
# Created by: lucas.cueff[at]
# v0.92 :
# - manage new search APIs
# - code refactoring
# - fix file export for new categories and properties
# - manage proxy connection
# - manage API key storage with encryption in a config file
# - add paging feature on search and info functions
# - add tag filter
# v0.93 :
# - add local stat function
# Released on: 08/2018
# v0.94 :
# - manage new apis (ctl, sniffer, onionscan, md5)
# - use userinfos API to collect APIs and search filters
# - rewrite get-onyphe info function to simplify the code
# - update invoke-apionyphedatascan with only a single parameter
# v0.95 :
# - fix HTTP error on invoke-onyphe when no network is available
# - add datashot management
# - add function to export datashot to picture file
# - fix Get-OnypheInfoFromCSV
# - update Export-OnypheInfoToFile
#'(c) 2018-2019 - Distributed under Artistic Licence 2.0 ('

    commandline interface to use web service
    use-onyphe.psm1 module provides a commandline interface to web service.
    C:\PS> import-module use-onyphe.psm1

    Function Get-OnypheStatsFromObject {
    Get Some stats (count, total, min, max, average) for one or multiple properties of a onyphe result powershell object
    Get Some stats (count, total, min, max, average) for one or multiple properties of a onyphe result powershell object
    .PARAMETER inputobject
    -inputobject PSCustomObject{Onyphe result PSCustomObject}
    Onyphe object used for the stat
    .PARAMETER AdvancedFacets
    -AdvancedFacets ARRAY{list of onyphe objects' properties}
    Onyphe result object's property requested for the stat (results = on object per property requested)
    .PARAMETER Facets
    -Facets string{onyphe objects' property}
    Onyphe result object's property requested for the stat
       TypeName : System.Management.Automation.PSCustomObject
    Name MemberType Definition
    ---- ---------- ----------
    Equals Method bool Equals(System.Object obj)
    GetHashCode Method int GetHashCode()
    GetType Method type GetType()
    ToString Method string ToString()
    Average NoteProperty double Average=1
    Count NoteProperty int Count=10
    Max NoteProperty double Max=1
    Min NoteProperty double Min=1
    Stats NoteProperty Object[] Stats=System.Object[]
    Sum NoteProperty double Sum=10
    Search SynScan info and request stats for 'ip','port','tag' and 'organization' properties
    C:\PS> Search-OnypheInfo -AdvancedSearch @('country:FR','port:23','os:Linux') -SearchType synscan | Get-OnypheStatsFromObject -AdvancedFacets @('ip','port','tag','organization')
    Search SynScan info and request stats for 'ip' property
    C:\PS> $onypheobj = Search-OnypheInfo -AdvancedSearch @('country:FR','port:23','os:Linux') -SearchType synscan
    C:\PS> Get-OnypheStatsFromObject -Facets 'ip' -inputobject $onypheobj

    Param (
        [ValidateScript({(($_ | Get-Member | Select-Object -ExpandProperty TypeName -Unique) -eq 'System.Management.Automation.PSCustomObject')})]
        $ParameterNameFilter = 'Facets'
        $RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
        $AttributeCollection2 = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
        $ParameterAttribute2 = New-Object System.Management.Automation.ParameterAttribute
        $ParameterAttribute2.ValueFromPipeline = $false
        $ParameterAttribute2.ValueFromPipelineByPropertyName = $false
        $ParameterAttribute2.Mandatory = $false
        $arrSet =  Get-OnypheCliFacets
        $ValidateSetAttribute2 = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
        $RuntimeParameter2 = New-Object System.Management.Automation.RuntimeDefinedParameter($ParameterNameFilter, [string], $AttributeCollection2)
        $RuntimeParameterDictionary.Add($ParameterNameFilter, $RuntimeParameter2)
        return $RuntimeParameterDictionary
    Process {
        $Facets = $PsBoundParameters[$ParameterNameFilter]
        if (!$Facets -and !$AdvancedFacets) {
            Write-Verbose -Message "both AdvancedFacets and Facets options are empty, please use at least one of this parameter to set the facets to be used for the stats"
            throw "Please provide a valid facets option"
        $script:results = @()
        $script:TemplateFacetObject = new-object psobject -Property @{
            'Onyphe-Facet' = $null
            'Onyphe-Property-value' = $null
            'Onyphe-Property-Count' = $null
        If ($AdvancedFacets) {
            foreach ($facet in $AdvancedFacets) {
                $tmp = $inputobject.results."$($Facet)" | sort-object | get-unique
                $script:AllFacetObjects = @()
                foreach ($object in $tmp) {
                    $tmpobj = $script:TemplateFacetObject | Select-Object *
                    $tmpobj.'Onyphe-Property-value' = $object
                    if (($inputobject.results | Where-Object {$_."$($Facet)" -eq "$($object)"}).count) {
                        $tmpobj.'Onyphe-Property-Count' = ($inputobject.results | Where-Object {$_."$($Facet)" -eq "$($object)"}).count
                    } Else {
                        $tmpobj.'Onyphe-Property-Count' = 1
                    $tmpobj.'Onyphe-Facet' = $facet
                    $script:AllFacetObjects += $tmpobj
                $tmpmeasureobj = $script:AllFacetObjects.'Onyphe-Property-Count' | measure-object -Sum -Maximum -Minimum -Average
                $script:results += New-Object psobject -Property @{
                    Stats = $script:AllFacetObjects
                    Count = $tmpmeasureobj.Count
                    Sum = $tmpmeasureobj.Sum
                    Min = $tmpmeasureobj.Minimum
                    Max = $tmpmeasureobj.Maximum
                    Average = $tmpmeasureobj.Average
        } Else {
            $script:AllFacetObjects = @()
            $tmp = $inputobject.results."$($Facets)" | sort-object | get-unique
            foreach ($object in $tmp) {
                $tmpobj = $script:TemplateFacetObject | Select-Object *
                $tmpobj.'Onyphe-Property-value' = $object
                if (($inputobject.results | Where-Object {$_."$($Facets)" -eq "$($object)"}).count) {
                    $tmpobj.'Onyphe-Property-Count' = ($inputobject.results | Where-Object {$_."$($Facets)" -eq "$($object)"}).count
                } Else {
                    $tmpobj.'Onyphe-Property-Count' = 1
                $tmpobj.'Onyphe-Facet' = $Facets
                $script:AllFacetObjects += $tmpobj
            $tmpmeasureobj = $script:AllFacetObjects.'Onyphe-Property-Count' | measure-object -Sum -Maximum -Minimum -Average
            $script:results = New-Object psobject -Property @{
                Stats = $script:AllFacetObjects
                Count = $tmpmeasureobj.Count
                Sum = $tmpmeasureobj.Sum
                Min = $tmpmeasureobj.Minimum
                Max = $tmpmeasureobj.Maximum
                Average = $tmpmeasureobj.Average
    Function Get-OnypheInfoFromCSV {
    Get IP information from web service using as an input a CSV file containing all information
    get various ip data information from web service using as an input a csv file (; separator)
    .PARAMETER fromcsv
    -fromcsv string{full path to csv file}
    automate request for multiple IP request
    -APIKey string{APIKEY}
    set your APIKEY to be able to use Onyphe API.
    .PARAMETER csvdelimiter
    -csvdelimiter string{csv separator}
    set your csv separator. default is ;
    TypeName: System.Management.Automation.PSCustomObject
    count : 28
    error : 0
    myip :
    results : {@{@category=inetnum; @timestamp=2018-01-14T02:37:32.000Z; @type=ip; country=US; ipv6=false;
                    netname=EU-EDGECASTEU-20080602; seen_date=2018-01-14; source=RIPE; subnet=},
                    @{@category=inetnum; @timestamp=2018-01-14T02:37:32.000Z; @type=ip; country=EU;
                    information=System.Object[]; ipv6=false; netname=EDGECAST-NETBLK-03; seen_date=2018-01-14;
                    source=RIPE; subnet=}, @{@category=inetnum; @timestamp=2018-01-07T02:37:24.000Z;
                    @type=ip; country=US; ipv6=false; netname=EU-EDGECASTEU-20080602; seen_date=2018-01-07;
                    source=RIPE; subnet=}, @{@category=inetnum; @timestamp=2018-01-07T02:37:24.000Z;
                    @type=ip; country=EU; information=System.Object[]; ipv6=false; netname=EDGECAST-NETBLK-03;
                    seen_date=2018-01-07; source=RIPE; subnet=}...}
    status : ok
    took : 0.437
    total : 28
    cli-API_info : {inetnum}
    cli-API_input : {}
    cli-key_required : {True}
    cli-Request_Date : 14/01/2018 20:51:06
    Request info for several IP information from a csv formated file and your API key is already set as global variable
    C:\PS> Get-onypheinfo -fromcsv .\input.csv
    Request info for several IP information from a csv formated file and set the API key as global variable
    C:\PS> Get-onypheinfo -fromcsv .\input.csv -apikey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    Request info for several IP information from a csv formated file using ',' separator and set the API key as global variable
    C:\PS> Get-onypheinfo -fromcsv .\input.csv -apikey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -csvdelimiter ","

