Last active
August 8, 2019 17:26
-
-
Save Obsecurus/1ade7eb89fdd6b80afc29cf7426a6c82 to your computer and use it in GitHub Desktop.
GreyNoise Intelligence quick check of newline delimited IPs and output to CSV
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
display_usage() { | |
echo "Greynoise Multiline IP Processor" | |
echo -e "\nUsage: \n\t./gn_newline_multi.sh <gn_key> <input_file> <output_csv_file>" | |
} | |
if [ $# -le 2 ] | |
then | |
display_usage | |
exit 1 | |
fi | |
# Keep track of where we started | |
CWD=$(pwd) | |
# Cleanup previous result file if exists | |
rm -f $CWD/$3 | |
# Make temporary directory for split files | |
TMP_DIR=$(mktemp -d /tmp/gnmulti.XXXX) | |
#echo "Created temporary directory $TMP_DIR" | |
# Get input filename | |
JSON_BASE=$(basename $2) | |
# Copy input file to temporary directory | |
cp $2 $TMP_DIR | |
# Go to temporary directory | |
cd $TMP_DIR | |
# Chunk up by < 1000 ip files | |
split -l 999 $JSON_BASE ips_ | |
for f in ips_*; do | |
bn=$(basename $f) | |
# Convert newlines into JSON structure with ips key and drop the last result because of the final \n | |
jq -R -s -c 'split("\n")' < $f | tr -d '\\r' | jq -c '. |= {"ips": .[0:-1]}' > "${bn}.json" | |
done | |
# For each generated JSON file curl the API endpoint and append to the specified results CSV file | |
for jf in ips_*.json; do | |
curl -s -XGET -H "key: ${1}" -H "Content-Type: application/json" -d @${TMP_DIR}/${jf} https://api.greynoise.io/v2/noise/multi/quick | jq -r '(map(keys) | add | unique) as $cols | map(. as $row | $cols | map($row[.])) as $rows | $cols, $rows[] | @csv' >> $CWD/$3 | |
done | |
echo "Results saved to ${CWD}/${3}" | |
# Go back to where we started | |
cd $CWD | |
# Delete the temporary files | |
rm -rf $TMP_DIR | |
#echo "Deleted temporary directory $TMP_DIR" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment