Class: PassiveTotal::API

Inherits:
Object
  • Object
show all
Defined in:
lib/passivetotal/api.rb

Overview

The API class wraps the PassiveTotal.org web API for all the verbs that it supports See api.passivetotal.org/api/docs/ for the API documentation.

Constant Summary collapse

TLDS =

The TLDS array helps the interface detect valid domains. This list was generated by parsing the NS records from a zone transfer of the root The same list could have been downloaded from data.iana.org/TLD/tlds-alpha-by-domain.txt

"abb,abbott,abogado,ac,academy,accenture,accountant,accountants,active,actor,ad,ads,adult,ae,aeg,aero,af,afl,ag,agency,ai,aig,airforce,al,allfinanz,alsace,am,amsterdam,an,android,ao,apartments,aq,aquarelle,ar,archi,army,arpa,as,asia,associates,at,attorney,au,auction,audio,auto,autos,aw,ax,axa,az,azure,ba,band,bank,bar,barclaycard,barclays,bargains,bauhaus,bayern,bb,bbc,bbva,bd,be,beer,berlin,best,bf,bg,bh,bharti,bi,bible,bid,bike,bing,bingo,bio,biz,bj,black,blackfriday,bloomberg,blue,bm,bmw,bn,bnl,bnpparibas,bo,boats,bond,boo,boutique,br,bradesco,bridgestone,broker,brother,brussels,bs,bt,budapest,build,builders,business,buzz,bv,bw,by,bz,bzh,ca,cab,cafe,cal,camera,camp,cancerresearch,canon,capetown,capital,caravan,cards,care,career,careers,cars,cartier,casa,cash,casino,cat,catering,cba,cbn,cc,cd,center,ceo,cern,cf,cfa,cfd,cg,ch,channel,chat,cheap,chloe,christmas,chrome,church,ci,cisco,citic,city,ck,cl,claims,cleaning,click,clinic,clothing,cloud,club,cm,cn,co,coach,codes,coffee,college,cologne,com,commbank,community,company,computer,condos,construction,consulting,contractors,cooking,cool,coop,corsica,country,coupons,courses,cr,credit,creditcard,cricket,crown,crs,cruises,cu,cuisinella,cv,cw,cx,cy,cymru,cyou,cz,dabur,dad,dance,date,dating,datsun,day,dclk,de,deals,degree,delivery,democrat,dental,dentist,desi,design,dev,diamonds,diet,digital,direct,directory,discount,dj,dk,dm,dnp,do,docs,dog,doha,domains,doosan,download,drive,durban,dvag,dz,earth,eat,ec,edu,education,ee,eg,email,emerck,energy,engineer,engineering,enterprises,epson,equipment,er,erni,es,esq,estate,et,eu,eurovision,eus,events,everbank,exchange,expert,exposed,express,fail,faith,fan,fans,farm,fashion,feedback,fi,film,finance,financial,firmdale,fish,fishing,fit,fitness,fj,fk,flights,florist,flowers,flsmidth,fly,fm,fo,foo,football,forex,forsale,foundation,fr,frl,frogans,fund,furniture,futbol,fyi,ga,gal,gallery,garden,gb,gbiz,gd,gdn,ge,gent,genting,gf,gg,ggee,gh,gi,gift,gifts,gives,gl,glass,gle,global,globo,gm,gmail,gmo,gmx,gn,gold,goldpoint,golf,goo,goog,google,gop,gov,gp,gq,gr,graphics,gratis,green,gripe,gs,gt,gu,guge,guide,guitars,guru,gw,gy,hamburg,hangout,haus,healthcare,help,here,hermes,hiphop,hitachi,hiv,hk,hm,hn,hockey,holdings,holiday,homedepot,homes,honda,horse,host,hosting,hoteles,hotmail,house,how,hr,ht,hu,ibm,icbc,icu,id,ie,ifm,il,im,immo,immobilien,in,industries,infiniti,info,ing,ink,institute,insure,int,international,investments,io,iq,ir,irish,is,it,iwc,java,jcb,je,jetzt,jewelry,jlc,jll,jm,jo,jobs,joburg,jp,juegos,kaufen,kddi,ke,kg,kh,ki,kim,kitchen,kiwi,km,kn,koeln,komatsu,kp,kr,krd,kred,kw,ky,kyoto,kz,la,lacaixa,land,lasalle,lat,latrobe,law,lawyer,lb,lc,lds,lease,leclerc,legal,lgbt,li,liaison,lidl,life,lighting,limited,limo,link,lk,loan,loans,lol,london,lotte,lotto,love,lr,ls,lt,ltda,lu,lupin,luxe,luxury,lv,ly,ma,madrid,maif,maison,management,mango,market,marketing,markets,marriott,mba,mc,md,me,media,meet,melbourne,meme,memorial,men,menu,mg,mh,miami,microsoft,mil,mini,mk,ml,mm,mma,mn,mo,mobi,moda,moe,monash,money,montblanc,mormon,mortgage,moscow,motorcycles,mov,movie,movistar,mp,mq,mr,ms,mt,mtn,mtpc,mu,museum,mv,mw,mx,my,mz,na,nadex,nagoya,name,navy,nc,ne,nec,net,netbank,network,neustar,new,news,nexus,nf,ng,ngo,nhk,ni,nico,ninja,nissan,nl,no,np,nr,nra,nrw,ntt,nu,nyc,nz,office,okinawa,om,omega,one,ong,onl,online,ooo,oracle,org,organic,osaka,otsuka,ovh,pa,page,panerai,paris,partners,parts,party,pe,pf,pg,ph,pharmacy,philips,photo,photography,photos,physio,piaget,pics,pictet,pictures,pink,pizza,pk,pl,place,play,plumbing,plus,pm,pn,pohl,poker,porn,post,pr,praxi,press,pro,prod,productions,prof,properties,property,ps,pt,pub,pw,py,qa,qpon,quebec,racing,re,realtor,recipes,red,redstone,rehab,reise,reisen,reit,ren,rent,rentals,repair,report,republican,rest,restaurant,review,reviews,rich,ricoh,rio,rip,ro,rocks,rodeo,rs,rsvp,ru,ruhr,run,rw,ryukyu,sa,saarland,sale,samsung,sandvik,sandvikcoromant,sap,sarl,saxo,sb,sc,sca,scb,schmidt,scholarships,school,schule,schwarz,science,scor,scot,sd,se,seat,sener,services,sew,sex,sexy,sg,sh,shiksha,shoes,show,shriram,si,singles,site,sj,sk,ski,sky,skype,sl,sm,sn,sncf,so,soccer,social,software,sohu,solar,solutions,sony,soy,space,spiegel,spreadbetting,sr,st,starhub,statoil,study,style,su,sucks,supplies,supply,support,surf,surgery,suzuki,sv,swatch,swiss,sx,sy,sydney,systems,sz,taipei,tatar,tattoo,tax,taxi,tc,td,team,tech,technology,tel,telefonica,temasek,tennis,tf,tg,th,thd,theater,tickets,tienda,tips,tires,tirol,tj,tk,tl,tm,tn,to,today,tokyo,tools,top,toray,toshiba,tours,town,toys,tr,trade,trading,training,travel,trust,tt,tui,tv,tw,tz,ua,ug,uk,university,uno,uol,us,uy,uz,va,vacations,vc,ve,vegas,ventures,versicherung,vet,vg,vi,viajes,video,villas,vision,vista,vistaprint,vlaanderen,vn,vodka,vote,voting,voto,voyage,vu,wales,walter,wang,watch,webcam,website,wed,wedding,weir,wf,whoswho,wien,wiki,williamhill,win,windows,wme,work,works,world,ws,wtc,wtf,xbox,xerox,xin,xn--1qqw23a,xn--30rr7y,xn--3bst00m,xn--3ds443g,xn--3e0b707e,xn--45brj9c,xn--45q11c,xn--4gbrim,xn--55qw42g,xn--55qx5d,xn--6frz82g,xn--6qq986b3xl,xn--80adxhks,xn--80ao21a,xn--80asehdb,xn--80aswg,xn--90a3ac,xn--90ais,xn--9et52u,xn--b4w605ferd,xn--c1avg,xn--cg4bki,xn--clchc0ea0b2g2a9gcd,xn--czr694b,xn--czrs0t,xn--czru2d,xn--d1acj3b,xn--d1alf,xn--estv75g,xn--fiq228c5hs,xn--fiq64b,xn--fiqs8s,xn--fiqz9s,xn--fjq720a,xn--flw351e,xn--fpcrj9c3d,xn--fzc2c9e2c,xn--gecrj9c,xn--h2brj9c,xn--hxt814e,xn--i1b6b1a6a2e,xn--imr513n,xn--io0a7i,xn--j1amh,xn--j6w193g,xn--kcrx77d1x4a,xn--kprw13d,xn--kpry57d,xn--kput3i,xn--l1acc,xn--lgbbat1ad8j,xn--mgb9awbf,xn--mgba3a4f16a,xn--mgbaam7a8h,xn--mgbab2bd,xn--mgbayh7gpa,xn--mgbbh1a71e,xn--mgbc0a9azcg,xn--mgberp4a5d4ar,xn--mgbpl2fh,xn--mgbx4cd0ab,xn--mxtq1m,xn--ngbc5azd,xn--node,xn--nqv7f,xn--nqv7fs00ema,xn--nyqy26a,xn--o3cw4h,xn--ogbpf8fl,xn--p1acf,xn--p1ai,xn--pgbs0dh,xn--q9jyb4c,xn--qcka1pmc,xn--rhqv96g,xn--s9brj9c,xn--ses554g,xn--unup4y,xn--vermgensberater-ctb,xn--vermgensberatung-pwb,xn--vhquv,xn--vuq861b,xn--wgbh1c,xn--wgbl6a,xn--xhq521b,xn--xkc2al3hye2a,xn--xkc2dl3a5ee0h,xn--y9a3aq,xn--yfro4i67o,xn--ygbi2ammx,xn--zfr164b,xxx,xyz,yachts,yandex,ye,yodobashi,yoga,yokohama,youtube,yt,za,zip,zm,zone,zuerich,zw".split(/,/)