  Param (
      [ValidateScript({test-path "$($_)"})]
    process {
        $Script:Result = @()
        if ($APIKey) {
            Set-OnypheAPIKey -APIKEY $APIKey | out-null
        if (!$csvdelimiter) {$csvdelimiter = ";"}
        $FromcsvType = $fromcsv | Get-Member | Select-Object -ExpandProperty TypeName -Unique
        if (($FromcsvType -eq 'System.String') -and (test-path $fromcsv)) {
                $csvcontent = import-csv $fromcsv -delimiter $csvdelimiter
        } ElseIf (($FromcsvType -eq 'System.Management.Automation.PSCustomObject') -and $fromcsv.'API-Input') {
            $csvcontent = $fromcsv
        } Else {
            write-verbose -message "provide a valid csv file as input or valid System.Management.Automation.PSCustomObject object"
            write-verbose -message "please use the following column in your file : ip, searchtype, datascanstring"
            throw "please provide a valid csv file as input or valid System.Management.Automation.PSCustomObject object"
        $APISearchEntries = $csvcontent | where-object {$_.API -eq "Search"}
        foreach ($entry in $APISearchEntries) {
            if ($entry.'Search-Request' -contains "+") {
                $tmparray = $entry.'Search-Request'.split("+")
                $Script:Result += Search-OnypheInfo -AdvancedSearch $tmparray -SearchType $entry.'Search-Type' -wait 3
            } else {
                $Script:Result += Search-OnypheInfo -AdvancedSearch @($entry.'Search-Request') -SearchType $entry.'Search-Type' -wait 3
        $APIEntries = $csvcontent | where-object {$_.API -ne "Search"}
        foreach ($entry in $APIEntries) {
                $Script:Result += Get-OnypheInfo -searchtype $entry.API -SearchValue $entry.'API-Input' -wait 3
    Function Search-OnypheInfo {
     main function/cmdlet - Search for IP information on web service using search API
     main function/cmdlet - Search for IP information on web service using search API
     send HTTP request to web service and convert back JSON information to a powershell custom object
     .PARAMETER AdvancedSearch
     -AdvancedSearch ARRAY{filter:value,filter:value}
     Search with multiple criterias
     .PARAMETER SimpleSearchValue
     -SimpleSearchValue STRING{value}
     string to be searched with -SimpleSearchFilter parameter
     .PARAMETER SimpleSearchFilter
     -SimpleSearchFilter STRING{Get-OnypheSearchFilters}
     Filter to be used with string set with SimpleSearchValue parameter
     .PARAMETER SearchType
     -SearchType STRING{Get-OnypheSearchCategories}
     Search Type or Category
     -APIKey string{APIKEY}
     set your APIKEY to be able to use Onyphe API.
     .PARAMETER Page
     -page string{page number}
     go directly to a specific result page (1 to 1000)
     .PARAMETER Wait
     -Wait int{second}
     wait for x second before sending the request to manage rate limiting restriction
     TypeName: System.Management.Automation.PSCustomObject
     count : 32
     error : 0
     myip :
     results : {@{@category=geoloc; @timestamp=2017-12-20T13:43:12.000Z; @type=ip; asn=AS15169; city=; country=US;
                        country_name=United States; geolocation=37.7510,-97.8220; ip=; ipv6=false; latitude=37.7510;
                        longitude=-97.8220; organization=Google LLC; subnet=}, @{@category=inetnum;
                        @timestamp=1970-01-01T00:00:00.000Z; @type=ip; country=US; information=System.Object[];
                        netname=Undisclosed; seen_date=1970-01-01; source=Undisclosed; subnet=Undisclosed},
                        @{@category=pastries; @timestamp=2017-12-20T12:21:40.000Z; @type=pastebin; domain=System.Object[];
                        hostname=System.Object[]; ip=System.Object[]; key=cnRxq9LP; seen_date=2017-12-20},
                        @{@category=pastries; @timestamp=2017-12-20T09:35:16.000Z; @type=pastebin; domain=System.Object[];
                        hostname=System.Object[]; ip=System.Object[]; key=AjfnLBLE; seen_date=2017-12-20}...}
     status : ok
     took : 0.107
     total : 3556
     cli-API_info : ip
     cli-API_input : {}
     cli-key_required : True
     cli-Request_Date : 14/01/2018 20:45:08
     AdvancedSearch with multiple criteria/filters
     Search with datascan for all IP matching the criteria : Apache web server listening on 443 tcp port hosted on Windows
     C:\PS> Search-OnypheInfo -AdvancedSearch @("product:Apache","port:443","os:Windows") -SearchType datascan
     simple search with one filter/criteria
     Search with threatlist for all IP matching the criteria : all IP from russia tagged by threat lists
     C:\PS> Search-OnypheInfo -SimpleSearchValue RU -SearchType threatlist -SimpleSearchFilter country
     AdvancedSearch with multiple criteria/filters and set the API key
     Search with datascan for all IP matching the criteria : Apache web server listening on 443 tcp port hosted on Windows
     C:\PS> Search-OnypheInfo -AdvancedSearch @("product:Apache","port:443","os:Windows") -SearchType datascan -apikey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
     simple search with one filter/criteria and request page 2 of the results
     Search with threatlist for all IP matching the criteria : all IP from russia tagged by threat lists
     C:\PS> Search-OnypheInfo -SimpleSearchValue RU -SearchType threatlist -SimpleSearchFilter country -page "2"

         [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})]
         $ParameterNameType = 'SearchType'
         $RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
         $AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
         $ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute
         $ParameterAttribute.ValueFromPipeline = $false
         $ParameterAttribute.ValueFromPipelineByPropertyName = $false
         $ParameterAttribute.Mandatory = $true
         $ParameterAttribute.Position = 2
         $arrSet = Get-OnypheSearchCategories
         $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
         $RuntimeParameter = New-Object System.Management.Automation.RuntimeDefinedParameter($ParameterNameType, [string], $AttributeCollection)
         $RuntimeParameterDictionary.Add($ParameterNameType, $RuntimeParameter)
         $ParameterNameFilter = 'SimpleSearchFilter'
         $AttributeCollection2 = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
         $ParameterAttribute2 = New-Object System.Management.Automation.ParameterAttribute
         $ParameterAttribute2.ValueFromPipeline = $false
         $ParameterAttribute2.ValueFromPipelineByPropertyName = $false
         $ParameterAttribute2.Mandatory = $false
         $ParameterAttribute2.Position = 3
         $arrSet =  Get-OnypheSearchFilters
         $ValidateSetAttribute2 = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
         $RuntimeParameter2 = New-Object System.Management.Automation.RuntimeDefinedParameter($ParameterNameFilter, [string], $AttributeCollection2)
         $RuntimeParameterDictionary.Add($ParameterNameFilter, $RuntimeParameter2)
         return $RuntimeParameterDictionary
    Process {
        $SearchType = $PsBoundParameters[$ParameterNameType]
        $SearchFilter = $PsBoundParameters[$ParameterNameFilter]
        if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
        if ($wait) {start-sleep -s $wait}
        if ($AdvancedSearch) {
             $params = @{
                AdvancedSearch = $AdvancedSearch
                SearchType = $SearchType
        } else {
            $params = @{
                SimpleSearchValue = $SimpleSearchValue
                SearchType = $SearchType
                SimpleSearchFilter = $SearchFilter
        if ($Page) {
            $params.add('Page', $page)
        Invoke-APIOnypheSearch @params
    Function Get-OnypheInfo {
    main function/cmdlet - Get IP information from web service using dedicated subfunctions by searchtype
    main function/cmdlet - Get IP information from web service using dedicated subfunctions by searchtype
    send HTTP request to web service and convert back JSON information to a powershell custom object
    .PARAMETER myip
    look for information about my public IP
    .PARAMETER searchtype string (ctl,datascan,forward,geoloc,inetnum,ip,md5,myip,onionscan,pastries,resolver,reverse,sniffer,synscan,threatlist,forward,reverse)
    -SearchValue string -searchtype Inetnum -APIKey string{APIKEY}
    look for an ip address in onyphe database
    -SearchValue string -searchtype Threatlist -APIKey string{APIKEY}
    look for threat info about a specific IP in onyphe database.
    -SearchValue string -searchtype Pastries -APIKey string{APIKEY}
    look for an pastbin data about a specific IP in onyphe database.
    -SearchValue string -searchtype Synscan -APIKey string{APIKEY}
    look for open ports info for a specific IP in onyphe database.
    -SearchValue string -searchtype ip -APIKey string{APIKEY}
    get all information available for a specific IP in onyphe database.
    -APIKey string{APIKEY}
    set your APIKEY to be able to use Onyphe API.
    -page string{page number}
    go directly to a specific result page (1 to 1000)
    -Wait int{second}
    wait for x second before sending the request to manage rate limiting restriction
    TypeName: System.Management.Automation.PSCustomObject
    count : 32
    error : 0
    myip :
    results : {@{@category=geoloc; @timestamp=2017-12-20T13:43:12.000Z; @type=ip; asn=AS15169; city=; country=US;
                       country_name=United States; geolocation=37.7510,-97.8220; ip=; ipv6=false; latitude=37.7510;
                       longitude=-97.8220; organization=Google LLC; subnet=}, @{@category=inetnum;
                       @timestamp=1970-01-01T00:00:00.000Z; @type=ip; country=US; information=System.Object[];
                       netname=Undisclosed; seen_date=1970-01-01; source=Undisclosed; subnet=Undisclosed},
                       @{@category=pastries; @timestamp=2017-12-20T12:21:40.000Z; @type=pastebin; domain=System.Object[];
                       hostname=System.Object[]; ip=System.Object[]; key=cnRxq9LP; seen_date=2017-12-20},
                       @{@category=pastries; @timestamp=2017-12-20T09:35:16.000Z; @type=pastebin; domain=System.Object[];
                       hostname=System.Object[]; ip=System.Object[]; key=AjfnLBLE; seen_date=2017-12-20}...}
    status : ok
    took : 0.107
    total : 3556
    cli-API_info : ip
    cli-API_input : {}
    cli-key_required : True
    cli-Request_Date : 14/01/2018 20:45:08
    Request all information available for ip
    C:\PS> Get-OnypheInfo -searchtype ip -SearchValue "" -apikey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    Looking for my public ip address
    C:\PS> Get-OnypheInfo -myip
    Request geoloc information for ip
    C:\PS> Get-OnypheInfo -SearchValue "" -searchtype Geoloc
    Request dns reverse information for ip
    C:\PS> Get-OnypheInfo -SearchValue "" -searchtype Reverse -apikey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    request IIS keyword datascan information
    C:\PS> Get-OnypheInfo -searchtype DataScan -SearchValue "IIS" -apikey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    request datascan information for ip
    C:\PS> Get-OnypheInfo -SearchValue "" -searchtype DataScan -apikey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    Request pastebin content information for ip
    C:\PS> Get-OnypheInfo -SearchValue "" -searchtype Pastries -apikey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    Request pastebin content information for ip and see page 2 of results
    C:\PS> Get-OnypheInfo -SearchValue "" -searchtype Pastries -apikey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -page "2"
    Request dns forward information for ip
    C:\PS> Get-OnypheInfo -SearchValue "" -searchtype Forward -apikey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    Request threatlist information for ip
    C:\PS> Get-OnypheInfo -SearchValue "" -searchtype Threatlist -apikey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    Request inetnum information for ip
    C:\PS> Get-OnypheInfo -SearchValue "" -searchtype Inetnum -apikey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    Request synscan information for ip
    C:\PS> Get-OnypheInfo -SearchValue "" -searchtype SynScan -apikey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

