SilentPushCLI 1.3.0

Silent Push - Command Line Interface

SP - CLI

The Silent Push CLI (Command Line Interface)

• Requirements

• Installation

• Usage

  • Supported commands and sub-commands so far

  • Options

• Interactive mode

  • The load/unload command

• SPQL Commands

• Scripting

  • run_pyscript command

  • run_script command

  • Batch execution tips

• For Devs

  • Using the library

• Support

Requirements

• Python 3.9 or later with pip: https://www.python.org/downloads/
• Windows users only:
  • Microsoft Build Tools: https://visualstudio.microsoft.com/visual-cpp-build-tools/

Installation

python3 -m pip install SilentPushCLI

Linux and MacOS users

After installed, export your Silent Push API key to your terminal:

export SILENT_PUSH_API_KEY=YOUR-API-KEY

Windows Users

After installed, export your Silent Push API key to your terminal:

setx /m SILENT_PUSH_API_KEY YOUR-API-KEY

Restart your CMD - Command Prompt

Usage

Syntax:

sp COMMAND [SUB-COMMAND...] IOC [PARAMETER=VALUE...] [OPTION...]

Use the help verbose command to get a detailed list of the available commands:

sp help -v

Use the help flag on any command to get more details:

sp padns query a --help

Examples:

sp score ig.com
sp enrich ig.com -es
sp bulk_enrich ig.com x.com ibm.com -es
sp padns query a ig.com limit=2 sort=last_seen/- -t

Supported commands and sub-commands so far

• score
• enrich
• bulk_enrich
• padns
  • query
    • any
    • anyipv4
    • anyipv6
    • a
    • aaaa
    • cname
    • mx
    • ns
    • ptr4
    • ptr6
    • soa
    • txt
  • answer
    • a
    • aaaa
    • cname
    • mx
    • mxhash
    • ns
    • nshash
    • ptr4
    • ptr6
    • soa
    • soahash
    • txt
    • txthash
• spql (multiline commands)
  • feedsearch
  • websearch
• threatcheck
• bulk_threatcheck
• load
• unload

Options

• all commands
  • -j, --json: JSON output (default)
  • -c, --csv: CSV output
  • -t, --tsv: TSV output
  • -h, --help: show help
  • -v, --verbose: verbosity output
• enrich/bulk_enrich
  • -e, --explain: show details of data used to calculate the different scores in the response
  • -s, --scan_data: show details of data collected from host scanning

Interactive mode

We also have an interactive console, If you type 'sp' alone, it will enter the 'sp console' and you can type commands without preceding 'sp', example:

SP# score ig.com
{
  "domain": "ig.com",
  "sp_risk_score": 18,
  "sp_risk_score_explain": {
    "sp_risk_score_decider": "ns_reputation_score"
  }
}

SP# padns query a ig.com limit=1
{
  "records": [
    {
      "answer": "195.234.39.132",
      "count": 2681,
      "first_seen": "2021-04-17 03:47:18",
      "last_seen": "2024-08-16 12:11:22",
      "query": "ig.com",
      "type": "A"
    }
  ]
}

The load and unload command

This command gives you the ability of switching the console to a specific context and loading that group of commands. As an example, 'padns' contains various sub-commands, so you can do like:

SP# load padns
PADNS loaded
SP (PADNS)# query ns ig.com limit=1
{
  "records": [
    {
      "answer": "dns1.p09.nsone.net",
      "count": 5963,
      "first_seen": "2020-12-26 00:41:26",
      "last_seen": "2024-08-16 09:25:09",
      "nshash": "981275157feda43a53ff6d166de985ff",
      "query": "ig.com",
      "ttl": 172800,
      "type": "NS"
    }
  ]
}

SP (PADNS)# answer ns dns1.p09.nsone.net limit=1
{
  "records": [
    {
      "answer": "dns1.p09.nsone.net",
      "count": 138,
      "first_seen": "2024-01-27 21:23:33",
      "last_seen": "2024-08-16 13:42:25",
      "nshash": "9b484fe18c1a52f56775302e5be302f8",
      "query": "tumblersforyou.com",
      "ttl": 3600,
      "type": "NS"
    }
  ]
}

SP (PADNS)# unload padns
PADNS unloaded

You still can use any other command normally.

SPQL Commands

SPQL commands are multiline, since they can be quite complex. Use single quotes to span the query along the lines and use semicolon to finish it, example in interactive mode:

SP# websearch 'domain="ibm.com" 
  AND scan_date > "2025-01-01"' limit=2 -tv;
[
  {
    "HHV": "8c95d8a118b637509273f7a5d3",
    "adtech": {
      "ads_txt": false,
      "app_ads_txt": false,
      "sellers_json": false
    },
... (lots of results)

The same example but in a single line:

websearch 'domain="ibm.com" AND scan_date > "2025-01-01"' limit=2 -tv;

Scripting

run_pyscript command

There are 2 special commands for executing scripts using the 'sp' command, so you can easily use it in your projects, here's a simple python script example:

# my_script.py
result = app('score ibm.com -t')
print(result.data)

and this is how you can execute it:

sp run_pyscript my_script.py

run_script command

Also, you can create a file with batch commands one per line and easily execute them, let's suppose we have this file:

# my_script.txt
padns query mx ig.com limit=2
score ig.com -c 

and then you can execute this batch commands file with:

sp run_script my_script.txt

or you can simply redirect the input (like importing a database):

sp < my_script.txt

Batch execution tips

As you might know already, one of the greatest feature of shell scripting is the ability of loading batch parameters from files. Here's one idea for the bulk_enrich command:

cat to_enrich.txt | xargs sp bulk_enrich

Everything inside to_enrich.txt file will be treated as one parameter for the bulk_enrich command, don't mix domains with IPs though, since the command will depend on the type of enrichment being executed.

For Devs

Using the library

I you need to use the library on your own, here some examples:

from sp.main import main as sp

sp(['enrich ig.com'])
sp(['padns query ns ig.com limit=2'])

another way of doing the same

from sp.main import App
from sp.common.utils import AppFileManager

app = App(application_manager=AppFileManager('my app'))
app.onecmd_plus_hooks('enrich ig.com')
print(app.last_result)
app.onecmd_plus_hooks('padns query ns ig.com limit=2')
print(app.last_result)

Support

Don't hesitate to contact me at jorgeley@silentpush.com if you need any help