Instance Method Summary collapse

Constructor Details

#initialize(username, apikey, endpoint = 'https://api.passivetotal.org/v2/') ⇒ API

initialize a new PassiveTotal::API object username: the email address associated with your PassiveTotal API key. apikey: is 64-hexcharacter string endpoint: base URL for the web service, defaults to api.passivetotal.org/v2/



31
32
33
34
35
36
37
38
 
# File 'lib/passivetotal/api.rb', line 31

def initialize(username, apikey, endpoint = 'https://api.passivetotal.org/v2/')
  unless apikey =~ /^[a-fA-F0-9]{64}$/
    raise ArgumentError.new("apikey must be a 64 character hex string")
  end
  @username = username
  @apikey = apikey
  @endpoint = endpoint
end

Instance Method Details

#accountObject

Account : Get account details your account.



41
42
43
 
# File 'lib/passivetotal/api.rb', line 41

def 
  get('account')
end

#account_historyObject Also known as: history

Account History : Get history associated with your account.



46
47
48
 
# File 'lib/passivetotal/api.rb', line 46

def 
  get('account/history')
end

#account_organizationObject Also known as: organization

Account organization : Get details about the organization your account is associated with.



54
55
56
 
# File 'lib/passivetotal/api.rb', line 54

def 
  get('account/organization')
end

#account_organization_teamstreamObject Also known as: teamstream

Account organization teamstream : Get the teamstream for the organization your account is associated with.



62
63
64
 
# File 'lib/passivetotal/api.rb', line 62

def 
  get('account/organization/teamstream')
end

#account_sources(source) ⇒ Object Also known as: sources

Account sources : Get source details for a specific source.



70
71
72
 
# File 'lib/passivetotal/api.rb', line 70

def (source)
  get('account/sources', {'source' => source})
end

#add_tag(query, tag) ⇒ Object

Add a user-tag to an IP or domain query: A domain or IP address to tag tag: Value used to tag query value. Should only consist of alphanumeric, underscores and hyphen values



182
183
184
185
186
 
# File 'lib/passivetotal/api.rb', line 182

def add_tag(query, tag)
  is_valid_with_error(__method__, [:ipv4, :domain], query)
  is_valid_with_error(__method__, [:tag], tag)
  post('actions/tags', { 'query' => query, 'tags' => [tag] })
end

#bulk_classification(query) ⇒ Object

Get the classification for a query in bulk query: An array of domains or IP address to query



215
216
217
218
219
220
221
222
223
224
225
226
227
 
# File 'lib/passivetotal/api.rb', line 215

def bulk_classification(query)
  if query.class != Array
    query = [query]
  end
  query.map do |q|
    is_valid_with_error(__method__, [:ipv4, :domain], q)
    if domain?(q)
      q = normalize_domain(q)
    end
    q
  end
  get_with_data('actions/bulk/classification', { 'query' => query })
end

#bulk_enrichment(query) ⇒ Object

Enrichment bulk : Enrich each of the given queries with metadata query: An array of domains or IP addresses to query



