Te-k/harpoon
GitHub: Te-k/harpoon
Harpoon 是一个集成多个威胁情报源的OSINT命令行工具,用于安全分析和情报收集。
Stars: 1275 | Forks: 178
# Harpoon
OSINT / 威胁情报命令行工具。
[](https://pypi.org/project/harpoon/) [](https://pypistats.org/packages/harpoon) [](LICENSE) [](https://github.com/Te-k/harpoon/issues)
# 安装说明
## 前置条件
作为 Harpoon 的前提条件,您需要安装 [lxml](https://lxml.de/installation.html) 的依赖项。在 Debian/Ubuntu 系统上,执行:`sudo apt-get install libxml2-dev libxslt-dev python3-dev`。在 Fedora 系统上,执行:`sudo dnf install sqlite-devel automake bzip2 bzip2-devel bzip2-lib cython g++ gcc gcc-c++ kernel-devel libffi-devel libxlt libxml2 libxml2-devel libxslt libxslt-devel make openssl openssl-devel python3-dev python3-devel python3-lxml python-dev python-devel sqlite-devel`。
您需要安装 [geoipupdate](https://github.com/maxmind/geoipupdate) 并进行[正确配置](https://dev.maxmind.com/geoip/geoipupdate/)才能正确使用地理定位功能(请确保将 `GeoLite2-Country GeoLite2-City GeoLite2-ASN` 设为 `EditionIDs`)。
## 安装 Harpoon
您可以直接使用 `pip install harpoon` 从 [PyPI](https://pypi.org/project/harpoon/) 安装此包。
如果上述安装说明不起作用,您可以通过在终端执行以下命令从源代码构建此工具(假设您正在使用 virtualenv):
```
git clone https://github.com/Te-k/harpoon.git
cd harpoon
pip3 install .
```
您可能希望安装 [harpoontools](https://github.com/Te-k/harpoontools) 以获得使用 Harpoon 功能的额外命令。
## 配置
要配置 Harpoon,请运行 `harpoon config` 并填入所需的 API 密钥。
然后运行 `harpoon update` 下载所需文件。使用 `harpoon config -c` 检查已配置的插件。
更多信息请参阅 [wiki](https://github.com/Te-k/harpoon/wiki)。
## 更新 Harpoon
如果您是从 [PyPI](https://pypi.org/project/harpoon/) 安装的 Harpoon,只需执行 `pip install -U harpoon`。
如果您是从 Git 仓库安装的 Harpoon,请进入仓库目录并使用以下命令:
```
git pull origin master
pip install .
```
# 使用方法
配置完成后,`harpoon` 命令下将提供以下插件:
```
asn Gather information on an ASN
binaryedge Request BinaryEdge API
cache Requests webpage cache from different sources
censys Request information from Censys database (https://censys.io/)
certspotter Get certificates from https://sslmate.com/certspotter
circl Request the CIRCL passive DNS database
config Configure Harpoon
crtsh Search in https://crt.sh/ (Certificate Transparency database)
cybercure Search cybercure.ai intelligence database for specific indicators.
