Add GreyNoise IPv4 Lookups

[bradchiappetta]

We were curious if we would be able to help you include support for GreyNoise IPv4 lookups greynoise.io

We have both a Paid and Free (community) API that should provide valuable IPv4 context information on mass-internet scanning. With some guidance, we would be happy to help work/develop this addition to your product if needed.

Here are links to the API documentation: Paid API - https://docs.greynoise.io/reference/noisecontextip-1 Free API - https://docs.greynoise.io/reference/get_v3-community-ip

[cicakdinding01]

I dont mind helping to code up, but for repo update will need concurrence from cloudtracer.

Sent from ProtonMail mobile

-------- Original Message -------- On Aug 27, 2021, 9:57 PM, Brad Chiappetta wrote:

We were curious if we would be able to help you include support for GreyNoise IPv4 lookups greynoise.io

We have both a Paid and Free (community) API that should provide valuable IPv4 context information on mass-internet scanning. With some guidance, we would be happy to help work/develop this addition to your product if needed.

Here are links to the API documentation: Paid API - https://docs.greynoise.io/reference/noisecontextip-1 Free API - https://docs.greynoise.io/reference/get_v3-community-ip

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[cicakdinding01]

Using community API, below is the integration with GreyNoise Community API. The rest (e.g. Ping Service, IP Lookup, GNQL, Metadata) requires paid API, doable but will need to have a paid API to test out.

[chrome-extension://ljdgplocfnmnofbhpkjclbefmjoikgke/src/options/wizard.html?RL=eyJsb29rdXBOYW1lIjoiR3JleU5vaXNlX0lQdjQiLCJsb29rdXBWYXJpYWJsZSI6IkdSRVlOT0lTRV9JUFY0IiwibG9va3VwVHlwZSI6IklQVjQiLCJsb29rdXBVcmwiOiJodHRwczovL2FwaS5ncmV5bm9pc2UuaW8vdjMvY29tbXVuaXR5LyR7UElOQ0guSE9WRVJJVEVNfSIsImh0dHBIZWFkZXJzIjp7ImtleSI6ImJnNXVPMkV2d0FpbTYyREhZOTJ0d0U5WGhFS01CWWl4R2VyN0lkVnNSSEcydjZWcHlBaXpyZFhnVHlJTlZDM1UifSwiaHR0cFR5cGUiOiJHRVQiLCJkYXRhVHlwZSI6IkpTT04iLCJkYXRhU2NoZW1hIjp7IjBfR3JleU5vaXNlX0lQdjQiOnsidGl0bGUiOiJHcmV5Tm9pc2VfSVB2NCIsIm1hcHBpbmciOiIke1BJTkNILkxJTktVUkx9Iiwib3JkZXIiOjAsImxpbmtUaXRsZSI6IiR7UElOQ0guSE9WRVJJVEVNfSIsImxpbmtVcmwiOiJodHRwczovL3d3dy5ncmV5bm9pc2UuaW8vdml6L2lwLyR7UElOQ0guSE9WRVJJVEVNfSJ9LCIxX2lwIjp7InRpdGxlIjoiaXAiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5pcH0iLCJvcmRlciI6MX0sIjJfbm9pc2UiOnsidGl0bGUiOiJub2lzZSIsIm1hcHBpbmciOiIke1BJTkNILlJFU1BPTlNFLm5vaXNlfSIsIm9yZGVyIjoyfSwiM19yaW90Ijp7InRpdGxlIjoicmlvdCIsIm1hcHBpbmciOiIke1BJTkNILlJFU1BPTlNFLnJpb3R9Iiwib3JkZXIiOjN9LCI0X2NsYXNzaWZpY2F0aW9uIjp7InRpdGxlIjoiY2xhc3NpZmljYXRpb24iLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5jbGFzc2lmaWNhdGlvbn0iLCJvcmRlciI6NH0sIjVfbmFtZSI6eyJ0aXRsZSI6Im5hbWUiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5uYW1lfSIsIm9yZGVyIjo1fSwiNl9sYXN0X3NlZW4iOnsidGl0bGUiOiJsYXN0X3NlZW4iLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5sYXN0X3NlZW59Iiwib3JkZXIiOjZ9LCI3X2xpbmsiOnsidGl0bGUiOiJsaW5rIiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UubGlua30iLCJvcmRlciI6N30sIjhfbWVzc2FnZSI6eyJ0aXRsZSI6Im1lc3NhZ2UiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXNzYWdlfSIsIm9yZGVyIjo4fX0sImRpc2FibGVkIjpmYWxzZSwiaW9jcyI6ZmFsc2UsImF1dGhvcml6YXRpb25UeXBlIjoiREVGQVVMVCIsInJlcXVlc3RHcm91cCI6IklOVEVSTkVUIiwic2FtcGxlIjoiNTkuOTkuNDIuNzgiLCJvcmRlciI6NjJ9]