  Param (
    [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})]
        $ParameterNameType = 'SearchType'
        $RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
        $AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
        $ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute
        $ParameterAttribute.ValueFromPipeline = $false
        $ParameterAttribute.ValueFromPipelineByPropertyName = $false
        $ParameterAttribute.Mandatory = $false
        $ParameterAttribute.Position = 2
        $arrSet =  Get-OnypheAPIName
        $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
        $RuntimeParameter = New-Object System.Management.Automation.RuntimeDefinedParameter($ParameterNameType, [string], $AttributeCollection)
        $RuntimeParameterDictionary.Add($ParameterNameType, $RuntimeParameter)
        return $RuntimeParameterDictionary
    process {
        $SearchType = $PsBoundParameters[$ParameterNameType]
        if (!($SearchType -and $SearchValue)) {
            throw "Please provide a valid searchvalue and search type parameters"
        if ($wait) {start-sleep -s $wait}
        if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
        if ($Page) {$params.add('Page', $page)}
        If ($MyIP.IsPresent -eq $true) {
        } elseIf ($searchtype) {
                if ($SearchValue) {
                    if (test-path function:\"Invoke-APIOnyphe$($Searchtype)") {
                        invoke-expression "Invoke-APIOnyphe$($Searchtype) $($SearchValue)"
                    } else {
                        throw "API $($Searchtype) not implemented yet in this version of Use-Onyphe pwsh module"
                } else {
                    throw "-SearchValue parameter must be used with -Searchtype"
    Function Get-OnypheUserInfo {
     main function/cmdlet - Get user account information (rate limiting status, requests remaining in pool...) from web service
     main function/cmdlet - Get user account information (rate limiting status, requests remaining in pool...) from web service
     send HTTP request to web service and convert back JSON information to a powershell custom object
     -APIKey string{APIKEY}
     set your APIKEY to be able to use Onyphe API.
     .PARAMETER Wait
     -Wait int{second}
     wait for x second before sending the request to manage rate limiting restriction
     TypeName: System.Management.Automation.PSCustomObject
    Name MemberType Definition
    ---- ---------- ----------
    Equals Method bool Equals(System.Object obj)
    GetHashCode Method int GetHashCode()
    GetType Method type GetType()
    ToString Method string ToString()
    cli-API_info NoteProperty string[] cli-API_info=System.String[]
    cli-API_input NoteProperty string[] cli-API_input=System.String[]
    cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
    cli-Request_Date NoteProperty datetime cli-Request_Date=23/01/2018 11:33:17
    count NoteProperty int count=1
    error NoteProperty int error=0
    myip NoteProperty string myip=
    results NoteProperty Object[] results=System.Object[]
    status NoteProperty string status=ok
    took NoteProperty string took=0.001
    total NoteProperty int total=1
    get user account info for api key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx and set the api key
    C:\PS> Get-OnypheUserInfo -APIKey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    get user account info for api key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx already set as global variable
    C:\PS> Get-OnypheUserInfo

   Param (
    process {
        if ($wait) {start-sleep -s $wait}
        if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
    Function Invoke-APIOnypheUser {
      create several input for Invoke-Onyphe function and then call it to get the user account info from user API
      create several input for Invoke-Onyphe function and then call it to get the user account info from user API
      -APIKey string{APIKEY}
      Set APIKEY as global variable.
         TypeName : System.Management.Automation.PSCustomObject
        Name MemberType Definition
        ---- ---------- ----------
        Equals Method bool Equals(System.Object obj)
        GetHashCode Method int GetHashCode()
        GetType Method type GetType()
        ToString Method string ToString()
        cli-API_info NoteProperty string[] cli-API_info=System.String[]
        cli-API_input NoteProperty string[] cli-API_input=System.String[]
        cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
        cli-Request_Date NoteProperty datetime cli-Request_Date=23/01/2018 11:33:17
        count NoteProperty int count=1
        error NoteProperty int error=0
        myip NoteProperty string myip=
        results NoteProperty Object[] results=System.Object[]
        status NoteProperty string status=ok
        took NoteProperty string took=0.001
        total NoteProperty int total=1
      get user account info for api key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx and set the api key
      C:\PS> Invoke-APIOnypheUser -APIKey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
      get user account info for api key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx already set as global variable
      C:\PS> Invoke-APIOnypheUser

    Param ( 
      Process {
        if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
            $params = @{
                request = "user/"
                APIInfo = "user"
                APIInput = "none"
                APIKeyrequired = $true
            Write-Verbose -message "URL Info : $($params.request)"  
            Invoke-Onyphe @params
    Function Invoke-APIOnypheInetnum {
    create several input for Invoke-Onyphe function and then call it to get the inetnum info from inetnum API
    create several input for Invoke-Onyphe function and then call it to get the inetnum info from inetnum API
    -IP string{IP}
    IP to be used for the geoloc API usage
    -APIKey string{APIKEY}
    Set APIKEY as global variable.
    -page string{page number}
    go directly to a specific result page (1 to 1000)
       TypeName : System.Management.Automation.PSCustomObject
    Name MemberType Definition
    ---- ---------- ----------
    Equals Method bool Equals(System.Object obj)
    GetHashCode Method int GetHashCode()
    GetType Method type GetType()
    ToString Method string ToString()
    cli-API_info NoteProperty string[] cli-API_info=System.String[]
    cli-API_input NoteProperty string[] cli-API_input=System.String[]
    cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
    cli-Request_Date NoteProperty datetime cli-Request_Date=14/01/2018 20:47:39
    count NoteProperty int count=1
    error NoteProperty int error=0
    myip NoteProperty string myip=
    results NoteProperty Object[] results=System.Object[]
    status NoteProperty string status=ok
    took NoteProperty string took=0.001305
    total NoteProperty int total=1
    count : 28
    error : 0
    myip :
    results : {@{@category=inetnum; @timestamp=2018-01-14T02:37:32.000Z; @type=ip; country=US; ipv6=false;
                    netname=EU-EDGECASTEU-20080602; seen_date=2018-01-14; source=RIPE; subnet=},
                    @{@category=inetnum; @timestamp=2018-01-14T02:37:32.000Z; @type=ip; country=EU;
                    information=System.Object[]; ipv6=false; netname=EDGECAST-NETBLK-03; seen_date=2018-01-14;
                    source=RIPE; subnet=}, @{@category=inetnum; @timestamp=2018-01-07T02:37:24.000Z;
                    @type=ip; country=US; ipv6=false; netname=EU-EDGECASTEU-20080602; seen_date=2018-01-07;
                    source=RIPE; subnet=}, @{@category=inetnum; @timestamp=2018-01-07T02:37:24.000Z;
                    @type=ip; country=EU; information=System.Object[]; ipv6=false; netname=EDGECAST-NETBLK-03;
                    seen_date=2018-01-07; source=RIPE; subnet=}...}
    status : ok
    took : 1.314
    total : 28
    cli-API_info : {inetnum}
    cli-API_input : {}
    cli-key_required : {True}
    cli-Request_Date : 14/01/2018 20:45:08
    get inetnum info for subnet
    C:\PS> Invoke-APIOnypheInetnum -IP
    get inetnum info for subnet and set the api key
    C:\PS> Invoke-APIOnypheInetnum -IP -APIKey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

  Param (
    [ValidateScript({($_ -match "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])") -or ($_ -match "s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?")})]
  [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})]
    Process {
        if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
        $params = @{
            request = "inetnum/$($IP)"
            APIInfo = "inetnum"
            APIInput = @("$($IP)")
            APIKeyrequired = $true
        if ($page) {$params.add('page',$page)}
        Write-Verbose -message "URL Info : $($params.request)"
        Invoke-Onyphe @params
    Function Invoke-APIOnyphePastries {
    create several input for Invoke-Onyphe function and then call it to get the pastries (pastebin) info from pastries API
    create several input for Invoke-Onyphe function and then call it to get the pastries (pastebin) info from pastries API
    -IP string{IP}
    IP to be used for the pastries API usage
    -APIKey string{APIKEY}
    Set APIKEY as global variable.
    -page string{page number}
    go directly to a specific result page (1 to 1000)
       TypeName : System.Management.Automation.PSCustomObject
    Name MemberType Definition
    ---- ---------- ----------
    Equals Method bool Equals(System.Object obj)
    GetHashCode Method int GetHashCode()
    GetType Method type GetType()
    ToString Method string ToString()
    cli-API_info NoteProperty string[] cli-API_info=System.String[]
    cli-API_input NoteProperty string[] cli-API_input=System.String[]
    cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
    cli-Request_Date NoteProperty datetime cli-Request_Date=14/01/2018 20:47:39
    count NoteProperty int count=1
    error NoteProperty int error=0
    myip NoteProperty string myip=
    results NoteProperty Object[] results=System.Object[]
    status NoteProperty string status=ok
    took NoteProperty string took=0.001305
    total NoteProperty int total=1
    count : 100
    error : 0
    myip :
    results : {@{@category=pastries; @timestamp=2018-01-14T06:24:45.000Z; @type=pastebin; domain=System.Object[]
                    hostname=System.Object[]; ip=System.Object[]; key=4AVhGheK; seen_date=2018-01-14},
                    @{@category=pastries; @timestamp=2018-01-14T06:24:08.000Z; @type=pastebin; domain=System.Object[];
                    hostname=System.Object[]; ip=System.Object[]; key=g6Tm4CaF; seen_date=2018-01-14},
                    @{@category=pastries; @timestamp=2018-01-14T01:51:29.000Z; @type=pastebin; domain=System.Object[];
                    hostname=System.Object[]; ip=System.Object[]; key=qB6HvymP; seen_date=2018-01-14},
                    @{@category=pastries; @timestamp=2018-01-14T00:57:35.000Z; @type=pastebin; domain=System.Object[];
                    hostname=System.Object[]; ip=System.Object[]; key=138rguxt; seen_date=2018-01-14}...}
    status : ok
    took : 0.086
    total : 3043
    cli-API_info : {patries}
    cli-API_input : {}
    cli-key_required : {True}
    cli-Request_Date : 14/01/2018 20:45:08
    get all pastries info for IP
    C:\PS> Invoke-APIOnyphePastries -IP
    get all pastries info for IP and set the api key
    C:\PS> Invoke-APIOnyphePastries -IP -APIKey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

  Param (
    [ValidateScript({($_ -match "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])") -or ($_ -match "s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?")})]
  [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})]
    Process {
        if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
        $params = @{
            request = "pastries/$($IP)"
            APIInfo = "patries"
            APIInput = @("$($IP)")
            APIKeyrequired = $true
        if ($page) {$params.add('page',$page)}
        Write-Verbose -message "URL Info : $($params.request)"
        Invoke-Onyphe @params
    Function Invoke-APIOnypheSynScan {
    create several input for Invoke-Onyphe function and then call it to get the syn scan info from synscan API
    create several input for Invoke-Onyphe function and then call it to get the syn scan info from synscan API
    -IP string{IP}
    IP to be used for the geoloc API usage
    -APIKey string{APIKEY}
    Set APIKEY as global variable.
    -page string{page number}
    go directly to a specific result page (1 to 1000)
       TypeName : System.Management.Automation.PSCustomObject
    Name MemberType Definition
    ---- ---------- ----------
    Equals Method bool Equals(System.Object obj)
    GetHashCode Method int GetHashCode()
    GetType Method type GetType()
    ToString Method string ToString()
    cli-API_info NoteProperty string[] cli-API_info=System.String[]
    cli-API_input NoteProperty string[] cli-API_input=System.String[]
    cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
    cli-Request_Date NoteProperty datetime cli-Request_Date=14/01/2018 20:47:39
    count NoteProperty int count=1
    error NoteProperty int error=0
    myip NoteProperty string myip=
    results NoteProperty Object[] results=System.Object[]
    status NoteProperty string status=ok
    took NoteProperty string took=0.001305
    total NoteProperty int total=1
    count : 76
    error : 0
    myip :
    results : {@{@category=synscan; @timestamp=2017-11-26T23:47:45.000Z; @type=port-53; asn=AS15169; country=US;
                    ip=; location=37.7510,-97.8220; organization=Google LLC; os=Linux; port=53;
                    seen_date=2017-11-26}, @{@category=synscan; @timestamp=2017-11-26T22:47:46.000Z; @type=port-53;
                    asn=AS15169; country=US; ip=; location=37.7510,-97.8220; organization=Google LLC; os=Linux;
                    port=53; seen_date=2017-11-26}, @{@category=synscan; @timestamp=2017-11-26T22:47:42.000Z;
                    @type=port-53; asn=AS15169; country=US; ip=; location=37.7510,-97.8220; organization=Google
                    LLC; os=Linux; port=53; seen_date=2017-11-26}, @{@category=synscan;
                    @timestamp=2017-11-26T22:47:31.000Z; @type=port-53; asn=AS15169; country=US; ip=;
                    location=37.7510,-97.8220; organization=Google LLC; os=Linux; port=53; seen_date=2017-11-26}...}
    status : ok
    took : 0.029
    total : 76
    cli-API_info : {synscan}
    cli-API_input : {}
    cli-key_required : {True}
    cli-Request_Date : 14/01/2018 20:45:08
    get syn scan info for IP
    C:\PS> Invoke-APIOnypheSynScan -IP
    get syn scan info for IP and set the api key
    C:\PS> Invoke-APIOnypheSynScan -IP -APIKey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