dns Map DNS information for a domain or an IP
dnsdb Requests Farsight DNSDB
email Gather information on an email address
fullcontact Requests Full Contact API (https://www.fullcontact.com/)
github Request Github information through the API
greynoise Request information from GreyNoise API (pick Community or Enterprise via api_type config)
hashlookup Request CIRCL Hash Lookup db
help Give help on an Harpoon command
hibp Request Have I Been Pwned API (https://haveibeenpwned.com/)
hunter Request hunter.io information through the API
hybrid Requests Hybrid Analysis platform
intel Gather information on a domain
ip Gather information on an IP address
ipinfo Request ipinfo.io information
ip2locationio Request IP2Location.io information
koodous Request Koodous API
malshare Requests MalShare database
misp Get information from a MISP server through the API
numverify Query phone number information from NumVerify
opencage Forward/Reverse Geocoding using OpenCage
otx Requests information from AlienVault OTX
permacc Request Perma.cc information through the API
pgp Search for information in PGP key servers
pt Requests Passive Total database
pulsedive Request PulseDive API
quad9 Check if a domain is blocked by Quad9
robtex Search in Robtex API (https://www.robtex.com/api/)
safebrowsing Check if the given domain is in Google safe Browsing list
save Save a webpage in cache platforms
securitytrails Requests SecurityTrails database
shodan Requests Shodan API
spyonweb Search in SpyOnWeb through the API
subdomains Research subdomains of a domain
telegram Request information from Telegram through the API
threatcrowd Request the ThreatCrowd API
threatgrid Request Threat Grid API
threatminer Requests TreatMiner database https://www.threatminer.org/
tor Check if an IP is a Tor exit node listed in the public list
totalhash Request Total Hash API
twitter Requests Twitter API
umbrella Check if a domain is in Umbrella Top 1 million domains
update Update Harpoon data
urlhaus Request urlhaus.abuse.ch API
urlscan Search and submit urls to urlscan.io
vt Request Virus Total API
xforce Query IBM Xforce Exchange API
zetalytics Search in Zetalytics database
```
您可以通过 `harpoon help COMMAND` 获取每个命令的信息。
## 访问密钥
* [AlienVault OTX](https://otx.alienvault.com/)
* [BinaryEdge](https://www.binaryedge.io/)
* [Censys](https://censys.io/register)
* [CertSpotter](https://sslmate.com/certspotter/pricing):付费计划提供对已过期证书的搜索(个人观点意义不大,用 crtsh 或 censys 即可)。查询当前证书无需账户。
* [CIRCL Passive DNS](https://www.circl.lu/services/passive-dns/)
* [Farsight Dnsdb](https://www.farsightsecurity.com/dnsdb-community-edition/)
* [FullContact](https://dashboard.fullcontact.com/register)
* [GreyNoise](https://viz.greynoise.io/account):支持社区版和企业版 API。使用 `api_type` 配置设置来指定要使用的 API 类型。两者都需要 API 密钥才能工作。
* [Have I Been Pwned](https://haveibeenpwned.com/)
* [Hunter](https://hunter.io/users/sign_up)
* [Hybrid Analysis](https://www.hybrid-analysis.com/apikeys/info)
* [IBM Xforce Exchange](https://exchange.xforce.ibmcloud.com/settings/api)
* [ipinfo.io](https://ipinfo.io/)
* [IP2Location.io](https://www.ip2location.io/)
* [Koodous](https://koodous.com/)
* [MalShare](https://malshare.com/register.php)
* [NumVerify](https://numverify.com/)
* [OpenCage](https://opencagedata.com/)
* [PassiveTotal](https://community.riskiq.com/registration)
* [Permacc](https://perma.cc/)
* [PulseDive](https://pulsedive.com/)
* [Security Trails](https://securitytrails.com/)
* [Shodan](https://account.shodan.io/register)
* [SpyOnWeb](https://api.spyonweb.com/)