116
117
118
119
120
121
122
123
124
125
126
127
128
 
# File 'lib/passivetotal/api.rb', line 116

def bulk_enrichment(query)
  if query.class != Array
    query = [query]
  end
  query.map do |q|
    is_valid_with_error(__method__, [:ipv4, :domain], q)
    if domain?(q)
      q = normalize_domain(q)
    end
    q
  end
  get_with_data('enrichment/bulk', { 'query' => query })
end

#bulk_malware(query) ⇒ Object

malware bulk: get sample information based from domains query: An array of domains or IP addresses to query



386
387
388
389
390
391
392
393
394
395
396
397
398
 
# File 'lib/passivetotal/api.rb', line 386

def bulk_malware(query)
  if query.class != Array
    query = [query]
  end
  query.map do |q|
    is_valid_with_error(__method__, [:ipv4, :domain], q)
    if domain?(q)
      q = normalize_domain(q)
    end
    q
  end
  get_with_data('enrichment/bulk/malware', { 'query' => query })
end

#bulk_osint(query) ⇒ Object

osint bulk : Enrich each of the given queries with metadata query: An array of domains or IP addresses to query



142
143
144
145
146
147
148
149
150
151
152
153
154
 
# File 'lib/passivetotal/api.rb', line 142

def bulk_osint(query)
  if query.class != Array
    query = [query]
  end
  query.map do |q|
    is_valid_with_error(__method__, [:ipv4, :domain], q)
    if domain?(q)
      q = normalize_domain(q)
    end
    q
  end
  get_with_data('enrichment/bulk/osint', { 'query' => query })
end

#classification(query, set = nil) ⇒ Object

PassiveTotal uses the notion of classifications to highlight table rows a certain color based on how they have been rated. PassiveTotal::API#classification() queries if only one argument is given, and sets if both are given query: A domain or IP address to query



200
201
202
203
204
205
206
207
208
209
210
211
 
# File 'lib/passivetotal/api.rb', line 200

def classification(query, set=nil)
  is_valid_with_error(__method__, [:ipv4, :domain], query)
  if domain?(query)
    query = normalize_domain(query)
  end
  if set.nil?
    get('actions/classification', {'query' => query})
  else
    is_valid_with_error(__method__.to_s, [:classification], set)
    post('actions/classification', { 'query' => query, 'classification' => set })
  end
end

#components(query) ⇒ Object

PassiveTotal tracks some interesting metadata about a host query: a hostname or ip address



349
350
351
352
353
354
355
 
# File 'lib/passivetotal/api.rb', line 349

def components(query)
  is_valid_with_error(__method__, [:ipv4, :domain], query)
  if domain?(query)
    query = normalize_domain(query)
  end
  get('host-attributes/components', {'query' => query})
end

#dynamic(query, set = nil) ⇒ Object

PassiveTotal allows users to notate if a domain is associated with a dynamic DNS provider. PassiveTotal::API#dynamic() queries if only one argument is given, and sets if both are given query: A domain to query set: a boolean flag



252
253
254
255
256
257
258
259
260
261
 
# File 'lib/passivetotal/api.rb', line 252

def dynamic(query, set=nil)
  is_valid_with_error(__method__, [:domain], query)
  query = normalize_domain(query)
  if set.nil?
    get('actions/dynamic-dns', {'query' => query})
  else
    is_valid_with_error(__method__, [:bool], set)
    post('actions/dynamic-dns', { 'query' => query, 'status' => set })
  end
end

#enrichment(query) ⇒ Object Also known as: metadata

Enrichment : Enrich the given query with metadata query: A domain or IP address to query



103
104
105
106
107
108
109
 
# File 'lib/passivetotal/api.rb', line 103

def enrichment(query)
  is_valid_with_error(__method__, [:ipv4, :domain], query)
  if domain?(query)
    query = normalize_domain(query)
  end
  get('enrichment', {'query' => query})
end

#ever_compromised(query, set = nil) ⇒ Object Also known as: compromised

PassiveTotal allows users to notate if a domain or IP address have ever been compromised. These values aid in letting users know that a site may be benign, but it was used in an attack at some point in time. PassiveTotal::API#ever_compromised() queries if only one argument is given, and sets if both are given query: A domain or IP address to query set: a boolean flag



233
234
235
236
237
238
239
240
241
242
243
244
 
# File 'lib/passivetotal/api.rb', line 233

def ever_compromised(query, set=nil)
  is_valid_with_error(__method__, [:ipv4, :domain], query)
  if domain?(query)
    query = normalize_domain(query)
  end
  if set.nil?
    get('actions/ever-compromised', {'query' => query})
  else
    is_valid_with_error(__method__, [:bool], set)
    post('actions/ever-compromised', { 'query' => query, 'status' => set })
  end
end

