├── .gitignore
├── LICENSE
├── MANIFEST
├── README.md
├── cymon
    ├── __init__.py
    └── cymon.py
├── requirements.txt
├── setup.cfg
└── setup.py


/.gitignore:
--------------------------------------------------------------------------------
 1 | # Byte-compiled / optimized / DLL files
 2 | __pycache__/
 3 | *.py[cod]
 4 | 
 5 | # C extensions
 6 | *.so
 7 | 
 8 | # Distribution / packaging
 9 | .Python
10 | env/
11 | build/
12 | develop-eggs/
13 | dist/
14 | downloads/
15 | eggs/
16 | .eggs/
17 | lib/
18 | lib64/
19 | parts/
20 | sdist/
21 | var/
22 | *.egg-info/
23 | .installed.cfg
24 | *.egg
25 | 
26 | # PyInstaller
27 | #  Usually these files are written by a python script from a template
28 | #  before PyInstaller builds the exe, so as to inject date/other infos into it.
29 | *.manifest
30 | *.spec
31 | 
32 | # Installer logs
33 | pip-log.txt
34 | pip-delete-this-directory.txt
35 | 
36 | # Unit test / coverage reports
37 | htmlcov/
38 | .tox/
39 | .coverage
40 | .coverage.*
41 | .cache
42 | nosetests.xml
43 | coverage.xml
44 | *,cover
45 | 
46 | # Translations
47 | *.mo
48 | *.pot
49 | 
50 | # Django stuff:
51 | *.log
52 | 
53 | # Sphinx documentation
54 | docs/_build/
55 | 
56 | # PyBuilder
57 | target/
58 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2015 eSentire
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 
23 | 


--------------------------------------------------------------------------------
/MANIFEST:
--------------------------------------------------------------------------------
1 | # file GENERATED by distutils, do NOT edit
2 | setup.cfg
3 | setup.py
4 | cymon/__init__.py
5 | cymon/cymon.py
6 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # cymon-python
 2 | Python library for [Cymon.io](https://cymon.io/) APIs
 3 | 
 4 | ## Install
 5 | 
 6 | ```
 7 | pip install cymon
 8 | ```
 9 | 
10 | ## Examples
11 | 
12 | Without API authentication:
13 | 
14 | ```
15 | from cymon import Cymon
16 | api = Cymon()
17 | api.ip_events('185.27.134.165')
18 | ```
19 | 
20 | With API authentication:
21 | 
22 | ```
23 | from cymon import Cymon
24 | api = Cymon('A4HD6N0V3J357GM7D189V17Y0S')
25 | api.ip_domains('185.27.134.165')
26 | ```
27 | 
28 | ## Output
29 | 
30 | ```  
31 | {u'count': 4,
32 |  u'next': None,
33 |  u'previous': None,
34 |  u'results': [{u'created': u'2015-07-03T19:16:40',
35 |    u'description': u'Posted: 2015-07-03 21:16:07\nIDS Alerts: 0\nURLQuery Alerts: 1\nBlacklists: 0\nMalicious page URL: hxxp://hostingpl.base.pk/aol.php',
36 |    u'details_url': u'http://urlquery.net/report.php?id=1435950967981',
37 |    u'tag': u'malicious activity',
38 |    u'title': u'Malicious activity reported by urlquery.net',
39 |    u'updated': u'2015-07-03T19:16:40'},
40 |   {u'created': u'2015-03-01T18:11:19',
41 |    u'description': None,
42 |    u'details_url': None,
43 |    u'tag': u'malware',
44 |    u'title': u'Malware reported by Google SafeBrowsing',
45 |    u'updated': u'2015-03-01T18:11:19'},
46 |   {u'created': u'2015-02-28T19:48:16',
47 |    u'description': None,
48 |    u'details_url': u'http://app.webinspector.com/public/reports/show_website?result=2&site=http%3A%2F%2Fbymert1903.0fees.us',
49 |    u'tag': u'malicious activity',
50 |    u'title': u'Malicious website reported by app.webinspector.com',
51 |    u'updated': u'2015-02-28T19:48:16'},
52 |   {u'created': u'2015-02-23T14:32:10',
53 |    u'description': None,
54 |    u'details_url': None,
55 |    u'tag': u'malware',
56 |    u'title': u'Malware reported by AlienVault Reputation System',
57 |    u'updated': u'2015-02-23T14:32:10'}]}
58 | ```
59 | 
60 | ## Available methods
61 | 
62 | + ip_lookup()
63 | + ip_events()
64 | + ip_domains()
65 | + ip_urls()
66 | + ip_blacklist()
67 | + domain_lookup()
68 | + domain_blacklist()
69 | + url_lookup()


