PS Banshee is a command line tool used to access Recorded Future Intelligence. PS Banshee is designed to get you working quickly with Recorded Future.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ebartosevic from gravatar.com ebartosevic Avatar for MoiseMedici from gravatar.com MoiseMedici

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Ernest Bartosevic
  • Maintainer: Moise Medici
  • Tags API , Recorded Future , Cyber Security Engineering , Threat Intelligence , command line tool , CLI , ioc enrichment
  • Requires: Python <3.14, >=3.9
  • Provides-Extra: dev , docs
Classifiers
Report project as malware

Project description

PS Banshee

PS Banshee is a command-line interface (CLI) tool designed to provide quick and efficient access to Recorded Future Intelligence. Built for security professionals, PS Banshee helps streamline investigations and automate common security operations tasks.

Key Features

  • IOC lookup and search
  • Packet capture (pcap) analysis
  • Recorded Future Alert search, lookup, and update
  • Recorded Future Detection Rules (YARA, Snort, Sigma) search and download
  • Recorded Future Entity search and lookup
  • Recorded Future List & Watch List management
  • Recorded Future Playbook Alert search, lookup, and update
  • Recorded Future Risk List download, and creation

Installation

PS Banshee is available on PyPI and can be installed using pip or pipx.

Note: PS Banshee requires Python 3.9 or later (up to 3.13).

Recommended: pipx (isolated environment)

To install globally, run:

pipx install ps-banshee

Note: If you don't have pipx installed, see the installation guide.

Alternative: pip (current environment)

To install in the current environment, run:

pip install ps-banshee

Dependencies

pipx will automatically resolve all Python dependencies.
If you want to use the pcap command, you will also need:

  • tshark 3.0.0 or later

Command Auto Completion

After installing PS Banshee, you can enable command auto completion:

banshee --install-completion

Restart your shell to complete the installation. You can now use TAB to auto-complete commands.

Usage

To see the list of available commands, run:

banshee -h

Authorization

PS Banshee requires a Recorded Future API key, which can be provided as the -k or --api-key argument, or set as the RF_TOKEN environment variable.

banshee -k <RF_TOKEN> <command> <sub-command> <arguments>

Proxies

If you are behind a proxy, set the HTTP_PROXY and HTTPS_PROXY environment variables.

To disable SSL verification, use the -s flag:

banshee -s ca rules

Command Help

All commands support the --help (-h) option:

banshee -h
banshee ca --help
banshee ioc lookup --help
banshee list bulk-add -h

Support

Submit a support request for help alternatively reach out to support@recordedfuture.com.

PS Banshee is developed and maintained by the Recorded Future Professional Services Cyber Security Engineers 🚀

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ebartosevic from gravatar.com ebartosevic Avatar for MoiseMedici from gravatar.com MoiseMedici

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Ernest Bartosevic
  • Maintainer: Moise Medici
  • Tags API , Recorded Future , Cyber Security Engineering , Threat Intelligence , command line tool , CLI , ioc enrichment
  • Requires: Python <3.14, >=3.9
  • Provides-Extra: dev , docs
Classifiers

Release history Release notifications | RSS feed

1.2.0

This version

1.1.3

1.1.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ps_banshee-1.1.3.tar.gz (63.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ps_banshee-1.1.3-py3-none-any.whl (96.0 kB view details)

Uploaded Python 3

File details

Details for the file ps_banshee-1.1.3.tar.gz.

File metadata

  • Download URL: ps_banshee-1.1.3.tar.gz
  • Upload date:
  • Size: 63.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for ps_banshee-1.1.3.tar.gz
Algorithm Hash digest
SHA256 cdb9993e7ee5ea7f343f5ddc3c905993010ead02efbfd2c41172dafad887c06b
MD5 0349fdef6ff342000bdaf8e077b92bcc
BLAKE2b-256 e995116224f415e031ebb6ca6245d043aad88efa5bec86ae482e311276669323

See more details on using hashes here.

Provenance

The following attestation bundles were made for ps_banshee-1.1.3.tar.gz:

Publisher: tag_and_release.yml on RecordedFuture-ProfessionalServices/ps-banshee

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ps_banshee-1.1.3-py3-none-any.whl.

File metadata

  • Download URL: ps_banshee-1.1.3-py3-none-any.whl
  • Upload date:
  • Size: 96.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for ps_banshee-1.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 2bf9008a667c444b493704a363221321675ee2ff08f0ceb01418344e7ece8ed6
MD5 d028d44d3fd60c87a037975bef278afc
BLAKE2b-256 c74d3402f78e7e277c09aa4126d832c05a215b604576cb0916493a159569681f

See more details on using hashes here.

Provenance

The following attestation bundles were made for ps_banshee-1.1.3-py3-none-any.whl:

Publisher: tag_and_release.yml on RecordedFuture-ProfessionalServices/ps-banshee

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page