#malware(query) ⇒ Object

malware: get sample information based from domain query: ip or domain



376
377
378
379
380
381
382
 
# File 'lib/passivetotal/api.rb', line 376

def malware(query)
  is_valid_with_error(__method__, [:ipv4, :domain], query)
  if domain?(query)
    query = normalize_domain(query)
  end
  get('enrichment/malware', {'query' => query})
end

#monitor(query, set = nil) ⇒ Object Also known as: monitoring, watching

PassiveTotal allows users to notate if an ip or domain is “monitored”. PassiveTotal::API#monitor() queries if only one argument is given, and sets if both are given query: A domain to query set: a boolean flag



267
268
269
270
271
272
273
274
275
276
277
278
 
# File 'lib/passivetotal/api.rb', line 267

def monitor(query, set=nil)
  is_valid_with_error(__method__, [:ipv4, :domain], query)
  if domain?(query)
    query = normalize_domain(query)
  end
  if set.nil?
    get('actions/monitor', {'query' => query})
  else
    is_valid_with_error(__method__, [:bool], set)
    post('actions/monitor', { 'query' => query, 'status' => set })
  end
end

#osint(query) ⇒ Object

osint: Get opensource intelligence data query: A domain or IP address to query



132
133
134
135
136
137
138
 
# File 'lib/passivetotal/api.rb', line 132

def osint(query)
  is_valid_with_error(__method__, [:ipv4, :domain], query)
  if domain?(query)
    query = normalize_domain(query)
  end
  get('enrichment/osint', {'query' => query})
end

#passive(query) ⇒ Object

Passive provides a complete passive DNS picture for a domain or IP address including first/last seen values, deconflicted values, sources used, unique counts and enrichment for all values. query: A domain or IP address to query



80
81
82
83
84
85
86
 
# File 'lib/passivetotal/api.rb', line 80

def passive(query)
  is_valid_with_error(__method__, [:ipv4, :domain], query)
  if domain?(query)
    query = normalize_domain(query)
  end
  get('dns/passive', {'query' => query})
end

#passive_unique(query) ⇒ Object Also known as: unique

Passive provides a complete passive DNS picture for a domain or IP address including first/last seen values, deconflicted values, sources used, unique counts and enrichment for all values. query: A domain or IP address to query



90
91
92
93
94
95
96
 
# File 'lib/passivetotal/api.rb', line 90

def passive_unique(query)
  is_valid_with_error(__method__, [:ipv4, :domain], query)
  if domain?(query)
    query = normalize_domain(query)
  end
  get('dns/passive/unique', {'query' => query})
end

#remove_tag(query, tag) ⇒ Object

Remove a user-tag to an IP or domain query: A domain or IP address to remove a tag from tag: Value used to tag query value. Should only consist of alphanumeric, underscores and hyphen values



191
192
193
194
195
 
# File 'lib/passivetotal/api.rb', line 191

def remove_tag(query, tag)
  is_valid_with_error(__method__, [:ipv4, :domain], query)
  is_valid_with_error(__method__, [:tag], tag)
  delete('actions/tags', { 'query' => query, 'tags' => [tag] })
end

#sinkhole(query, set = nil) ⇒ Object

PassiveTotal allows users to notate if an IP address is a known sinkhole. These values are shared globally with everyone in the platform. PassiveTotal::API#sinkhole() queries if only one argument is given, and sets if both are given query: An IP address to set as a sinkhole or not set: a boolean flag



288
289
290
291
292
293
294
295
296
 
# File 'lib/passivetotal/api.rb', line 288

def sinkhole(query, set=nil)
  is_valid_with_error(__method__, [:ipv4], query)
  if set.nil?
    get('actions/sinkhole', {'query' => query})
  else
    is_valid_with_error(__method__, [:bool], set)
    post('actions/sinkhole', { 'query' => query, 'status' => set })
  end
end

#ssl_certificate(query, field = nil) ⇒ Object

ssl_certificate: returns details about SSL certificates query: SHA-1 has to query, or, if field is set, a valid value for that field field: the certificate field to query upon

certificate fields: issuer_surname, subject_organizationName, issuer_country, issuer_organizationUnitName, fingerprint, subject_organizationUnitName, serialNumber, subject_emailAddress, subject_country, issuer_givenName, subject_commonName, issuer_commonName, issuer_stateOrProvinceName, issuer_province, subject_stateOrProvinceName, sha1, sslVersion, subject_streetAddress, subject_serialNumber, issuer_organizationName, subject_surname, subject_localityName, issuer_streetAddress, issuer_localityName, subject_givenName, subject_province, issuer_serialNumber, issuer_emailAddress



