initial commit

Author: hrbrmstr

DESCRIPTION

@@ -1,14 +1,16 @@
 Package: xforce
 Type: Package
-Title: xforce title goes here otherwise CRAN checks fail
+Title: Tools to Gather Threat Intelligence from 'IBM' 'X-Force'
 Version: 0.1.0
 Date: 2018-12-11
 Authors@R: c(
     person("Bob", "Rudis", email = "[email protected]", role = c("aut", "cre"), 
            comment = c(ORCID = "0000-0001-5670-2640"))
   )
 Maintainer: Bob Rudis <[email protected]>
-Description: A good description goes here otherwise CRAN checks fail.
+Description: The 'IBM' 'X-Force' portal has a corresponding 'API' (<https://api.xforce.ibmcloud.com/doc/#introduction>)
+    that provides access to threat intelligence for domains, hosts and 'IP' 
+    addresses. Tools are provided to query and manage this data.
 URL: https://gitlab.com/hrbrmstr/xforce
 BugReports: https://gitlab.com/hrbrmstr/xforce/issues
 Encoding: UTF-8
@@ -21,3 +23,4 @@ Depends:
 Imports:
     httr,
     jsonlite
+RoxygenNote: 6.1.1

NAMESPACE

@@ -1,4 +1,12 @@
 # Generated by roxygen2: do not edit by hand
 
+export(xforce_as_networks)
+export(xforce_ip_history)
+export(xforce_ip_malware)
+export(xforce_ip_report)
+export(xforce_resolve)
+export(xforce_url_malware)
+export(xforce_url_report)
+export(xforce_whois)
 import(httr)
 importFrom(jsonlite,fromJSON)

R/as-networks.R

@@ -0,0 +1,35 @@
+#' Get Networks Assigned to an Autonomous System Number
+#'
+#' @md
+#' @param asn Autonomous System Number
+#' @param api_key,api_password IBM X-Force API Key & Password. All `xforce`
+#'        API functions will look for these in the `XFORCE_API_KEY` and
+#'        `XFORCE_API_PASSWORD` environment variables. You can store these
+#'        in `~/.Renviron` and you can obtain them
+#'        [on the IBM X-Force Portal](https://exchange.xforce.ibmcloud.com/settings/api).
+#' @export
+#' @examples \donrun{
+#' xforce_as_networks("3131")
+#' }
+xforce_as_networks <- function(asn, api_key=Sys.getenv("XFORCE_API_KEY"),
+                               api_password=Sys.getenv("XFORCE_API_PASSWORD")) {
+
+  httr::GET(
+    url = sprintf("https://api.xforce.ibmcloud.com/ipr/asn/%s", asn),
+    httr::accept_json(),
+    httr::user_agent("R xforce package (https://github.com/hrbrmstr/xforce"),
+    httr::authenticate(
+      user = api_key,
+      password = api_password
+    )
+  ) -> res
+
+  httr::stop_for_status(res)
+
+  out <- httr::content(res, as = "text")
+
+  out <- jsonlite::fromJSON(out)
+
+  out
+
+}

R/dns.R

@@ -0,0 +1,35 @@
+#' Get DNS Records
+#'
+#' @md
+#' @param query IP address, domain name, or URL
+#' @param api_key,api_password IBM X-Force API Key & Password. All `xforce`
+#'        API functions will look for these in the `XFORCE_API_KEY` and
+#'        `XFORCE_API_PASSWORD` environment variables. You can store these
+#'        in `~/.Renviron` and you can obtain them
+#'        [on the IBM X-Force Portal](https://exchange.xforce.ibmcloud.com/settings/api).
+#' @export
+#' @examples \donrun{
+#' xforce_resolve("174.62.167.97")
+#' }
+xforce_resolve <- function(query, api_key=Sys.getenv("XFORCE_API_KEY"),
+                           api_password=Sys.getenv("XFORCE_API_PASSWORD")) {
+
+  httr::GET(
+    url = sprintf("https://api.xforce.ibmcloud.com/resolve/%s", query),
+    httr::accept_json(),
+    httr::user_agent("R xforce package (https://github.com/hrbrmstr/xforce"),
+    httr::authenticate(
+      user = api_key,
+      password = api_password
+    )
+  ) -> res
+
+  httr::stop_for_status(res)
+
+  out <- httr::content(res, as = "text")
+
+  out <- jsonlite::fromJSON(out)
+
+  out
+
+}