  Param (
    [ValidateScript({($_ -match "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])") -or ($_ -match "s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?")})]
  [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})]
    Process {
        if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
        $params = @{
            request = "synscan/$($IP)"
            APIInfo = "synscan"
            APIInput = @("$($IP)")
            APIKeyrequired = $true
        if ($page) {$params.add('page',$page)}
        Write-Verbose -message "URL Info : $($params.request)"
        Invoke-Onyphe @params
    Function Invoke-APIOnypheSniffer {
    create several input for Invoke-Onyphe function and then call it to get the IP sniffer info from sniffer API
    create several input for Invoke-Onyphe function and then call it to get the IP sniffer info from sniffer API
    -IP string{IP}
    IP to be used for the sniffer API usage
    -APIKey string{APIKEY}
    Set APIKEY as global variable.
    -page string{page number}
    go directly to a specific result page (1 to 1000)
       TypeName : System.Management.Automation.PSCustomObject
        Name MemberType Definition
        ---- ---------- ----------
        Equals Method bool Equals(System.Object obj)
        GetHashCode Method int GetHashCode()
        GetType Method type GetType()
        ToString Method string ToString()
        cli-API_info NoteProperty string[] cli-API_info=System.String[]
        cli-API_input NoteProperty string[] cli-API_input=System.String[]
        cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
        cli-Request_Date NoteProperty datetime cli-Request_Date=04/03/2019 22:04:40
        count NoteProperty long count=10
        error NoteProperty long error=0
        max_page NoteProperty long max_page=3
        myip NoteProperty string myip=
        page NoteProperty long page=1
        results NoteProperty Object[] results=System.Object[]
        status NoteProperty string status=ok
        took NoteProperty string took=0.034
        total NoteProperty long total=28
        count : 10
        error : 0
        max_page : 3
        myip :
        page : 1
        results : {@{@category=sniffer; @timestamp=04/03/2019 13:27:53; @type=doc; asn=AS20952; city=Witham;
                                            country=GB; data=\x1b\x81\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00
                                            CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00!\x00\x01; datamd5=70b95a08c5a052f5f8353bc75d1b7912;
                                            destport=137; ip=; ipv6=false; location=51.8149,0.6454; organization=Venus Business
                                            Communications Limited; seen_date=2019-03-04; srcport=137; subnet=;
                                            tag=System.Object[]; transport=udp; type=udpdata}, @{@category=sniffer; @timestamp=02/03/2019
                                            17:34:37; @type=doc; asn=AS20952; city=Witham; country=GB;
                                            data=Ni\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00 CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00!\x00\x01;
                                            datamd5=35191f8ac64683f9564b6b0fc6e27847; destport=137; ip=; ipv6=false;
                                            location=51.8149,0.6454; organization=Venus Business Communications Limited; seen_date=2019-03-02;
                                            srcport=137; subnet=; tag=System.Object[]; transport=udp; type=udpdata},
                                            @{@category=sniffer; @timestamp=01/03/2019 23:52:39; @type=doc; asn=AS20952; city=Witham;
                                            country=GB; data=\x1e\xe8\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00
                                            CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00!\x00\x01; datamd5=9f8536314d5eafdb06c99897fffb8aa8;
                                            destport=137; ip=; ipv6=false; location=51.8149,0.6454; organization=Venus Business
                                            Communications Limited; seen_date=2019-03-01; srcport=137; subnet=;
                                            tag=System.Object[]; transport=udp; type=udpdata}, @{@category=sniffer; @timestamp=28/02/2019
                                            18:08:53; @type=doc; asn=AS20952; city=Witham; country=GB;
                                            CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00\x00!\x00\x01; datamd5=83a75a375d30691bc1cb164f2955f406;
                                            destport=137; ip=; ipv6=false; location=51.8194,0.6718; organization=Venus Business
                                            Communications Limited; seen_date=2019-02-28; srcport=137; subnet=;
                                            tag=System.Object[]; transport=udp; type=udpdata}...}
        status : ok
        took : 0.011
        total : 28
        cli-API_info : {sniffer}
        cli-API_input : {}
        cli-key_required : {True}
        cli-Request_Date : 04/03/2019 22:05:23
    get sniffer info for IP
    C:\PS> Invoke-APIOnypheSniffer -IP
    get sniffer info for IP and set the api key
    C:\PS> Invoke-APIOnypheSniffer -IP -APIKey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

        Param (
        [ValidateScript({($_ -match "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])") -or ($_ -match "s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?")})]
        [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})]
        Process {
            if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
            $params = @{
                request = "sniffer/$($IP)"
                APIInfo = "sniffer"
                APIInput = @("$($IP)")
                APIKeyrequired = $true
            if ($page) {$params.add('page',$page)}
            Write-Verbose -message "URL Info : $($params.request)"
            Invoke-Onyphe @params
    Function Invoke-APIOnypheCtl {
    create several input for Invoke-Onyphe function and then call it to get the CTL (certificate transparancy) info from ctl API
    create several input for Invoke-Onyphe function and then call it to get the CTL (certificate transparancy) info from ctl API
    .PARAMETER Domain
    -Domain string{Domain or FQDN}
    Domain or FQDN to be used for the ctl API usage
    -APIKey string{APIKEY}
    Set APIKEY as global variable.
    -page string{page number}
    go directly to a specific result page (1 to 1000)
       TypeName : System.Management.Automation.PSCustomObject
        Name MemberType Definition
        ---- ---------- ----------
        Equals Method bool Equals(System.Object obj)
        GetHashCode Method int GetHashCode()
        GetType Method type GetType()
        ToString Method string ToString()
        cli-API_info NoteProperty string[] cli-API_info=System.String[]
        cli-API_input NoteProperty string[] cli-API_input=System.String[]
        cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
        cli-Request_Date NoteProperty datetime cli-Request_Date=04/03/2019 22:04:40
        count NoteProperty long count=10
        error NoteProperty long error=0
        max_page NoteProperty long max_page=3
        myip NoteProperty string myip=
        page NoteProperty long page=1
        results NoteProperty Object[] results=System.Object[]
        status NoteProperty string status=ok
        took NoteProperty string took=0.034
        total NoteProperty long total=28
        count : 1
        error : 0
        max_page : 1
        myip :
        page : 1
        results : {@{@category=ctl; @timestamp=15/02/2019 21:28:05; @type=doc; ca=false; country=FR;
                                  ; extkeyusage=System.Object[]; fingerprint=; host=portaltv-int;
                                            hostname=System.Object[]; ip=; issuer=; keyusage=System.Object[]; organization=Orange;
                                            publickey=; seen_date=2019-02-15; serial=01:81:e1:48:b1:9b:1e:4f:bc:5f:fc:99:e7:73:7d:da;
                                            signature=; source=Cloudflare Nimbus 2019;; subject=; tld=fr; validity=;
                                            version=v3; wildcard=false}}
        status : ok
        took : 0.024
        total : 1
        cli-API_info : {ctl}
        cli-API_input : {}
        cli-key_required : {True}
        cli-Request_Date : 05/03/2019 15:31:48
    get CTL info for
    C:\PS> Invoke-APIOnypheCtl -Domain
    get CTL info for and set the api key
    C:\PS> Invoke-APIOnypheCtl -Domain -APIKey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