[image.png]

Raw code:

{

"lookupName": "GreyNoise_IPv4",

"lookupVariable": "GREYNOISE_IPV4",

"lookupType": "IPV4",

"lookupUrl":https://api.greynoise.io/v3/community/${PINCH.HOVERITEM},

"httpHeaders": {

"key": ""

},

"httpType": "GET",

"dataType": "JSON",

"dataSchema": {

"0_GreyNoise_IPv4": {

"title": "GreyNoise_IPv4",

"mapping": "${PINCH.LINKURL}",

"order": 0,

"linkTitle": "${PINCH.HOVERITEM}",

"linkUrl":https://www.greynoise.io/viz/ip/${PINCH.HOVERITEM}

},

"1_ip": {

"title": "ip",

"mapping": "${PINCH.RESPONSE.ip}",

"order": 1

},

"2_noise": {

"title": "noise",

"mapping": "${PINCH.RESPONSE.noise}",

"order": 2

},

"3_riot": {

"title": "riot",

"mapping": "${PINCH.RESPONSE.riot}",

"order": 3

},

"4_classification": {

"title": "classification",

"mapping": "${PINCH.RESPONSE.classification}",

"order": 4

},

"5_name": {

"title": "name",

"mapping": "${PINCH.RESPONSE.name}",

"order": 5

},

"6_last_seen": {

"title": "last_seen",

"mapping": "${PINCH.RESPONSE.last_seen}",

"order": 6

},

"7_link": {

"title": "link",

"mapping": "${PINCH.RESPONSE.link}",

"order": 7

},

"8_message": {

"title": "message",

"mapping": "${PINCH.RESPONSE.message}",

"order": 8

}

},

"disabled": false,

"iocs": false,

"authorizationType": "DEFAULT",

"requestGroup": "INTERNET",

"sample": "59.99.42.78",

"order": 999999

}

Regards,

Cicak Dinding E: @.***

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Friday, August 27th, 2021 at 9:57 PM, Brad Chiappetta @.***> wrote:

We were curious if we would be able to help you include support for GreyNoise IPv4 lookups greynoise.io

We have both a Paid and Free (community) API that should provide valuable IPv4 context information on mass-internet scanning. With some guidance, we would be happy to help work/develop this addition to your product if needed.

Here are links to the API documentation: Paid API - https://docs.greynoise.io/reference/noisecontextip-1 Free API - https://docs.greynoise.io/reference/get_v3-community-ip

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[bradchiappetta]

@cicakdinding01 : thanks for helping us put this together! In regards to our paid APIs, you can get a free 14-day trial just by creating an account (https://www.greynoise.io/viz/signup). Also, we would only want to include the look with our IP Context Lookup endpoint (https://docs.greynoise.io/reference/noisecontextip-1) as the rest of our endpoints wouldn't really make sense here. Thanks!

