goinvestigate

package module
v1.0.1-0...-b6c0e41 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 18, 2014 License: MIT Imports: 10 Imported by: 3

README

GoDoc goinvestigate

Go Investigate API

Installation

First, make sure your $GOPATH is set.

go get it

go get github.com/dead10ck/goinvestigate

Docs

Click the GoDoc link above, or to view locally, just start a local godoc server:

godoc -http=:6060

and open localhost:6060 in your web browser. The docs will be under github.com/dead10ck/goinvestigate.

Documentation

Overview

API for the OpenDNS Security Graph / Investigate.

To use it, use your Investigate API key to build an Investigate object. 

key := "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
inv, err := goinvestigate.New(key)

if err != nil {
	log.Fatal(err)
}

Then you can call any API method, e.g.: 

data, err := inv.DomainRRHistory("www.test.com")

which returns a DomainRRHistory object.

Be sure to set runtime.GOMAXPROCS() in the init() function of your program to enable concurrency.

The official OpenDNS Investigate Documentation can be found at: https://sgraph.opendns.com/docs/api

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Cooccurrence 

type Cooccurrence struct {
	Domain string
	Score  float64
}

type CooccurrenceList 

type CooccurrenceList []Cooccurrence

func (*CooccurrenceList) UnmarshalJSON 

func (r *CooccurrenceList) UnmarshalJSON(b []byte) error

type DomainCategorization 

type DomainCategorization struct {
	Status             int
	ContentCategories  []string `json:"content_categories"`
	SecurityCategories []string `json:"security_categories"`
}

type DomainRRHistory 

type DomainRRHistory struct {
	RRPeriods  []ResourceRecordPeriod       `json:"rrs_tf"`
	RRFeatures DomainResourceRecordFeatures `json:"features"`
}

type DomainResourceRecordFeatures 

type DomainResourceRecordFeatures struct {
	Age             int
	TTLsMin         int      `json:"ttls_min"`
	TTLsMax         int      `json:"ttls_max"`
	TTLsMean        float64  `json:"ttls_mean"`
	TTLsMedian      float64  `json:"ttls_median"`
	TTLsStdDev      float64  `json:"ttls_stddev"`
	CountryCodes    []string `json:"country_codes"`
	ASNs            []int
	Prefixes        []string
	RIPSCount       int     `json:"rips"`
	RIPSDiversity   float64 `json:"div_rips"`
	Locations       []Location
	GeoDistanceSum  float64 `json:"geo_distance_sum"`
	GeoDistanceMean float64 `json:"geo_distance_mean"`
	NonRoutable     bool    `json:"non_routable"`
	MailExchanger   bool    `json:"mail_exchanger"`
	CName           bool
	FFCandidate     bool    `json:"ff_candidate"`
	RIPSStability   float64 `json:"rips_stability"`
	BaseDomain      string  `json:"base_domain"`
	IsSubdomain     bool    `json:"is_subdomain"`
}

type DomainTag 

type DomainTag struct {
	Url      string
	Category string
	Period   PeriodType
}

type GeoFeatures 

type GeoFeatures struct {
	CountryCode string
	VisitRatio  float64
}

func (*GeoFeatures) UnmarshalJSON 

func (gf *GeoFeatures) UnmarshalJSON(b []byte) error

type IPRRHistory 

type IPRRHistory struct {
	RRs        []ResourceRecord
	RRFeatures IPResourceRecordFeatures `json:"features"`
}

type IPResourceRecordFeatures 

type IPResourceRecordFeatures struct {
	RRCount   int     `json:"rr_count"`
	LD2Count  int     `json:"ld2_count"`
	LD3Count  int     `json:"ld3_count"`
	LD21Count int     `json:"ld2_1_count"`
	LD22Count int     `json:"ld2_2_count"`
	DivLD2    float64 `json:"div_ld2"`
	DivLD3    float64 `json:"div_ld3"`
	DivLD21   float64 `json:"div_ld2_1"`
	DivLD22   float64 `json:"div_ld2_2"`
}

type Investigate 

type Investigate struct {
	// contains filtered or unexported fields
}

func New 

func New(key string) *Investigate

Build a new Investigate client using an Investigate API key.

func (*Investigate) Categorization 

func (inv *Investigate) Categorization(domain string, labels bool) (*DomainCategorization, error)

Get the domain status and categorization of a domain. Setting 'labels' to true will give back categorizations in human-readable form.

For more detail, see https://sgraph.opendns.com/docs/api#categorization

func (*Investigate) Categorizations 

func (inv *Investigate) Categorizations(domains []string, labels bool) (map[string]DomainCategorization, error)

Get the status and categorization of a list of domains Setting 'labels' to true will give back categorizations in human-readable form.

For more detail, see https://sgraph.opendns.com/docs/api#categorization

func (*Investigate) Cooccurrences 

func (inv *Investigate) Cooccurrences(domain string) ([]Cooccurrence, error)

Get the cooccurrences of the given domain.