        Param (
        [ValidateScript({($_ -match "^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$")})]
        [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})]
        Process {
            if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
            $params = @{
                request = "ctl/$($Domain)"
                APIInfo = "ctl"
                APIInput = @("$($Domain)")
                APIKeyrequired = $true
            if ($page) {$params.add('page',$page)}
            Write-Verbose -message "URL Info : $($params.request)"
            Invoke-Onyphe @params
    Function Invoke-APIOnypheMD5 {
    create several input for Invoke-Onyphe function and then call it to get info from onyphe md5 signature
    create several input for Invoke-Onyphe function and then call it to get info from onyphe md5 signature
    -MD5 string{MD5 Hash}
    MD5 to be used for the md5 API usage
    -APIKey string{APIKEY}
    Set APIKEY as global variable.
    -page string{page number}
    go directly to a specific result page (1 to 1000)
       TypeName : System.Management.Automation.PSCustomObject
        Name MemberType Definition
        ---- ---------- ----------
        Equals Method bool Equals(System.Object obj)
        GetHashCode Method int GetHashCode()
        GetType Method type GetType()
        ToString Method string ToString()
        cli-API_info NoteProperty string[] cli-API_info=System.String[]
        cli-API_input NoteProperty string[] cli-API_input=System.String[]
        cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
        cli-Request_Date NoteProperty datetime cli-Request_Date=04/03/2019 22:04:40
        count NoteProperty long count=10
        error NoteProperty long error=0
        max_page NoteProperty long max_page=3
        myip NoteProperty string myip=
        page NoteProperty long page=1
        results NoteProperty Object[] results=System.Object[]
        status NoteProperty string status=ok
        took NoteProperty string took=0.034
        total NoteProperty long total=28
        count : 10
        error : 0
        max_page : 1000
        myip :
        page : 1
        results : {@{@category=datascan; @timestamp=05/03/2019 13:25:40; @type=doc; app=; asn=AS36352; city=Buffalo;
                                            country=US; cpe=System.Object[]; data=SSH-2.0-OpenSSH_7.4\x0d
                                            ; datamd5=7a1f20cae067b75a52bc024b83ee4667; device=;;
                                            host=104-168-71-162-host; ip=; ipv6=false; location=42.8864,-78.8781;
                                            organization=ColoCrossing; port=22; product=OpenSSH; productvendor=OpenBSD; productversion=7.4;
                                            protocol=ssh; protocolversion=2.0;;
                                            seen_date=2019-03-05; source=sniffer; subnet=; tag=System.Object[]; tld=com;
                                            tls=false; transport=tcp}, @{@category=datascan; @timestamp=05/03/2019 12:08:44; @type=doc; app=;
                                            asn=AS27715; country=BR; cpe=System.Object[]; data=SSH-2.0-OpenSSH_7.4\x0d
                                            ; datamd5=7a1f20cae067b75a52bc024b83ee4667; device=;; host=gagarin0303;
                                            hostname=System.Object[]; ip=; ipv6=false; location=-22.8305,-43.2192;
                                            organization=Locaweb Serviços de Internet S/A; port=22; product=OpenSSH; productvendor=OpenBSD;
                                            productversion=7.4; protocol=ssh; protocolversion=2.0;;
                                            seen_date=2019-03-05; source=datascan; subnet=; tag=System.Object[]; tld=ws;
                                            tls=false; transport=tcp}, @{@category=datascan; @timestamp=05/03/2019 12:08:44; @type=doc; app=;
                                            asn=AS45090; city=Beijing; country=CN; cpe=System.Object[]; data=SSH-2.0-OpenSSH_7.4\x0d
                                            ; datamd5=7a1f20cae067b75a52bc024b83ee4667; device=; ip=; ipv6=false;
                                            location=39.9288,116.3889; organization=Shenzhen Tencent Computer Systems Company Limited; port=22;
                                            product=OpenSSH; productvendor=OpenBSD; productversion=7.4; protocol=ssh; protocolversion=2.0;
                                            seen_date=2019-03-05; source=datascan; subnet=; tag=System.Object[]; tls=false;
                                            transport=tcp}, @{@category=datascan; @timestamp=05/03/2019 12:08:44; @type=doc; app=; asn=AS45090;
                                            country=CN; cpe=System.Object[]; data=SSH-2.0-OpenSSH_7.4\x0d
                                            ; datamd5=7a1f20cae067b75a52bc024b83ee4667; device=; ip=; ipv6=false;
                                            location=39.9289,116.3883; organization=Shenzhen Tencent Computer Systems Company Limited; port=22;
                                            product=OpenSSH; productvendor=OpenBSD; productversion=7.4; protocol=ssh; protocolversion=2.0;
                                            seen_date=2019-03-05; source=datascan; subnet=; tag=System.Object[]; tls=false;
        status : ok
        took : 0.259
        total : 1942240
        cli-API_info : {md5}
        cli-API_input : {7a1f20cae067b75a52bc024b83ee4667}
        cli-key_required : {True}
        cli-Request_Date : 05/03/2019 16:48:12
    get md5 info for 7a1f20cae067b75a52bc024b83ee4667 hash
    C:\PS> Invoke-APIOnypheMd5 -MD5 7a1f20cae067b75a52bc024b83ee4667
    get md5 info for 7a1f20cae067b75a52bc024b83ee4667 hash and set the api key
    C:\PS> Invoke-APIOnypheMd5 -MD5 7a1f20cae067b75a52bc024b83ee4667 -APIKey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

        Param (
        [ValidateScript({($_ -match "^[a-f0-9]{32}$")})]
        [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})]
        Process {
            if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
            $params = @{
                request = "md5/$($MD5)"
                APIInfo = "md5"
                APIInput = @("$($MD5)")
                APIKeyrequired = $true
            if ($page) {$params.add('page',$page)}
            Write-Verbose -message "URL Info : $($params.request)"
            Invoke-Onyphe @params
    Function Invoke-APIOnypheOnionScan {
        create several input for Invoke-Onyphe function and then call it to get info for a .onion link using OnionScan API
        create several input for Invoke-Onyphe function and then call it to get info for a .onion link using OnionScan API
        .PARAMETER Onion
        -Onion string{Onion URL}
        Onion link to be used for the Onion API usage
        -APIKey string{APIKEY}
        Set APIKEY as global variable.
        .PARAMETER Page
        -page string{page number}
        go directly to a specific result page (1 to 1000)
            TypeName : System.Management.Automation.PSCustomObject
            Name MemberType Definition
            ---- ---------- ----------
            Equals Method bool Equals(System.Object obj)
            GetHashCode Method int GetHashCode()
            GetType Method type GetType()
            ToString Method string ToString()
            cli-API_info NoteProperty string[] cli-API_info=System.String[]
            cli-API_input NoteProperty string[] cli-API_input=System.String[]
            cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
            cli-Request_Date NoteProperty datetime cli-Request_Date=04/03/2019 22:04:40
            count NoteProperty long count=10
            error NoteProperty long error=0
            max_page NoteProperty long max_page=3
            myip NoteProperty string myip=
            page NoteProperty long page=1
            results NoteProperty Object[] results=System.Object[]
            status NoteProperty string status=ok
            took NoteProperty string took=0.034
            total NoteProperty long total=28
            count : 10
            error : 0
            max_page : 1000
            myip :
            page : 1
            results : {}
            status : ok
            took : 0.259
            total : 1942240
            cli-API_info : {OnionScan}
            cli-API_input : {vlp4uw5ui22ljlg7.onion}
            cli-key_required : {True}
            cli-Request_Date : 05/03/2019 16:48:12
        get md5 info for vlp4uw5ui22ljlg7.onion URL
        C:\PS> Invoke-APIOnypheOnionScan -Onion "vlp4uw5ui22ljlg7.onion"
        get md5 info for vlp4uw5ui22ljlg7.onion URL and set the api key
        C:\PS> Invoke-APIOnypheOnionScan -Onion "vlp4uw5ui22ljlg7.onion" -APIKey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

        Param (
        [ValidateScript({($_ -match "[a-z2-7]{16}\.onion") -or ($_ -match "[a-z2-7]{56}\.onion")})]
        [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})]
        Process {
            if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
            $params = @{
                request = "onionscan/$($Onion)"
                APIInfo = "onionscan"
                APIInput = @("$($Onion)")
                APIKeyrequired = $true
            if ($page) {$params.add('page',$page)}
            Write-Verbose -message "URL Info : $($params.request)"
            Invoke-Onyphe @params
    Function Invoke-APIOnypheReverse {
        create several input for Invoke-Onyphe function and then call it to get the reverse dns info from reverse API
        create several input for Invoke-Onyphe function and then call it to get the reverse dns info from reverse API
        -IP string{IP}
        IP to be used for the reverse API usage
        -APIKey string{APIKEY}
        Set APIKEY as global variable.
        .PARAMETER Page
        -page string{page number}
        go directly to a specific result page (1 to 1000)
            TypeName : System.Management.Automation.PSCustomObject
        Name MemberType Definition
        ---- ---------- ----------
        Equals Method bool Equals(System.Object obj)
        GetHashCode Method int GetHashCode()
        GetType Method type GetType()
        ToString Method string ToString()
        cli-API_info NoteProperty string[] cli-API_info=System.String[]
        cli-API_input NoteProperty string[] cli-API_input=System.String[]
        cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
        cli-Request_Date NoteProperty datetime cli-Request_Date=14/01/2018 20:47:39
        count NoteProperty int count=1
        error NoteProperty int error=0
        myip NoteProperty string myip=
        results NoteProperty Object[] results=System.Object[]
        status NoteProperty string status=ok
        took NoteProperty string took=0.001305
        total NoteProperty int total=1
        count : 59
        error : 0
        myip :
        results : {@{@category=resolver; @timestamp=2018-01-13T15:26:54.000Z; @type=reverse;;
                        ip=; ipv6=false;; seen_date=2018-01-13},
                        @{@category=resolver; @timestamp=2018-01-13T15:26:54.000Z; @type=reverse;;
                        ip=; ipv6=false;; seen_date=2018-01-13},
                        @{@category=resolver; @timestamp=2018-01-10T07:39:04.000Z; @type=reverse;;
                        ip=; ipv6=false;; seen_date=2018-01-10},
                        @{@category=resolver; @timestamp=2018-01-10T07:39:04.000Z; @type=reverse;;
                        ip=; ipv6=false;; seen_date=2018-01-10}...}
        status : ok
        took : 0.056
        total : 59
        cli-API_info : {reverse}
        cli-API_input : {}
        cli-key_required : {True}
        cli-Request_Date : 14/01/2018 20:45:08
        get reverse dns info info for IP
        C:\PS> Invoke-APIOnypheReverse -IP
        get reverse dns info info for IP ans set the api key
        C:\PS> Invoke-APIOnypheReverse -IP -APIKey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

  Param (
    [ValidateScript({($_ -match "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])") -or ($_ -match "s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?")})]
  [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})]
    Process {
        if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
        $params = @{
            request = "reverse/$($IP)"
            APIInfo = "reverse"
            APIInput = @("$($IP)")
            APIKeyrequired = $true
        if ($page) {$params.add('page',$page)}
        Write-Verbose -message "URL Info : $($params.request)"
        Invoke-Onyphe @params
    Function Invoke-APIOnypheForward {
        create several input for Invoke-Onyphe function and then call it to get the dns forwarder info from forward API
        create several input for Invoke-Onyphe function and then call it to get the dns forwarder info from forward API
        -IP string{IP}
        IP to be used for the forward API usage
        -APIKey string{APIKEY}
        Set APIKEY as global variable.
        .PARAMETER Page
        -page string{page number}
        go directly to a specific result page (1 to 1000)
            TypeName : System.Management.Automation.PSCustomObject
        Name MemberType Definition
        ---- ---------- ----------
        Equals Method bool Equals(System.Object obj)
        GetHashCode Method int GetHashCode()
        GetType Method type GetType()
        ToString Method string ToString()
        cli-API_info NoteProperty string[] cli-API_info=System.String[]
        cli-API_input NoteProperty string[] cli-API_input=System.String[]
        cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
        cli-Request_Date NoteProperty datetime cli-Request_Date=14/01/2018 20:47:39
        count NoteProperty int count=1
        error NoteProperty int error=0
        myip NoteProperty string myip=
        results NoteProperty Object[] results=System.Object[]
        status NoteProperty string status=ok
        took NoteProperty string took=0.001305
        total NoteProperty int total=1
        count : 16
        error : 0
        myip :
        results : {@{@category=resolver; @timestamp=2018-01-09T15:27:41.000Z; @type=forward;;
              ; ip=; ipv6=false; seen_date=2018-01-09}, @{@category=resolver;
                        @timestamp=2018-01-09T15:27:41.000Z; @type=forward;;; ip=;
                        ipv6=false; seen_date=2018-01-09}, @{@category=resolver; @timestamp=2018-01-03T16:20:06.000Z;
                        @type=forward;;; ip=; ipv6=0; seen_date=2018-01-03},
                        @{@category=resolver; @timestamp=2018-01-03T16:20:06.000Z; @type=forward;;
              ; ip=; ipv6=0; seen_date=2018-01-03}...}
        status : ok
        took : 0.023
        total : 16
        cli-API_info : {forward}
        cli-API_input : {}
        cli-key_required : {True}
        cli-Request_Date : 14/01/2018 20:45:08
        get all info for IP
        C:\PS> Invoke-APIOnypheForward -IP
        get all info for IP ans set the api key
        C:\PS> Invoke-APIOnypheForward -IP -APIKey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