R/ip-history.R

@@ -0,0 +1,35 @@
+#' Get IP History
+#'
+#' @md
+#' @param ip IP address
+#' @param api_key,api_password IBM X-Force API Key & Password. All `xforce`
+#'        API functions will look for these in the `XFORCE_API_KEY` and
+#'        `XFORCE_API_PASSWORD` environment variables. You can store these
+#'        in `~/.Renviron` and you can obtain them
+#'        [on the IBM X-Force Portal](api_key=Sys.getenv("XFORCE_API_KEY")).
+#' @export
+#' @examples \donrun{
+#' xforce_ip_history("174.62.167.97")
+#' }
+xforce_ip_history <- function(ip, api_key=Sys.getenv("XFORCE_API_KEY"),
+                              api_password=Sys.getenv("XFORCE_API_PASSWORD")) {
+
+  httr::GET(
+    url = sprintf("https://api.xforce.ibmcloud.com/ipr/history/%s", ip),
+    httr::accept_json(),
+    httr::user_agent("R xforce package (https://github.com/hrbrmstr/xforce"),
+    httr::authenticate(
+      user = api_key,
+      password = api_password
+    )
+  ) -> res
+
+  httr::stop_for_status(res)
+
+  out <- httr::content(res, as = "text")
+
+  out <- jsonlite::fromJSON(out)
+
+  out
+
+}

R/ip-malware.R

@@ -0,0 +1,35 @@
+#' Get Malware Associated with the IP
+#'
+#' @md
+#' @param ip IP address
+#' @param api_key,api_password IBM X-Force API Key & Password. All `xforce`
+#'        API functions will look for these in the `XFORCE_API_KEY` and
+#'        `XFORCE_API_PASSWORD` environment variables. You can store these
+#'        in `~/.Renviron` and you can obtain them
+#'        [on the IBM X-Force Portal](https://exchange.xforce.ibmcloud.com/settings/api).
+#' @export
+#' @examples \donrun{
+#' xforce_ip_malware("174.62.167.97")
+#' }
+xforce_ip_malware <- function(ip, api_key=Sys.getenv("XFORCE_API_KEY"),
+                              api_password=Sys.getenv("XFORCE_API_PASSWORD")) {
+
+  httr::GET(
+    url = sprintf("https://api.xforce.ibmcloud.com/ipr/malware/%s", ip),
+    httr::accept_json(),
+    httr::user_agent("R xforce package (https://github.com/hrbrmstr/xforce"),
+    httr::authenticate(
+      user = api_key,
+      password = api_password
+    )
+  ) -> res
+
+  httr::stop_for_status(res)
+
+  out <- httr::content(res, as = "text")
+
+  out <- jsonlite::fromJSON(out)
+
+  out
+
+}

R/ip-report.R

@@ -3,12 +3,33 @@
 #' @md
 #' @param ip IP address
 #' @param api_key,api_password IBM X-Force API Key & Password. All `xforce`
-#'        API function will look for these in the `XFORCE_API_KEY` and
+#'        API functions will look for these in the `XFORCE_API_KEY` and
 #'        `XFORCE_API_PASSWORD` environment variables. You can store these
 #'        in `~/.Renviron` and you can obtain them
-#'        [on the IBM X-Force Portal](api_key=Sys.getenv("XFORCE_API_KEY")).
+#'        [on the IBM X-Force Portal](https://exchange.xforce.ibmcloud.com/settings/api).
 #' @export
+#' @examples \donrun{
+#' xforce_ip_report("174.62.167.97")
+#' }
 xforce_ip_report <- function(ip, api_key=Sys.getenv("XFORCE_API_KEY"),
                              api_password=Sys.getenv("XFORCE_API_PASSWORD")) {
 
+  httr::GET(
+    url = sprintf("https://api.xforce.ibmcloud.com/ipr/%s", ip),
+    httr::accept_json(),
+    httr::user_agent("R xforce package (https://github.com/hrbrmstr/xforce"),
+    httr::authenticate(
+      user = api_key,
+      password = api_password
+    )
+  ) -> res
+
+  httr::stop_for_status(res)
+
+  out <- httr::content(res, as = "text")
+
+  out <- jsonlite::fromJSON(out)
+
+  out
+
 }