--------------------------------------------------------------------------------
/cymon/__init__.py:
--------------------------------------------------------------------------------
1 | from .cymon import Cymon
2 | __all__ = ['Cymon']


--------------------------------------------------------------------------------
/cymon/cymon.py:
--------------------------------------------------------------------------------
 1 | import json
 2 | import requests
 3 | from urllib import quote_plus
 4 | 
 5 | class Cymon(object):
 6 | 
 7 |     def __init__(self, auth_token=None, endpoint='https://cymon.io/api/nexus/v1'):
 8 |         self.endpoint = endpoint
 9 |         self.session = requests.Session()
10 |         self.session.headers = {
11 |             'content-type': 'application/json',
12 |             'accept': 'application/json',
13 |         }
14 |         if auth_token:
15 |             self.session.headers.update({'Authorization': 'Token {0}'.format(auth_token)})
16 | 
17 |     def get(self, method, params=None):
18 |         r = self.session.get(self.endpoint + method, params=params)
19 |         r.raise_for_status()
20 |         return r
21 | 
22 |     def post(self, method, params, headers=None):
23 |         r = self.session.post(self.endpoint + method, data=json.dumps(params), headers=headers)
24 |         r.raise_for_status()
25 |         return r
26 | 
27 |     def ip_lookup(self, ip_addr):
28 |         r = self.get('/ip/' + ip_addr)
29 |         return json.loads(r.text)
30 | 
31 |     def ip_events(self, ip_addr):
32 |         r = self.get('/ip/' + ip_addr + '/events')
33 |         return json.loads(r.text)
34 | 
35 |     def ip_domains(self, ip_addr):
36 |         r = self.get('/ip/' + ip_addr + '/domains')
37 |         return json.loads(r.text)
38 | 
39 |     def ip_urls(self, ip_addr):
40 |         r = self.get('/ip/' + ip_addr + '/urls')
41 |         return json.loads(r.text)
42 | 
43 |     def domain_lookup(self, name):
44 |         r = self.get('/domain/' + name)
45 |         return json.loads(r.text)
46 | 
47 |     def url_lookup(self, location):
48 |         r = self.get('/url/' + quote_plus(location))
49 |         return json.loads(r.text)
50 | 
51 |     def ip_blacklist(self, tag, days=1, limit=10, offset=0):
52 |         ''' supported tags: malware, botnet, spam, phishing, dnsbl, blacklist '''
53 |         r = self.get('/blacklist/ip/' + tag + '/?days=%d&limit=%d&offset=%d' %(days,limit,offset))
54 |         return json.loads(r.text)
55 | 
56 |     def domain_blacklist(self, tag, days=1, limit=10, offset=0):
57 |         ''' supported tags: malware, botnet, spam, phishing, dnsbl, blacklist '''
58 |         r = self.get('/blacklist/domain/' + tag + '/?days=%d&limit=%d&offset=%d' %(days,limit,offset))
59 |         return json.loads(r.text)
60 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | requests


--------------------------------------------------------------------------------
/setup.cfg:
--------------------------------------------------------------------------------
1 | [metadata]
2 | description-file = README.md


--------------------------------------------------------------------------------
/setup.py:
--------------------------------------------------------------------------------
 1 | from distutils.core import setup
 2 | 
 3 | setup(
 4 |     name='cymon',
 5 |     packages=['cymon'],
 6 |     version='0.1',
 7 |     description='API wrapper for Cymon.io',
 8 |     author='Roy Firestein',
 9 |     author_email='info@cymon.io',
10 |     url='https://github.com/eSentire/cymon-python',
11 |     download_url='https://github.com/eSentire/cymon-python/tarball/0.1',
12 |     keywords=['cymon', 'API', 'threat intelligence'],
13 |     classifiers=[],
14 |     requires=['requests']
15 | )
16 | 


--------------------------------------------------------------------------------