  Param (
    [ValidateScript({($_ -match "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])") -or ($_ -match "s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?")})]
  [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})]
    Process {
        if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
        $params = @{
            request = "forward/$($IP)"
            APIInfo = "forward"
            APIInput = @("$($IP)")
            APIKeyrequired = $true
        if ($page) {$params.add('page',$page)}
        Write-Verbose -message "URL Info : $($params.request)"
        Invoke-Onyphe @params
    Function Invoke-APIOnypheThreatlist {
        create several input for Invoke-Onyphe function and then call it to get the threat info from threatlist API
        create several input for Invoke-Onyphe function and then call it to get the threat info from threatlist API
        -IP string{IP}
        IP to be used for the threatlist API usage
        -APIKey string{APIKEY}
        Set APIKEY as global variable.
        .PARAMETER Page
        -page string{page number}
        go directly to a specific result page (1 to 1000)
            TypeName : System.Management.Automation.PSCustomObject
        Name MemberType Definition
        ---- ---------- ----------
        Equals Method bool Equals(System.Object obj)
        GetHashCode Method int GetHashCode()
        GetType Method type GetType()
        ToString Method string ToString()
        cli-API_info NoteProperty string[] cli-API_info=System.String[]
        cli-API_input NoteProperty string[] cli-API_input=System.String[]
        cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
        cli-Request_Date NoteProperty datetime cli-Request_Date=14/01/2018 20:47:39
        count NoteProperty int count=1
        error NoteProperty int error=0
        myip NoteProperty string myip=
        results NoteProperty Object[] results=System.Object[]
        status NoteProperty string status=ok
        took NoteProperty string took=0.001305
        total NoteProperty int total=1
        count : 19
        error : 0
        myip :
        results : {@{@category=threatlist; @timestamp=2018-01-14T07:45:15.000Z; @type=ip; ipv6=false;
                        seen_date=2018-01-14; subnet=; - Zeus bad IPs},
                        @{@category=threatlist; @timestamp=2018-01-14T07:45:15.000Z; @type=ip; ipv6=false;
                        seen_date=2018-01-14; subnet=; - Zeus IPs},
                        @{@category=threatlist; @timestamp=2018-01-14T07:45:15.000Z; @type=ip; ipv6=false;
                        seen_date=2018-01-14; subnet=; threatlist=EmergingThreats - Spamhaus, DShield and
              }, @{@category=threatlist; @timestamp=2018-01-13T07:45:13.000Z; @type=ip; ipv6=false;
                        seen_date=2018-01-13; subnet=; threatlist=EmergingThreats - Spamhaus, DShield and
        status : ok
        took : 0.023
        total : 19
        cli-API_info : {threatlist}
        cli-API_input : {}
        cli-key_required : {True}
        cli-Request_Date : 14/01/2018 20:45:08
        get all threat info for IP
        C:\PS> Invoke-APIOnypheThreatlist -IP
        get all threat info for IP and set the api key
        C:\PS> Invoke-APIOnypheThreatlist -IP -APIKey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

  Param (
    [ValidateScript({($_ -match "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])") -or ($_ -match "s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?")})]
  [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})]
    Process {
        if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
        $params = @{
            request = "threatlist/$($IP)"
            APIInfo = "threatlist"
            APIInput = @("$($IP)")
            APIKeyrequired = $true
        if ($page) {$params.add('page',$page)}
        Write-Verbose -message "URL Info : $($params.request)"
        Invoke-Onyphe @params
    Function Invoke-APIOnypheDataScan {
        create several input for Invoke-Onyphe function and then call it to get the data scan info from datascan API
        create several input for Invoke-Onyphe function and then call it to get the data scan info from datascan API
        .PARAMETER IPOrDataScanString
        -IPOrDataScanString string{IP}
        IP to be used for the DataScan API usage
        -IPOrDataScanString string
        string to be used for the DataScan API usage
        -APIKey string{APIKEY}
        Set APIKEY as global variable.
        .PARAMETER Page
        -page string{page number}
        go directly to a specific result page (1 to 1000)
            TypeName : System.Management.Automation.PSCustomObject
        Name MemberType Definition
        ---- ---------- ----------
        Equals Method bool Equals(System.Object obj)
        GetHashCode Method int GetHashCode()
        GetType Method type GetType()
        ToString Method string ToString()
        cli-API_info NoteProperty string[] cli-API_info=System.String[]
        cli-API_input NoteProperty string[] cli-API_input=System.String[]
        cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
        cli-Request_Date NoteProperty datetime cli-Request_Date=14/01/2018 20:47:39
        count NoteProperty int count=1
        error NoteProperty int error=0
        myip NoteProperty string myip=
        results NoteProperty Object[] results=System.Object[]
        status NoteProperty string status=ok
        took NoteProperty string took=0.001305
        total NoteProperty int total=1
        count : 1
        error : 0
        myip :
        results : {@{@category=datascan; @timestamp=2018-01-05T02:21:45.000Z; @type=http; asn=AS10201; country=IN;
                        data=HTTP/1.0 302 Moved Temporarily
                        Date: Sat, 06 Jan 2018 02:13:01 GMT
                        Server: PanWeb Server/ -
                        ETag: "73829-130d-57651d79"
                        Connection: close
                        Pragma: no-cache
                        Location: /php/login.php
                        Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                        Content-Length: 0
                        Content-Type: text/html
                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                        X-FRAME-OPTIONS: SAMEORIGIN
                        Set-Cookie: PHPSESSID=73ebc70421adc9c46219dd68d722bb8b; path=/; HttpOnly
                        ; datamd5=beddae472d600e9e25787353ed4e5f21; ip=; ipv6=false; location=20.0000,77.0000;
                        organization=Dishnet Wireless Limited. Broadband Wireless; port=80; product=PanWeb Server;
                        productversion= - ; protocol=http; seen_date=2018-01-05}}
        status : ok
        took : 0.013
        total : 1
        cli-API_info : {datascan}
        cli-API_input : {}
        cli-key_required : {True}
        cli-Request_Date : 14/01/2018 20:45:08
        get all data scan info for IP
        C:\PS> Invoke-APIOnypheDataScan -IPOrDataScanString
        get all info for info available for PanWeb web server
        C:\PS> Invoke-APIOnypheDataScan -IPOrDataScanString "PanWeb"
        get all data scan info for IP and set the api key
        C:\PS> Invoke-APIOnypheDataScan -IPOrDataScanString -APIKey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  Param (
  [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})]
    Process {
        $script:DateRequest = get-date
        if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
        $params = @{
            request = "datascan/$($IPOrDataScanString)"
            APIInput = "$($IPOrDataScanString)"
            APIInfo = "datascan"
            APIKeyrequired = $true
        if ($page) {$params.add('page',$page)}
        Write-Verbose -message "URL Info : $($params.request)"
        Invoke-Onyphe @params
    Function Invoke-APIOnypheIP {
        create several input for Invoke-Onyphe function and then call it to get all info for an IP from IP API
        create several input for Invoke-Onyphe function and then call it to get all info for an IP from IP API
        -IP string{IP}
        IP to be used for the IP API usage
        -APIKey string{APIKEY}
        Set APIKEY as global variable
        .PARAMETER Page
        -page string{page number}
        go directly to a specific result page (1 to 1000)
            TypeName : System.Management.Automation.PSCustomObject
        Name MemberType Definition
        ---- ---------- ----------
        Equals Method bool Equals(System.Object obj)
        GetHashCode Method int GetHashCode()
        GetType Method type GetType()
        ToString Method string ToString()
        cli-API_info NoteProperty string[] cli-API_info=System.String[]
        cli-API_input NoteProperty string[] cli-API_input=System.String[]
        cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
        cli-Request_Date NoteProperty datetime cli-Request_Date=14/01/2018 20:47:39
        count NoteProperty int count=1
        error NoteProperty int error=0
        myip NoteProperty string myip=
        results NoteProperty Object[] results=System.Object[]
        status NoteProperty string status=ok
        took NoteProperty string took=0.001305
        total NoteProperty int total=1
        count : 32
        error : 0
        myip :
        results : {@{@category=geoloc; @timestamp=2018-01-13T10:30:19.000Z; @type=ip; asn=AS15169; city=; country=US;
                        country_name=United States; geolocation=37.7510,-97.8220; ip=; ipv6=false; latitude=37.7510;
                        longitude=-97.8220; organization=Google LLC; subnet=}, @{@category=inetnum;
                        @timestamp=1970-01-01T00:00:00.000Z; @type=ip; country=US; information=System.Object[];
                        netname=Undisclosed; seen_date=1970-01-01; source=Undisclosed; subnet=Undisclosed},
                        @{@category=pastries; @timestamp=2018-01-13T00:05:30.000Z; @type=pastebin; domain=System.Object[];
                        hostname=System.Object[]; ip=System.Object[]; key=uL3KBwQb; seen_date=2018-01-13},
                        @{@category=pastries; @timestamp=2018-01-12T23:38:24.000Z; @type=pastebin; domain=System.Object[];
                        hostname=System.Object[]; ip=System.Object[]; key=d08TpvqK; seen_date=2018-01-12}...}
        status : ok
        took : 0.166
        total : 3221
        cli-API_info : {ip}
        cli-API_input : {}
        cli-key_required : {True}
        cli-Request_Date : 14/01/2018 20:45:08
        get all info for IP
        C:\PS> Invoke-APIOnypheIP -IP
        get all info for IP ans set the api key
        C:\PS> Invoke-APIOnypheIP -IP -APIKey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  Param (
    [ValidateScript({($_ -match "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])") -or ($_ -match "s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?")})]
    [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})]
    Process {
        if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
        $params = @{
            request = "ip/$($IP)"
            APIInfo = "ip"
            APIInput = @("$($IP)")
            APIKeyrequired = $true
        if ($page) {$params.add('page',$page)}
        Write-Verbose -message "URL Info : $($params.request)"
        Invoke-Onyphe @params
    Function Invoke-APIOnypheMyIP {
        create several input for Invoke-Onyphe function and then call it to get current public ip from MyIP API
        create several input for Invoke-Onyphe function and then call it to get current public ip from MyIP API
                TypeName : System.Management.Automation.PSCustomObject
        Name MemberType Definition
        ---- ---------- ----------
        Equals Method bool Equals(System.Object obj)
        GetHashCode Method int GetHashCode()
        GetType Method type GetType()
        ToString Method string ToString()
        cli-API_info NoteProperty string[] cli-API_info=System.String[]
        cli-API_input NoteProperty string[] cli-API_input=System.String[]
        cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
        cli-Request_Date NoteProperty datetime cli-Request_Date=14/01/2018 20:47:39
        count NoteProperty int count=1
        error NoteProperty int error=0
        myip NoteProperty string myip=
        status NoteProperty string status=ok
        error : 0
        myip :
        status : ok
        cli-API_info : {myip}
        cli-API_input : {none}
        cli-key_required : {False}
        cli-Request_Date : 14/01/2018 20:45:08
        get your current public ip
        C:\PS> Invoke-APIOnypheMyIP

  param ()
  process {
    $params = @{
        request = "myip/"
        APIInfo = "myip"
        APIInput = "none"
        APIKeyrequired = $false
    Write-Verbose -message "URL Info : $($params.request)"
    Invoke-Onyphe @params
    Function Invoke-APIOnypheGeoloc {
        create several input for Invoke-Onyphe function and then call it to get the Geoloc info from Geoloc API
        create several input for Invoke-Onyphe function and then call it to get the Geoloc info from Geoloc API
        -IP string{IP}
        IP to be used for the geoloc API usage
            TypeName : System.Management.Automation.PSCustomObject
        Name MemberType Definition
        ---- ---------- ----------
        Equals Method bool Equals(System.Object obj)
        GetHashCode Method int GetHashCode()
        GetType Method type GetType()
        ToString Method string ToString()
        cli-API_info NoteProperty string[] cli-API_info=System.String[]
        cli-API_input NoteProperty string[] cli-API_input=System.String[]
        cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
        cli-Request_Date NoteProperty datetime cli-Request_Date=14/01/2018 20:47:39
        count NoteProperty int count=1
        error NoteProperty int error=0
        myip NoteProperty string myip=
        results NoteProperty Object[] results=System.Object[]
        status NoteProperty string status=ok
        took NoteProperty string took=0.001305
        total NoteProperty int total=1
        count : 1
        error : 0
        myip :
        results : {@{@category=geoloc; @timestamp=2018-01-13T10:18:52.000Z; @type=ip; asn=AS15169; city=; country=US;
                        country_name=United States; geolocation=37.7510,-97.8220; ip=; ipv6=false; latitude=37.7510;
                        longitude=-97.8220; organization=Google LLC; subnet=}}
        status : ok
        took : 0.013426
        total : 1
        cli-API_info : {geoloc}
        cli-API_input : {}
        cli-key_required : {False}
        cli-Request_Date : 14/01/2018 20:45:08
        get geoloc info for IP
        C:\PS> Invoke-APIOnypheGeoloc -IP
  Param (
    [ValidateScript({($_ -match "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])") -or ($_ -match "s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?")})]
  process {
    $params = @{
        request = "geoloc/$($IP)"
        APIInfo = "geoloc"
        APIInput = @("$($IP)")
        APIKeyrequired = $false
    Write-Verbose -message "URL Info : $($params.request)"
    Invoke-Onyphe @params
    Function Invoke-Onyphe {
  Param (
  [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})] 
  Process {
    $script:onypheurl = ""
    $script:DateRequest = get-date
    if (($APIKeyrequired)-and(!$global:OnypheAPIKey)) {
        write-verbose -message "incorrect parameter - Please provide an APIKey with -APIKEY parameter"
        throw "Please provide an APIKey with -APIKEY parameter"
    try {
        $fullonypheurl = "$($onypheurl)$($request)"
        if ($page -and $APIKeyrequired) {
            $fullonypheurl = "$($fullonypheurl)?apikey=$($global:OnypheAPIKey)&page=$($page)"
        elseif ($page -and ($APIKeyrequired -eq $false)) {
            $fullonypheurl = "$($fullonypheurl)?page=$($page)"
        elseif ($APIKeyrequired -and !$page) {
            $fullonypheurl = "$($fullonypheurl)?apikey=$($global:OnypheAPIKey)"
        if ($global:OnypheProxyParams) {
            $params = $global:OnypheProxyParams
            If (!$params.UseBasicParsing){
                $params.add('UseBasicParsing', $true)
            If (!$params.URI) {
                $params.add('URI', "$($fullonypheurl)")
            } Else {
                $params['URI'] = "$($fullonypheurl)"
        } Else {
            $params = @{}
            $params.add('UseBasicParsing', $true)
            $params.add('URI', "$($fullonypheurl)")
        $onypheresult = invoke-webrequest @params
    } catch {
            write-verbose -message "Not able to use onyphe online service - KO"
            write-verbose -message "Error Type: $($_.Exception.GetType().FullName)"
            write-verbose -message "Error Message: $($_.Exception.Message)"
            write-verbose -message "HTTP error code:$($_.Exception.Response.StatusCode.Value__)"
            write-verbose -message "HTTP error message:$($_.Exception.Response.StatusDescription)"
            $errorcode = $_.Exception.Response.StatusCode.value__
            if (($errorcode -eq 429) -or ($errorcode -eq 200)) {
                $result = $_.Exception.Response.GetResponseStream()
                $reader = New-Object System.IO.StreamReader($result)
                $reader.BaseStream.Position = 0
                $httpbody = $reader.ReadToEnd()
                $errorvalue = $httpbody | Convertfrom-Json
                $errorvalue | add-member -MemberType NoteProperty -Name 'cli-API_info' -Value $APIInfo
                $errorvalue | add-member -MemberType NoteProperty -Name 'cli-API_input' -Value $APIInput
                $errorvalue | add-member -MemberType NoteProperty -Name 'cli-key_required' -Value $APIKeyrequired
                $errorvalue | add-member -MemberType NoteProperty -Name 'cli-Request_Date' -Value $script:DateRequest
            } else {
                $errorvalue = [PSCustomObject]@{
                    Count = 0
                    error = ""
                    myip = 0
                    results = ''
                    'cli-error_results' = "$($_.Exception.GetType().FullName) - $($_.Exception.Message) : $($onypheresult.Content)"
                    status = "ko"
                    took = 0
                    total = 0
                    'cli-API_info' = $APIInfo
                    'cli-API_input' = $APIInput
                    'cli-key_required' = $APIKeyrequired
                    'cli-Request_Date' = $script:DateRequest
        if (-not $errorvalue) {
            try {
                $temp = $onypheresult.Content | convertfrom-json
                $temp | add-member -MemberType NoteProperty -Name 'cli-API_info' -Value $APIInfo
                $temp | add-member -MemberType NoteProperty -Name 'cli-API_input' -Value $APIInput
                $temp | add-member -MemberType NoteProperty -Name 'cli-key_required' -Value $APIKeyrequired
                $temp | add-member -MemberType NoteProperty -Name 'cli-Request_Date' -Value $script:DateRequest
                if ($debug -or $verbose) {
                    $temp | add-member -MemberType NoteProperty -Name cli-API_Request -Value "$($request)"
            } catch {
                write-verbose -message "unable to convert result into a powershell object - json error"
                write-verbose -message "Error Type: $($_.Exception.GetType().FullName)"
                write-verbose -message "Error Message: $($_.Exception.Message)"
                $errorvalue = [PSCustomObject]@{
                    Count = 0
                    error = ""
                    myip = 0
                    results = ''
                    'cli-error_results' = "$($_.Exception.GetType().FullName) - $($_.Exception.Message) : $($onypheresult.Content)"
                    status = "ko"
                    took = 0
                    total = 0
                    'cli-API_info' = $APIInfo
                    'cli-API_input' = $APIInput
                    'cli-key_required' = $APIKeyrequired
                    'cli-Request_Date' = $script:DateRequest
        if ($errorvalue) {
        } elseif ($temp) {
    Function Export-OnypheInfoToFile {
        Export psobject containing Onyphe info to files
        Export psobject containing Onyphe info to files
        One root folder is created and a dedicated csv file is created by category.
        Note : for the datascan category, the data attribute content is exported in a separated text file to be more readable.
        Note 2 : in this version, there is an issue if you pipe a psobject containing an array of onyphe result to the function. to be investigated.
        .PARAMETER tofolder
        -tofolcer string{target folder}
        path to the target folder where you want to export onyphe data
        .PARAMETER inputobject
        -inputobject $obj{output of Get-OnypheInfo or Get-OnypheInfoFromCSV functions}
        look for information about my public IP
        .PARAMETER csvdelimiter
        -csvdelimiter string{csv separator}
        set your csv separator. default is ;
        Exporting onyphe results containing into $onypheresult object to flat files in folder C:\temp
        C:\PS> Export-OnypheInfoToFile -tofolder C:\temp -inputobject $onypheresult
        Exporting onyphe results containing into $onypheresult object to flat files in folder C:\temp using ',' as csv separator
        C:\PS> Export-OnypheInfoToFile -tofolder C:\temp -inputobject $onypheresult -csvdelimiter ","