[cicakdinding01]

chrome-extension://ljdgplocfnmnofbhpkjclbefmjoikgke/src/options/wizard.html?RL=eyJsb29rdXBOYW1lIjoiR3JleU5vaXNlX0lQQ29udGV4dF9JUFY0IiwibG9va3VwVmFyaWFibGUiOiJHUkVZTk9JU0VfSVBDT05URVhUX0lQVjQiLCJsb29rdXBUeXBlIjoiSVBWNCIsImxvb2t1cFVybCI6Imh0dHBzOi8vYXBpLmdyZXlub2lzZS5pby92Mi9ub2lzZS9jb250ZXh0LyR7UElOQ0guSE9WRVJJVEVNfSIsImh0dHBIZWFkZXJzIjp7ImtleSI6ImJnNXVPMkV2d0FpbTYyREhZOTJ0d0U5WGhFS01CWWl4R2VyN0lkVnNSSEcydjZWcHlBaXpyZFhnVHlJTlZDM1UifSwiaHR0cFR5cGUiOiJHRVQiLCJkYXRhVHlwZSI6IkpTT04iLCJkYXRhU2NoZW1hIjp7IjBfR3JleU5vaXNlX0lQQ29udGV4dF9JUFY0Ijp7InRpdGxlIjoiR3JleU5vaXNlX0lQQ29udGV4dF9JUFY0IiwibWFwcGluZyI6IiR7UElOQ0guTElOS1VSTH0iLCJvcmRlciI6MCwibGlua1RpdGxlIjoiJHtQSU5DSC5IT1ZFUklURU19IiwibGlua1VybCI6Imh0dHBzOi8vYXBpLmdyZXlub2lzZS5pby92Mi9ub2lzZS9jb250ZXh0LyR7UElOQ0guSE9WRVJJVEVNfSJ9LCIxX2ZpcnN0X3NlZW4iOnsidGl0bGUiOiJmaXJzdF9zZWVuIiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UuZmlyc3Rfc2Vlbn0iLCJvcmRlciI6MX0sIjJfbGFzdF9zZWVuIjp7InRpdGxlIjoibGFzdF9zZWVuIiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UubGFzdF9zZWVufSIsIm9yZGVyIjoyfSwiM19zZWVuIjp7InRpdGxlIjoic2VlbiIsIm1hcHBpbmciOiIke1BJTkNILlJFU1BPTlNFLnNlZW59Iiwib3JkZXIiOjN9LCI0X1Z1bG5lcmFiaWxpdHkiOnsidGl0bGUiOiJWdWxuZXJhYmlsaXR5IiwibWFwcGluZyI6IiR7UElOQ0guTE9PUH0iLCJvcmRlciI6NCwianNvbnBhdGgiOiIkLnRhZ3NbOjEwXSIsImpzb25wYXRobG9vcCI6dHJ1ZSwiY29uZGl0aW9uIjoidHJ1ZSJ9LCI1X2FjdG9yIjp7InRpdGxlIjoiYWN0b3IiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5hY3Rvcn0iLCJvcmRlciI6NX0sIjZfc3Bvb2ZhYmxlIjp7InRpdGxlIjoic3Bvb2ZhYmxlIiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0Uuc3Bvb2ZhYmxlfSIsIm9yZGVyIjo2fSwiN19jbGFzc2lmaWNhdGlvbiI6eyJ0aXRsZSI6ImNsYXNzaWZpY2F0aW9uIiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UuY2xhc3NpZmljYXRpb259Iiwib3JkZXIiOjd9LCI4X1RhZ3MiOnsidGl0bGUiOiJUYWdzIiwibWFwcGluZyI6IiR7UElOQ0guTE9PUH0iLCJvcmRlciI6OCwianNvbnBhdGgiOiIkLmN2ZVs6MTBdIiwianNvbnBhdGhsb29wIjp0cnVlLCJjb25kaXRpb24iOiJ0cnVlIn0sIjlfYm90Ijp7InRpdGxlIjoiYm90IiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UuYm90fSIsIm9yZGVyIjo5fSwiMTBfdnBuIjp7InRpdGxlIjoidnBuIiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UudnBufSIsIm9yZGVyIjoxMH0sIjExX3Zwbl9zZXJ2aWNlIjp7InRpdGxlIjoidnBuX3NlcnZpY2UiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS52cG5fc2VydmljZX0iLCJvcmRlciI6MTF9LCIxMl9hc24iOnsidGl0bGUiOiJhc24iLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS5hc259Iiwib3JkZXIiOjEyfSwiMTNfY2l0eSI6eyJ0aXRsZSI6ImNpdHkiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS5jaXR5fSIsIm9yZGVyIjoxM30sIjE0X2NvdW50cnkiOnsidGl0bGUiOiJjb3VudHJ5IiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UubWV0YWRhdGEuY291bnRyeX0iLCJvcmRlciI6MTR9LCIxNV9jb3VudHJ5X2NvZGUiOnsidGl0bGUiOiJjb3VudHJ5X2NvZGUiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS5jb3VudHJ5X2NvZGV9Iiwib3JkZXIiOjE1fSwiMTZfb3JnYW5pemF0aW9uIjp7InRpdGxlIjoib3JnYW5pemF0aW9uIiwibWFwcGluZyI6IiR7UElOQ0guUkVTUE9OU0UubWV0YWRhdGEub3JnYW5pemF0aW9ufSIsIm9yZGVyIjoxNn0sIjE3X2NhdGVnb3J5Ijp7InRpdGxlIjoiY2F0ZWdvcnkiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS5jYXRlZ29yeX0iLCJvcmRlciI6MTd9LCIxOF90b3IiOnsidGl0bGUiOiJ0b3IiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS50b3J9Iiwib3JkZXIiOjE4fSwiMTlfcmRucyI6eyJ0aXRsZSI6InJkbnMiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS5yZG5zfSIsIm9yZGVyIjoxOX0sIjIwX29zIjp7InRpdGxlIjoib3MiLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS5vc30iLCJvcmRlciI6MjB9LCIyMV9yZWdpb24iOnsidGl0bGUiOiJyZWdpb24iLCJtYXBwaW5nIjoiJHtQSU5DSC5SRVNQT05TRS5tZXRhZGF0YS5yZWdpb259Iiwib3JkZXIiOjIxfSwiMjJfcG9ydCI6eyJ0aXRsZSI6InBvcnQiLCJtYXBwaW5nIjoiJHtQSU5DSC5MT09QLnBvcnR9Iiwib3JkZXIiOjIyLCJqc29ucGF0aCI6IiQucmF3X2RhdGEuc2Nhbls6MTBdIiwianNvbnBhdGhsb29wIjp0cnVlLCJjb25kaXRpb24iOiJ0cnVlIn19LCJkaXNhYmxlZCI6ZmFsc2UsImlvY3MiOmZhbHNlLCJhdXRob3JpemF0aW9uVHlwZSI6IkRFRkFVTFQiLCJyZXF1ZXN0R3JvdXAiOiJJTlRFUk5FVCIsInNhbXBsZSI6IjIwMi41MS4xMDkuNjYiLCJvcmRlciI6NjB9