* Telegram:[创建一个应用程序](https://core.telegram.org/api/obtaining_api_id)
* [Total Hash](https://totalhash.cymru.com/contact-us/)
* [Twitter](https://developer.twitter.com/en/docs/ads/general/guides/getting-started)
* [UrlHaus](https://urlhaus.abuse.ch/api/#account)
* [UrlScan](https://urlscan.io/)
* Virus Total:对于公共版本,请创建一个账户并在[设置页面](https://www.virustotal.com/#/settings/apikey)获取 API 密钥。
* [Zetalytics](https://zetalytics.com/)
## 贡献者
感谢为改进 Harpoon 做出贡献的人们:[@jakubd](https://github.com/jakubd) [@marrouchi](https://github.com/marrouchi) [@grispan56](https://github.com/grispan56) [@christalib](https://github.com/christalib)
徽标设计归功于 [@euphoricfall](https://twitter.com/euphoricfall) 和 [PulseDive 团队](https://pulsedive.com/)。
## 许可证
此代码基于 [GPLv3](LICENSE) 许可证发布。
# 安装说明
## 前置条件
作为 Harpoon 的前提条件,您需要安装 [lxml](https://lxml.de/installation.html) 的依赖项。在 Debian/Ubuntu 系统上,执行:`sudo apt-get install libxml2-dev libxslt-dev python3-dev`。在 Fedora 系统上,执行:`sudo dnf install sqlite-devel automake bzip2 bzip2-devel bzip2-lib cython g++ gcc gcc-c++ kernel-devel libffi-devel libxlt libxml2 libxml2-devel libxslt libxslt-devel make openssl openssl-devel python3-dev python3-devel python3-lxml python-dev python-devel sqlite-devel`。
您需要安装 [geoipupdate](https://github.com/maxmind/geoipupdate) 并进行[正确配置](https://dev.maxmind.com/geoip/geoipupdate/)才能正确使用地理定位功能(请确保将 `GeoLite2-Country GeoLite2-City GeoLite2-ASN` 设为 `EditionIDs`)。
## 安装 Harpoon
您可以直接使用 `pip install harpoon` 从 [PyPI](https://pypi.org/project/harpoon/) 安装此包。
如果上述安装说明不起作用,您可以通过在终端执行以下命令从源代码构建此工具(假设您正在使用 virtualenv):
```
git clone https://github.com/Te-k/harpoon.git
cd harpoon
pip3 install .
```
您可能希望安装 [harpoontools](https://github.com/Te-k/harpoontools) 以获得使用 Harpoon 功能的额外命令。
## 配置
要配置 Harpoon,请运行 `harpoon config` 并填入所需的 API 密钥。
然后运行 `harpoon update` 下载所需文件。使用 `harpoon config -c` 检查已配置的插件。
更多信息请参阅 [wiki](https://github.com/Te-k/harpoon/wiki)。
## 更新 Harpoon
如果您是从 [PyPI](https://pypi.org/project/harpoon/) 安装的 Harpoon,只需执行 `pip install -U harpoon`。
如果您是从 Git 仓库安装的 Harpoon,请进入仓库目录并使用以下命令:
```
git pull origin master
pip install .
```
# 使用方法
配置完成后,`harpoon` 命令下将提供以下插件:
```
asn Gather information on an ASN
binaryedge Request BinaryEdge API
cache Requests webpage cache from different sources
censys Request information from Censys database (https://censys.io/)
certspotter Get certificates from https://sslmate.com/certspotter
circl Request the CIRCL passive DNS database
config Configure Harpoon
crtsh Search in https://crt.sh/ (Certificate Transparency database)
cybercure Search cybercure.ai intelligence database for specific indicators.
dns Map DNS information for a domain or an IP
dnsdb Requests Farsight DNSDB
email Gather information on an email address
fullcontact Requests Full Contact API (https://www.fullcontact.com/)
github Request Github information through the API
greynoise Request information from GreyNoise API (pick Community or Enterprise via api_type config)
hashlookup Request CIRCL Hash Lookup db
help Give help on an Harpoon command
hibp Request Have I Been Pwned API (https://haveibeenpwned.com/)
hunter Request hunter.io information through the API
hybrid Requests Hybrid Analysis platform
intel Gather information on a domain
ip Gather information on an IP address
ipinfo Request ipinfo.io information
ip2locationio Request IP2Location.io information
koodous Request Koodous API
malshare Requests MalShare database
misp Get information from a MISP server through the API
numverify Query phone number information from NumVerify