337
338
339
340
341
342
343
344
345
 
# File 'lib/passivetotal/api.rb', line 337

def ssl_certificate(query, field=nil)
  if field.nil?
    is_valid_with_error(__method__, [:hash], query)
    get('ssl-certificate', {'query' => query})
  else
    is_valid_with_error(__method__, [:ssl_field], field)
    get_params('ssl-certificate/search', { 'query' => query, 'field' => field })
  end
end

#ssl_certificate_history(query) ⇒ Object

PassiveTotal collects and provides SSL certificates as an enrichment point when possible. Beyond the certificate data itself, PassiveTotal keeps a record of the IP address of where the certificate was found and the time in which it was collected. query: A SHA-1 hash to query



328
329
330
331
 
# File 'lib/passivetotal/api.rb', line 328

def ssl_certificate_history(query)
  is_valid_with_error(__method__, [:ipv4, :hash], query)
  get('ssl-certificate/history', {'query' => query})
end

#subdomains(query) ⇒ Object

subdomains: Get subdomains using a wildcard query query: A domain with wildcard, e.g., *.passivetotal.org



158
159
160
 
# File 'lib/passivetotal/api.rb', line 158

def subdomains(query)
  get('enrichment/subdomains', {'query' => query})
end

#tags(query, set = nil) ⇒ Object

PassiveTotal uses three types of tags (user, global, and temporal) in order to provide context back to the user. query: A domain or IP address to query set: if supplied, adds a tag to an entity



302
303
304
305
306
307
308
309
310
311
312
313
 
# File 'lib/passivetotal/api.rb', line 302

def tags(query, set=nil)
  is_valid_with_error(__method__, [:ipv4, :domain], query)
  if domain?(query)
    query = normalize_domain(query)
  end
  if set.nil?
    get('actions/tags', {'query' => query})
  else
    is_valid_with_error(__method__, [:tag], set)
    post('actions/tag', { 'query' => query, 'tags' => [set] })
  end
end

#tags_search(query) ⇒ Object

Search Tags : Search for items based on tag value PassiveTotal uses three types of tags (user, global, and temporal) in order to provide context back to the user. query: A domain or IP address to query



318
319
320
321
322
323
324
 
# File 'lib/passivetotal/api.rb', line 318

def tags_search(query)
  is_valid_with_error(__method__, [:ipv4, :domain], query)
  if domain?(query)
    query = normalize_domain(query)
  end
  get('actions/tags/search', {'query' => query})
end

#trackers(query, type = nil) ⇒ Object

trackers: Get all tracking codes for a domain or IP address. query: ip or domain, or, if type is supplied, a valid tracker ID type: A valid tracker type to search:

tracker types: YandexMetricaCounterId, ClickyId, GoogleAnalyticsAccountNumber, NewRelicId, MixpanelId, GoogleAnalyticsTrackingId



361
362
363
364
365
366
367
368
369
370
371
372
 
# File 'lib/passivetotal/api.rb', line 361

def trackers(query, type=nil)
  if type.nil?
    is_valid_with_error(__method__, [:ipv4, :domain], query)
    if domain?(query)
      query = normalize_domain(query)
    end
    get('host-attributes/trackers', {'query' => query})
  else
    is_valid_with_error(__method__, [:tracker_type], type)
    get('trackers/search', {'query' => query, 'type' => type})
  end
end

#whois(query, field = nil) ⇒ Object

whois: Get WHOIS data for a domain or IP address query: ipv4, domain, or, if you specify a field, any value for that field field: field name to query if not the default ip/domain field

field names: domain, email, name, organization, address, phone, nameserver



166
167
168
169
170
171
172
173
174
175
176
177
 
# File 'lib/passivetotal/api.rb', line 166

def whois(query, field=nil)
  if field
    is_valid_with_error(__method__, [:whois_field], field)
    get('whois/search', {'field' => field, 'query' => query})
  else
    is_valid_with_error(__method__, [:ipv4, :domain], query)
    if domain?(query)
      query = normalize_domain(query)
    end
    get('whois', {'query' => query, 'compact_record' => 'false'})
  end
end