[image.png]

{ "lookupName": "GreyNoise_IPContext_IPV4", "lookupVariable": "GREYNOISE_IPCONTEXT_IPV4", "lookupType": "IPV4", "lookupUrl": "https://api.greynoise.io/v2/noise/context/${PINCH.HOVERITEM}", "httpHeaders": { "key": "" }, "httpType": "GET", "dataType": "JSON", "dataSchema": { "0_GreyNoise_IPContext_IPV4": { "title": "GreyNoise_IPContext_IPV4", "mapping": "${PINCH.LINKURL}", "order": 0, "linkTitle": "${PINCH.HOVERITEM}", "linkUrl": "https://api.greynoise.io/v2/noise/context/${PINCH.HOVERITEM}" }, "1_first_seen": { "title": "first_seen", "mapping": "${PINCH.RESPONSE.first_seen}", "order": 1 }, "2_last_seen": { "title": "last_seen", "mapping": "${PINCH.RESPONSE.last_seen}", "order": 2 }, "3_seen": { "title": "seen", "mapping": "${PINCH.RESPONSE.seen}", "order": 3 }, "4_Vulnerability": { "title": "Vulnerability", "mapping": "${PINCH.LOOP}", "order": 4, "jsonpath": "$.tags[:10]", "jsonpathloop": true, "condition": "true" }, "5_actor": { "title": "actor", "mapping": "${PINCH.RESPONSE.actor}", "order": 5 }, "6_spoofable": { "title": "spoofable", "mapping": "${PINCH.RESPONSE.spoofable}", "order": 6 }, "7_classification": { "title": "classification", "mapping": "${PINCH.RESPONSE.classification}", "order": 7 }, "8_Tags": { "title": "Tags", "mapping": "${PINCH.LOOP}", "order": 8, "jsonpath": "$.cve[:10]", "jsonpathloop": true, "condition": "true" }, "9_bot": { "title": "bot", "mapping": "${PINCH.RESPONSE.bot}", "order": 9 }, "10_vpn": { "title": "vpn", "mapping": "${PINCH.RESPONSE.vpn}", "order": 10 }, "11_vpn_service": { "title": "vpn_service", "mapping": "${PINCH.RESPONSE.vpn_service}", "order": 11 }, "12_asn": { "title": "asn", "mapping": "${PINCH.RESPONSE.metadata.asn}", "order": 12 }, "13_city": { "title": "city", "mapping": "${PINCH.RESPONSE.metadata.city}", "order": 13 }, "14_country": { "title": "country", "mapping": "${PINCH.RESPONSE.metadata.country}", "order": 14 }, "15_country_code": { "title": "country_code", "mapping": "${PINCH.RESPONSE.metadata.country_code}", "order": 15 }, "16_organization": { "title": "organization", "mapping": "${PINCH.RESPONSE.metadata.organization}", "order": 16 }, "17_category": { "title": "category", "mapping": "${PINCH.RESPONSE.metadata.category}", "order": 17 }, "18_tor": { "title": "tor", "mapping": "${PINCH.RESPONSE.metadata.tor}", "order": 18 }, "19_rdns": { "title": "rdns", "mapping": "${PINCH.RESPONSE.metadata.rdns}", "order": 19 }, "20_os": { "title": "os", "mapping": "${PINCH.RESPONSE.metadata.os}", "order": 20 }, "21_region": { "title": "region", "mapping": "${PINCH.RESPONSE.metadata.region}", "order": 21 }, "22_port": { "title": "port", "mapping": "${PINCH.LOOP.port}", "order": 22, "jsonpath": "$.raw_data.scan[:10]", "jsonpathloop": true, "condition": "true" } }, "disabled": false, "iocs": false, "authorizationType": "DEFAULT", "requestGroup": "INTERNET", "sample": "202.51.109.66", "order": 60 }

Regards,

Cicak Dinding E: @.***

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Tuesday, August 31st, 2021 at 8:51 PM, Brad Chiappetta @.***> wrote:

@.***(https://github.com/cicakdinding01) : thanks for helping us put this together! In regards to our paid APIs, you can get a free 14-day trial just by creating an account (https://www.greynoise.io/viz/signup). Also, we would only want to include the look with our IP Context Lookup endpoint (https://docs.greynoise.io/reference/noisecontextip-1) as the rest of our endpoints wouldn't really make sense here. Thanks!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[Supriya-Maz]

Hi there - if you need developer access to GreyNoise, you can reach out to me community@greynose.io