
Url URL `json:"url"`
Ip IP `json:"ip"`
ResourceType string `json:"resource_type"`
RequestedBy string `json:"requested_by"`
Date string `json:"date"` // ISO8601 - YYYY-MM-DDThh:mm:ss.sTZD
Timestamp int64 `json:"timestamp"` // unix epoch
HttpVersion string `json:"http_version"`
SecurityState string `json:"security_state"` // Can be "secure", "insecure", "broken"
SecurityInfo *HttpSecurityInfo `json:"security_info"`
Request HttpRequest `json:"request"`
Response HttpResponse `json:"response"`
TotalTimeUsed int `json:"time_used"` // Total time used by the reques/response in milliseconds
Timings HttpTimings `json:"timings"`
Alerts Alerts `json:"alerts"`
}
type IssuerInfo ¶
type JSCode ¶
type JSCode struct {
Md5 string `json:"md5"`
Sha1 string `json:"sha1"`
Sha256 string `json:"sha256"`
Sha512 string `json:"sha512"`
Size int `json:"size"`
Data string `json:"data"`
FirstSeen string `json:"first_seen"`
LastSeen string `json:"last_seen"`
TimesSeen int `json:"times_seen"`
Alerts Alerts `json:"alerts"`
}
type JSSourceCode ¶
type JavaScriptCode ¶
type JavaScriptCode struct {
Script []JSSourceCode `json:"script"`
Eval []JSCode `json:"eval"`
Write []JSCode `json:"write"`
}
type OptionsClientFunc ¶
type OptionsClientFunc func(client *httpClient) error
type QueuedJob ¶
type QueuedJob struct {
QueueID string `json:"queue_id"`
ReportID string `json:"report_id"`
Status string `json:"status"`
Url URL `json:"url"`
Ip IP `json:"ip"`
UserAgent string `json:"useragent"`
Referer string `json:"referer"`
ExitNode string `json:"exit_node"`
Owner string `json:"owner"`
Access string `json:"access"`
RunTime int `json:"run_time"`
}
func QueueStatus ¶
type Report ¶
type Report struct {
ReportOverview
FileDetections []FileObservation `json:"files"`
Sensors struct {
NetworkSensors []IDSSensor `json:"ids"`
AnalyzerSensors []AnalyzerSensor `json:"analyzer"`
UrlQueryAlerts []UrlqueryAlert `json:"urlquery"`
} `json:"sensors"`
Javascript JavaScriptCode `json:"javascript"`
HttpTransactions []HttpTransaction `json:"http"`
}
type ReportOverview ¶
type ReportOverview struct {
ID string `json:"report_id"`
Version int `json:"version"`
Status string `json:"status"`
Tags []string `json:"tags"`
Date string `json:"date"` // RFC3339 - "2006-01-02T15:04:05Z07:00"
Url URL `json:"url"`
Ip IP `json:"ip"`
Final struct {
Url URL `json:"url"`
Title string `json:"title"`
} `json:"final"`
Submit struct {
Tags []string `json:"tags"`
Meta map[string]string `json:"meta"`
} `json:"submit"`
// Settings the report was run with
ReportSettings struct {
UserAgent string `json:"useragent"`
Referer string `json:"referer"`
Cookies map[string]string `json:"cookies"` // Cookie[<domain>]<cookie string>
Access string `json:"access"`
ExitNode string `json:"exit_node"`
} `json:"settings"`
Stats struct {
AlertCount struct {
Ids int `json:"ids"`
Urlquery int `json:"urlquery"`
Analyzer int `json:"analyzer"`
} `json:"alert_count"`
} `json:"stats"`
Summary []ReportSummary `json:"summary"`
}
type ReportSummary ¶
type ReportSummary struct {
Fqdn string `json:"fqdn"`
Ip IP `json:"ip"`
DomainRegistered string `json:"domain_registered"`
DomainRank int `json:"domain_rank"`
FirstSeen string `json:"first_seen"`
LastSeen string `json:"last_seen"`
AlertCount int `json:"alert_count"`
RequestCount int `json:"request_count"`
ReceivedData int `json:"received_data"`
SentData int `json:"sent_data"`
Comment string `json:"comment"`
Tags []string `json:"tags"`
}
type ReputationResult ¶
func CheckReputation ¶
func CheckReputation(query string) (*ReputationResult, error)
type SearchReportResponse ¶
type SearchReportResponse struct {
Query string `json:"query"`
TotalHits int `json:"total_hits"`
TimeUsed string `json:"time_used"`
Limit int `json:"limit"`
Offset int `json:"offset"`
Reports []ReportOverview `json:"reports"`
}
func (*SearchReportResponse) Bytes ¶
func (sr *SearchReportResponse) Bytes() []byte
func (*SearchReportResponse) String ¶
func (sr *SearchReportResponse) String() string
type SubjectInfo ¶
type SubmitJob ¶
type UrlqueryAlert ¶
type UrlqueryApiError ¶
UrlqueryApiError represents an error returned by the API.
func (*UrlqueryApiError) Error ¶
func (e *UrlqueryApiError) Error() string
type ValidityInfo ¶
Source Files
Click to show internal directories.
Click to hide internal directories.