R/url-malware.R

@@ -0,0 +1,35 @@
+#' Get Malware for URL
+#'
+#' @md
+#' @param url a URL
+#' @param api_key,api_password IBM X-Force API Key & Password. All `xforce`
+#'        API functions will look for these in the `XFORCE_API_KEY` and
+#'        `XFORCE_API_PASSWORD` environment variables. You can store these
+#'        in `~/.Renviron` and you can obtain them
+#'        [on the IBM X-Force Portal](https://exchange.xforce.ibmcloud.com/settings/api).
+#' @export
+#' @examples \donrun{
+#' xforce_url_malware("mediaget.com")
+#' }
+xforce_url_malware <- function(url, api_key=Sys.getenv("XFORCE_API_KEY"),
+                               api_password=Sys.getenv("XFORCE_API_PASSWORD")) {
+
+  httr::GET(
+    url = sprintf("https://api.xforce.ibmcloud.com/url/malware/%s", url),
+    httr::accept_json(),
+    httr::user_agent("R xforce package (https://github.com/hrbrmstr/xforce"),
+    httr::authenticate(
+      user = api_key,
+      password = api_password
+    )
+  ) -> res
+
+  httr::stop_for_status(res)
+
+  out <- httr::content(res, as = "text")
+
+  out <- jsonlite::fromJSON(out)
+
+  out
+
+}

R/url-report.R

@@ -0,0 +1,35 @@
+#' Get URL Report
+#'
+#' @md
+#' @param url a URL
+#' @param api_key,api_password IBM X-Force API Key & Password. All `xforce`
+#'        API functions will look for these in the `XFORCE_API_KEY` and
+#'        `XFORCE_API_PASSWORD` environment variables. You can store these
+#'        in `~/.Renviron` and you can obtain them
+#'        [on the IBM X-Force Portal](https://exchange.xforce.ibmcloud.com/settings/api).
+#' @export
+#' @examples \donrun{
+#' xforce_url_report("https://r-project.org/")
+#' }
+xforce_url_report <- function(url, api_key=Sys.getenv("XFORCE_API_KEY"),
+                              api_password=Sys.getenv("XFORCE_API_PASSWORD")) {
+
+  httr::GET(
+    url = sprintf("https://api.xforce.ibmcloud.com/url/%s", url),
+    httr::accept_json(),
+    httr::user_agent("R xforce package (https://github.com/hrbrmstr/xforce"),
+    httr::authenticate(
+      user = api_key,
+      password = api_password
+    )
+  ) -> res
+
+  httr::stop_for_status(res)
+
+  out <- httr::content(res, as = "text")
+
+  out <- jsonlite::fromJSON(out)
+
+  out
+
+}

R/whois.R

@@ -0,0 +1,35 @@
+#' Get WHOIS Information for a Host
+#'
+#' @md
+#' @param host host (domain) name
+#' @param api_key,api_password IBM X-Force API Key & Password. All `xforce`
+#'        API functions will look for these in the `XFORCE_API_KEY` and
+#'        `XFORCE_API_PASSWORD` environment variables. You can store these
+#'        in `~/.Renviron` and you can obtain them
+#'        [on the IBM X-Force Portal](https://exchange.xforce.ibmcloud.com/settings/api).
+#' @export
+#' @examples \donrun{
+#' xforce_ip_report("174.62.167.97")
+#' }
+xforce_whois <- function(host, api_key=Sys.getenv("XFORCE_API_KEY"),
+                         api_password=Sys.getenv("XFORCE_API_PASSWORD")) {
+
+  httr::GET(
+    url = sprintf("https://api.xforce.ibmcloud.com/whois/%s", host),
+    httr::accept_json(),
+    httr::user_agent("R xforce package (https://github.com/hrbrmstr/xforce"),
+    httr::authenticate(
+      user = api_key,
+      password = api_password
+    )
+  ) -> res
+
+  httr::stop_for_status(res)
+
+  out <- httr::content(res, as = "text")
+
+  out <- jsonlite::fromJSON(out)
+
+  out
+
+}