The Python script greynoise.py makes use of GreyNoise's public/alpha API to perform its operations.
- Python 3.5 or higher
- Have the Python packages
RequestsandPyYAMLinstalled
git clone https://github.com/marcusbakker/Greynoisepip install -r requirements.txt
The script has the following features:
- Query for all tags associated with a given IP or CIDR IP range:
-ip - Query all IPs/CIDR ranges within the provided file:
-f FILE, --file FILE - Get a list of all GreyNoise's current tags:
-l, --list - Get all IPs and its associated metadata for the provided tag:
-t TAG_ID, --tag TAG_ID - Identify the noise and add context on the noise in the provided CSV file. The output filename has 'greynoise_' as prefix. First argument should point to the CSV file and the second argument to the index value (starting at 1) at which the IP address is located in the CSV file.
--csv CSV_FILE IP_COLUMN_INDEX - Output the result to a file using the argument
-o FILE_LOCATION, --output FILE_LOCATION. Default file format is txt and other supported file formats are CSV and JSON:--format {txt,csv,json} - Hide results for IP addresses which have the status "unknown" using the argument:
-u, --hide-unknown - GreyNoise's response for an IP address is cached for 24 hours.
- Expire all entries within the IP cache:
--cache-expire - Set the IP cache timeout in seconds:
--cache-timeout SECONDS - The default cache timeout can be changed within
config.yamlusing the settingcache_timeout
- Expire all entries within the IP cache:
- Set an API key which enables you to receive more than 500 results per query:
-k KEY, --key KEY. The API key can also be permanently set withinconfig.yaml
The configuration file config.yaml contains the following three settings:
api_key: Permanently set an API key which enables you to receive more than 500 results per query.cache_timeout: Set the cache timeout in seconds. The default is 24 hours.tags: Adding or modifying GreyNoise's tag IDs and corresponding names.