opencage Forward/Reverse Geocoding using OpenCage
otx Requests information from AlienVault OTX
permacc Request Perma.cc information through the API
pgp Search for information in PGP key servers
pt Requests Passive Total database
pulsedive Request PulseDive API
quad9 Check if a domain is blocked by Quad9
robtex Search in Robtex API (https://www.robtex.com/api/)
safebrowsing Check if the given domain is in Google safe Browsing list
save Save a webpage in cache platforms
securitytrails Requests SecurityTrails database
shodan Requests Shodan API
spyonweb Search in SpyOnWeb through the API
subdomains Research subdomains of a domain
telegram Request information from Telegram through the API
threatcrowd Request the ThreatCrowd API
threatgrid Request Threat Grid API
threatminer Requests TreatMiner database https://www.threatminer.org/
tor Check if an IP is a Tor exit node listed in the public list
totalhash Request Total Hash API
twitter Requests Twitter API
umbrella Check if a domain is in Umbrella Top 1 million domains
update Update Harpoon data
urlhaus Request urlhaus.abuse.ch API
urlscan Search and submit urls to urlscan.io
vt Request Virus Total API
xforce Query IBM Xforce Exchange API
zetalytics Search in Zetalytics database
```
您可以通过 `harpoon help COMMAND` 获取每个命令的信息。
## 访问密钥
* [AlienVault OTX](https://otx.alienvault.com/)
* [BinaryEdge](https://www.binaryedge.io/)
* [Censys](https://censys.io/register)
* [CertSpotter](https://sslmate.com/certspotter/pricing):付费计划提供对已过期证书的搜索(个人观点意义不大,用 crtsh 或 censys 即可)。查询当前证书无需账户。
* [CIRCL Passive DNS](https://www.circl.lu/services/passive-dns/)
* [Farsight Dnsdb](https://www.farsightsecurity.com/dnsdb-community-edition/)
* [FullContact](https://dashboard.fullcontact.com/register)
* [GreyNoise](https://viz.greynoise.io/account):支持社区版和企业版 API。使用 `api_type` 配置设置来指定要使用的 API 类型。两者都需要 API 密钥才能工作。
* [Have I Been Pwned](https://haveibeenpwned.com/)
* [Hunter](https://hunter.io/users/sign_up)
* [Hybrid Analysis](https://www.hybrid-analysis.com/apikeys/info)
* [IBM Xforce Exchange](https://exchange.xforce.ibmcloud.com/settings/api)
* [ipinfo.io](https://ipinfo.io/)
* [IP2Location.io](https://www.ip2location.io/)
* [Koodous](https://koodous.com/)
* [MalShare](https://malshare.com/register.php)
* [NumVerify](https://numverify.com/)
* [OpenCage](https://opencagedata.com/)
* [PassiveTotal](https://community.riskiq.com/registration)
* [Permacc](https://perma.cc/)
* [PulseDive](https://pulsedive.com/)
* [Security Trails](https://securitytrails.com/)
* [Shodan](https://account.shodan.io/register)
* [SpyOnWeb](https://api.spyonweb.com/)
* Telegram:[创建一个应用程序](https://core.telegram.org/api/obtaining_api_id)
* [Total Hash](https://totalhash.cymru.com/contact-us/)
* [Twitter](https://developer.twitter.com/en/docs/ads/general/guides/getting-started)
* [UrlHaus](https://urlhaus.abuse.ch/api/#account)
* [UrlScan](https://urlscan.io/)
* Virus Total:对于公共版本,请创建一个账户并在[设置页面](https://www.virustotal.com/#/settings/apikey)获取 API 密钥。
* [Zetalytics](https://zetalytics.com/)
## 贡献者
感谢为改进 Harpoon 做出贡献的人们:[@jakubd](https://github.com/jakubd) [@marrouchi](https://github.com/marrouchi) [@grispan56](https://github.com/grispan56) [@christalib](https://github.com/christalib)
徽标设计归功于 [@euphoricfall](https://twitter.com/euphoricfall) 和 [PulseDive 团队](https://pulsedive.com/)。
## 许可证
此代码基于 [GPLv3](LICENSE) 许可证发布。标签:API集成, Elastic, Python, 可观测性, 地理定位, 威胁分析, 威胁情报, 开发者工具, 情报收集, 数据提取, 文档结构分析, 无后门, 漏洞研究, 网络安全, 自动化侦查工具, 逆向工具, 隐私保护