PS Banshee is a command line tool used to access Recorded Future Intelligence. PS Banshee is designed to get you working quickly with Recorded Future.

Navigation

Verified details

These details have been verified by PyPI
Project links
Maintainers
Avatar for ebartosevic from gravatar.com ebartosevic Avatar for MoiseMedici from gravatar.com MoiseMedici

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Ernest Bartosevic
  • Maintainer: Moise Medici
  • Tags API , Recorded Future , Cyber Security Engineering , Threat Intelligence , command line tool , CLI , ioc enrichment
  • Requires: Python <3.14, >=3.9
  • Provides-Extra: dev , docs
Classifiers
Report project as malware

Project description

PS Banshee

PS Banshee is a command-line interface (CLI) tool designed to provide quick and efficient access to Recorded Future Intelligence. Built for security professionals, PS Banshee helps streamline investigations and automate common security operations tasks.

Table of Contents

Key Features

  • IOC lookup and search
  • Packet capture (pcap) analysis
  • Recorded Future Alert search, lookup, and update
  • Recorded Future Detection Rules (YARA, Snort, Sigma) search and download
  • Recorded Future Entity search and lookup
  • Recorded Future List & Watch List management
  • Recorded Future Playbook Alert search, lookup, and update
  • Recorded Future Risk List download, and creation

Installation

PS Banshee is available on PyPI and can be installed using pip or pipx.

Note: PS Banshee requires Python 3.9 or later (up to 3.13).

Recommended: pipx (isolated environment)

To install globally, run:

pipx install ps-banshee

Note: If you don't have pipx installed, see the installation guide.

Alternative: pip (current environment)

To install in the current environment, run:

pip install ps-banshee

Dependencies

pipx will automatically resolve all Python dependencies.
If you want to use the pcap command, you will also need:

  • tshark 3.0.0 or later

Command Auto Completion

After installing PS Banshee, you can enable command auto completion:

banshee --install-completion

Restart your shell to complete the installation. You can now use TAB to auto-complete commands.

Usage

To see the list of available commands, run:

banshee -h

Authorization

PS Banshee requires a Recorded Future API key, which can be provided as the -k or --api-key argument, or set as the RF_TOKEN environment variable.

banshee -k <RF_TOKEN> <command> <sub-command> <arguments>

Proxies

If you are behind a proxy, set the HTTP_PROXY and HTTPS_PROXY environment variables.

To disable SSL verification, use the -s flag:

banshee -s ca rules

Command Help

All commands support the --help (-h) option:

banshee -h
banshee ca --help
banshee ioc lookup --help
banshee list bulk-add -h

Support

Submit a support request for help alternatively reach out to support@recordedfuture.com.

PS Banshee is developed and maintained by the Recorded Future Professional Services Cyber Security Engineers 🚀

Project details

Verified details

These details have been verified by PyPI
Project links
Maintainers
Avatar for ebartosevic from gravatar.com ebartosevic Avatar for MoiseMedici from gravatar.com MoiseMedici

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Ernest Bartosevic
  • Maintainer: Moise Medici
  • Tags API , Recorded Future , Cyber Security Engineering , Threat Intelligence , command line tool , CLI , ioc enrichment
  • Requires: Python <3.14, >=3.9
  • Provides-Extra: dev , docs
Classifiers

Release history Release notifications | RSS feed

1.2.0

1.1.3

This version

1.1.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ps_banshee-1.1.2.tar.gz (63.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ps_banshee-1.1.2-py3-none-any.whl (96.0 kB view details)

Uploaded Python 3

File details

Details for the file ps_banshee-1.1.2.tar.gz.

File metadata

  • Download URL: ps_banshee-1.1.2.tar.gz
  • Upload date:
  • Size: 63.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for ps_banshee-1.1.2.tar.gz
Algorithm Hash digest
SHA256 6ffda24945dafbc754cd0d15e2c5ccce38cf52f10017a492d6db0cd36cb4f596
MD5 36b0a2cf3f5ba2396ac8297c7aab28e7
BLAKE2b-256 451bbabf6379c9717de10ec527d90dfdf922e1d0dc0851152eb0c3e7fce4e7a1

See more details on using hashes here.

Provenance

The following attestation bundles were made for ps_banshee-1.1.2.tar.gz:

Publisher: tag_and_release.yml on RecordedFuture-ProfessionalServices/ps-banshee

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ps_banshee-1.1.2-py3-none-any.whl.

File metadata

  • Download URL: ps_banshee-1.1.2-py3-none-any.whl
  • Upload date:
  • Size: 96.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for ps_banshee-1.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 0db7b55d4a28e62645d1d67eb834fbd89197cd5fad388b3688c400e822c45a1b
MD5 dcc0109e99d7022c27bdca2d4b4218da
BLAKE2b-256 8dc97d2309cfe58d0bbb812a47dda95c9d0dd3a84d92c48b8621e31a4a9ab346

See more details on using hashes here.

Provenance

The following attestation bundles were made for ps_banshee-1.1.2-py3-none-any.whl:

Publisher: tag_and_release.yml on RecordedFuture-ProfessionalServices/ps-banshee

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page