For details, see https://sgraph.opendns.com/docs/api#co-occurrences

func (*Investigate) DomainRRHistory 

func (inv *Investigate) DomainRRHistory(domain string, queryType string) (*DomainRRHistory, error)

Get the RR (Resource Record) History of the given domain. queryType is the type of DNS query to perform on the database. The following query types are supported:

A, NS, MX, TXT, CNAME

For details, see https://sgraph.opendns.com/docs/api#dnsrr_domain

func (*Investigate) DomainTags 

func (inv *Investigate) DomainTags(domain string) ([]DomainTag, error)

Get the domain tagging dates for the given domain.

For details, see https://sgraph.opendns.com/docs/api#latest_tags

func (*Investigate) Get 

func (inv *Investigate) Get(subUri string) (*http.Response, error)

A generic GET call to the Investigate API. Will make an HTTP request to: https://investigate.api.opendns.com{subUri}

func (*Investigate) GetParse 

func (inv *Investigate) GetParse(subUri string, v interface{}) error

Convenience function to perform Get and parse the response body. Parses the response into the value pointed to by v.

func (*Investigate) IpRRHistory 

func (inv *Investigate) IpRRHistory(ip string, queryType string) (*IPRRHistory, error)

Get the RR (Resource Record) History of the given IP. queryType is the type of DNS query to perform on the database. The following query types are supported:

A, NS, MX, TXT, CNAME

For details, see https://sgraph.opendns.com/docs/api#dnsrr_ip

func (*Investigate) LatestDomains 

func (inv *Investigate) LatestDomains(ip string) ([]string, error)

Gets the latest known malicious domains associated with the given IP address, if any. Returns the list of malicious domains.

For details, see https://sgraph.opendns.com/docs/api#latest_domains

func (*Investigate) Log 

func (inv *Investigate) Log(s string)

Log something to stdout

func (*Investigate) LogHTTPResponseBody 

func (inv *Investigate) LogHTTPResponseBody(respBody io.ReadCloser)

Log the response body

func (*Investigate) Logf 

func (inv *Investigate) Logf(fs string, args ...interface{})

Log something to stdout with a format string

func (*Investigate) Post 

func (inv *Investigate) Post(subUri string, body io.Reader) (*http.Response, error)

A generic POST call, which forms a request with the given body

func (*Investigate) PostParse 

func (inv *Investigate) PostParse(subUri string, body io.Reader, v interface{}) error

Convenience function to perform Post and parse the response body. Parses the response into the value pointed to by v.

func (*Investigate) RelatedDomains 

func (inv *Investigate) RelatedDomains(domain string) ([]RelatedDomain, error)

Use domain to make the HTTP request: /links/name/{domain}.json Get the related domains of the given domain.

For details, see https://sgraph.opendns.com/docs/api#relatedDomains

func (*Investigate) Request 

func (inv *Investigate) Request(req *http.Request) (*http.Response, error)

A generic Request method which makes the given request. Will retry up to 5 times on failure.

func (*Investigate) Security 

func (inv *Investigate) Security(domain string) (*SecurityFeatures, error)

Get the Security Information for the given domain.

For details, see https://sgraph.opendns.com/docs/api#securityInfo

func (*Investigate) SetVerbose 

func (inv *Investigate) SetVerbose(verbose bool)

Sets verbose messages to the given boolean value.

type Location 

type Location struct {
	Lat float64
	Lon float64
}

type MaliciousDomain 

type MaliciousDomain struct {
	Domain string `json:"name"`
	Id     int
}

type PeriodType 

type PeriodType struct {
	Begin string
	End   string
}

type RelatedDomain 

type RelatedDomain struct {
	Domain string
	Score  int
}

type RelatedDomainList 

type RelatedDomainList []RelatedDomain

func (*RelatedDomainList) UnmarshalJSON 

func (r *RelatedDomainList) UnmarshalJSON(b []byte) error

type ResourceRecord 

type ResourceRecord struct {
	Name  string
	TTL   int
	Class string
	Type  string
	RR    string
}

type ResourceRecordPeriod 

type ResourceRecordPeriod struct {
	FirstSeen string `json:"first_seen"`
	LastSeen  string `json:"last_seen"`
	RRs       []ResourceRecord
}

type SecurityFeatures 

type SecurityFeatures struct {
	DGAScore               float64 `json:"dga_score"`
	Perplexity             float64
	Entropy                float64
	SecureRank2            float64 `json:"securerank2"`
	PageRank               float64 `json:"pagerank"`
	ASNScore               float64 `json:"asn_score"`
	PrefixScore            float64 `json:"prefix_score"`
	RIPScore               float64 `json:"rip_score"`
	Fastflux               bool
	Popularity             float64
	Geodiversity           []GeoFeatures `json:"geodiversity"`
	GeodiversityNormalized []GeoFeatures `json:"geodiversity_normalized"`
	TLDGeodiversity        []GeoFeatures `json:"tld_geodiversity"`
	Geoscore               float64
	KSTest                 float64 `json:"ks_test"`
	Attack                 string
	ThreatType             string `json:"threat_type"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.