  Param (
      [ValidateScript({test-path "$($_)"})]
      [ValidateScript({(($_ | Get-Member | Select-Object -ExpandProperty TypeName -Unique) -eq 'System.Management.Automation.PSCustomObject') -or (($_ | Get-Member | Select-Object -ExpandProperty TypeName -Unique) -eq 'Deserialized.System.Management.Automation.PSCustomObject')})]
  process {
    if (!$csvdelimiter) {$csvdelimiter = ";"}
    $ticks = (get-date).ticks.ToString()
    If (($inputobject | Get-Member | Select-Object -ExpandProperty TypeName -Unique) -eq 'System.Management.Automation.PSCustomObject') {
        export-clixml -depth 1000 -path "$($env:temp)\$($ticks).xml" -InputObject $inputobject
        $inputobject = Import-Clixml -Path "$($env:temp)\$($ticks).xml"
        Remove-Item "$($env:temp)\$($ticks).xml" -Force
    foreach ($result in $inputobject) {
      $tempfolder = $null
      $tempattrib = $result.'cli-API_input' -replace ("[{0}]"-f (([System.IO.Path]::GetInvalidFileNameChars() | ForEach-Object {[regex]::Escape($_)}) -join '|')),'_'
      $tempfolder = "Onyphe-result-$($tempattrib)"
      $tempfolder = join-path $tofolder $tempfolder
      if (!(test-path $tempfolder)) {mkdir $tempfolder -force | out-null}
      $ticks = (get-date).ticks.ToString()
      $result | Export-Csv -NoTypeInformation -path "$($tempfolder)\$($ticks)_request_info.csv" -delimiter $csvdelimiter
      switch ($result.results.'@category') {
          'geoloc' {
              $filteredobj = $result.results | where-object {$_.'@category' -eq 'geoloc'} | sort-object -property country
              $tempfilename = join-path $tempfolder "$($ticks)_$($ip)_Geoloc.csv"
              $filteredobj | Export-Csv -NoTypeInformation -path "$($tempfilename)" -delimiter $csvdelimiter
          'inetnum' {
                $filteredobj = $result.results | where-object {$_.'@category' -eq 'inetnum'} | sort-object -property seen_date
                $tempfilename = join-path $tempfolder "$($ticks)_$($ip)_inetnum.csv"
              $filteredobj | Export-Csv -NoTypeInformation -path "$($tempfilename)" -delimiter $csvdelimiter
          'synscan' {
                $filteredobj = $result.results | where-object {$_.'@category' -eq 'synscan'} | sort-object -property seen_date
                $tempfilename = join-path $tempfolder "$($ticks)_$($ip)_synscan.csv"
              $filteredobj | Export-Csv -NoTypeInformation -path "$($tempfilename)" -delimiter $csvdelimiter
                $filteredobj = $result.results | where-object {$_.'@category' -eq 'resolver'} | sort-object -property seen_date
                $tempfilename = join-path $tempfolder "$($ticks)_$($ip)_resolver.csv"
              $filteredobj | Export-Csv -NoTypeInformation -path "$($tempfilename)" -delimiter $csvdelimiter
          'threatlist' {
                $filteredobj = $result.results | where-object {$_.'@category' -eq 'threatlist'} | sort-object -property seen_date
                $tempfilename = join-path $tempfolder "$($ticks)_$($ip)_threatlist.csv"
              $filteredobj | Export-Csv -NoTypeInformation -path "$($tempfilename)" -delimiter $csvdelimiter
          'pastries' {
              $filteredobj = $result.results | where-object {$_.'@category' -eq 'pastries'} | sort-object -property seen_date
              $tempfilename = join-path $tempfolder "$($ticks)_$($ip)_Pastries.csv"
              $filteredobj | Export-Csv -NoTypeInformation -path "$($tempfilename)" -delimiter $csvdelimiter
              foreach ($contentresult in $filteredobj) {
                  if ($contentresult.ip.count -gt 1) {
                      $ip = "multips-$($contentresult.ip[0].Replace(":","-"))"
                      $allip = $contentresult.ip -join ","
                  } else {
                      $ip = $contentresult.ip
                  $tempfilecontentresult = "$($ticks)_$($ip)_pastries_$($contentresult.key).txt"
                    $tempcontentexportfile = join-path $tempfolder $tempfilecontentresult
                  if ($allip) {
                      set-content -path $tempcontentexportfile -value "########### info ip ###########"
                      add-content -path $tempcontentexportfile -value $allip
                      add-content -path $tempcontentexportfile -value "########### info ip ###########"
                  $contentresult.content | add-content -path $tempcontentexportfile
          'sniffer' {
                $filteredobj = $result.results | where-object {$_.'@category' -eq 'sniffer'} | sort-object -property seen_date
                $tempfilename = join-path $tempfolder "$($ticks)_$($ip)_Sniffer.csv"
              $filteredobj | Export-Csv -NoTypeInformation -path "$($tempfilename)" -delimiter $csvdelimiter
          'datascan' {
              $filteredobj = $result.results | where-object {$_.'@category' -eq 'datascan'} | sort-object -property seen_date
              $tempfilename = join-path $tempfolder "$($ticks)_$($ip)_datascan.csv"
              $filteredobj | Export-Csv -NoTypeInformation -path "$($tempfilename)" -delimiter $csvdelimiter
              foreach ($dataresult in $filteredobj) {
                  if ($dataresult.ip.count -gt 1) {
                      $ip = "multips-$($dataresult.ip[0].Replace(":","-"))"
                      $allip = $dataresult.ip -join ","
                  } else {
                      $ip = $dataresult.ip
                  $tempfiledataresult = "$($ticks)_$($ip)_$($dataresult.port)_$($dataresult.protocol).txt"
                    $tempdataexportfile = join-path $tempfolder $tempfiledataresult
                  if ($allip) {
                      set-content -path $tempdataexportfile -value "########### info ip ###########"
                      add-content -path $tempdataexportfile -value $allip
                      add-content -path $tempdataexportfile -value "########### info ip ###########"
                  $ | add-content -path $tempdataexportfile
          'onionscan' {
              $filteredobj = $result.results | where-object {$_.'@category' -eq 'onionscan'} | sort-object -property seen_date
              $tempfilename = join-path $tempfolder "$($ticks)_$($ip)_onionscan.csv"
              $filteredobj | Export-Csv -NoTypeInformation -path "$($tempfilename)" -delimiter $csvdelimiter
              foreach ($dataresult in $filteredobj) {
                  if ($dataresult.ip.count -gt 1) {
                      $ip = "multips-$($dataresult.ip[0].Replace(":","-"))"
                      $allip = $dataresult.ip -join ","
                  } else {
                      $ip = $dataresult.ip
                  $tempfiledataresult = "$($ticks)_$($ip)_$($dataresult.port)_$($dataresult.protocol).txt"
                  $tempdataexportfile = join-path $tempfolder $tempfiledataresult
                    if ($allip) {
                      set-content -path $tempdataexportfile -value "########### info ip ###########"
                      add-content -path $tempdataexportfile -value $allip
                      add-content -path $tempdataexportfile -value "########### info ip ###########"
                  $ | add-content -path $tempdataexportfile
            'ctl' {
                $filteredobj = $result.results | where-object {$_.'@category' -eq 'ctl'} | sort-object -property seen_date
                $tempfilename = join-path $tempfolder "$($ticks)_$($ip)ctl.csv"
              $filteredobj | Export-Csv -NoTypeInformation -path "$($tempfilename)" -delimiter $csvdelimiter
            'datashot' {
                $filteredobj = $result.results | where-object {$_.'@category' -eq 'datashot'} | sort-object -property seen_date
                $tempfilename = join-path $tempfolder "$($ticks)_$($ip)_datashot.csv"
                $filteredobj | Export-Csv -NoTypeInformation -path "$($tempfilename)" -delimiter $csvdelimiter
                Export-OnypheDataShot -tofolder $tempfolder -inputobject $result
    Function Get-ScriptDirectory {
        retrieve current script directory
        retrieve current script directory

    Split-Path -Parent $PSCommandPath
    Function Set-OnypheAPIKey {
        set and remove onyphe API key as global variable
        set and remove onyphe API key as global variable
        -APIKey string{APIKEY}
        Set APIKEY as global variable.
        .PARAMETER MasterPassword
        -MasterPassword SecureString{Password}
        Use a passphrase for encryption purpose.
        .PARAMETER EncryptKeyInLocalFile
        Store APIKey in encrypted value on local drive
        .PARAMETER Remove
        Remove your current APIKEY from global variable.
        Set your API key as global variable so it will be used automatically by all use-onyphe functions
        C:\PS> Set-OnypheAPIKey -apikey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
        Remove your API key set as global variable
        C:\PS> Set-OnypheAPIKey -remove
        Store your API key on hard drive
        C:\PS> Set-OnypheAPIKey -apikey "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" -MasterPassword (ConvertTo-SecureString -String "YourP@ssw0rd" -AsPlainText -Force) -EncryptKeyInLocalFile

  Param (
  process {
    if ($Remove.IsPresent) {
        $global:OnypheAPIKey = $Null
      } Else {
        $global:OnypheAPIKey = $APIKey
        If ($EncryptKeyInLocalFile.IsPresent) {
            If (!$MasterPassword -or !$APIKey) {
                Write-warning "Please provide a valid Master Password to protect the API Key storage on disk and a valid API Key"
                throw 'no api key or master password'
            } Else {
                [Security.SecureString]$SecureKeyString = ConvertTo-SecureString -String $APIKey -AsPlainText -Force
                $SaltBytes = New-Object byte[] 32
                $RNG = New-Object System.Security.Cryptography.RNGCryptoServiceProvider
                $Credentials = New-Object System.Management.Automation.PSCredential -ArgumentList 'user', $MasterPassword
                $Rfc2898Deriver = New-Object System.Security.Cryptography.Rfc2898DeriveBytes -ArgumentList $Credentials.GetNetworkCredential().Password, $SaltBytes
                $KeyBytes  = $Rfc2898Deriver.GetBytes(32)
                $EncryptedString = $SecureKeyString | ConvertFrom-SecureString -key $KeyBytes
                $ObjConfigOnyphe = @{
                    Salt = $SaltBytes
                    EncryptedAPIKey = $EncryptedString
                $FolderName = 'Use-Onyphe'
                $ConfigName = 'Use-Onyphe-Config.xml'
                if (!(Test-Path -Path "$($env:AppData)\$FolderName")) {
                    New-Item -ItemType directory -Path "$($env:AppData)\$FolderName" | Out-Null
                if (test-path "$($env:AppData)\$FolderName\$ConfigName") {
                    Remove-item -Path "$($env:AppData)\$FolderName\$ConfigName" -Force | out-null
                $ObjConfigOnyphe | Export-Clixml "$($env:AppData)\$FolderName\$ConfigName"
    Function Import-OnypheEncryptedIKey {
        import onyphe API key as global variable from encrypted local config file
        import onyphe API key as global variable from encrypted local config file
        .PARAMETER MasterPassword
        -MasterPassword SecureString{Password}
        Use a passphrase for encryption purpose.
        set API Key as global variable using encrypted key hosted in local xml file previously generated with Set-OnypheAPIKey
        C:\PS> Import-OnypheEncryptedIKey -MasterPassword (ConvertTo-SecureString -String "YourP@ssw0rd" -AsPlainText -Force)

    process {
        $FolderName = 'Use-Onyphe'
        $ConfigName = 'Use-Onyphe-Config.xml'
        if (!(Test-Path "$($env:AppData)\$($FolderName)\$($ConfigName)")){
            throw 'Configuration file has not been set, Set-OnypheAPIKey to configure the API Keys.'
        $ObjConfigOnyphe = Import-Clixml "$($env:AppData)\$($FolderName)\$($ConfigName)"
        $Credentials = New-Object System.Management.Automation.PSCredential -ArgumentList 'user', $MasterPassword
        try {
            $Rfc2898Deriver = New-Object System.Security.Cryptography.Rfc2898DeriveBytes -ArgumentList $Credentials.GetNetworkCredential().Password, $ObjConfigOnyphe.Salt
            $KeyBytes  = $Rfc2898Deriver.GetBytes(32)
            $SecString = ConvertTo-SecureString -Key $KeyBytes $ObjConfigOnyphe.EncryptedAPIKey
            $SecureStringToBSTR = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecString)
            $APIKey = [Runtime.InteropServices.Marshal]::PtrToStringAuto($SecureStringToBSTR)
            $global:OnypheAPIKey = $APIKey
        } catch {
            throw "Not able to set correctly your API Key, your passphrase my be incorrect"
            write-error -message "Error Type: $($_.Exception.GetType().FullName)"
            write-error -message "Error Message: $($_.Exception.Message)"
    Function Get-OnypheSearchFilters {
        Get filters available for search APIs of Onyphe
        Get filters available for search APIs of Onyphe
        filters as string
        Get filters available for search APIs of Onyphe
        C:\PS> Get-OnypheSearchFilters

    $XMLFilePath = join-path (Get-ScriptDirectory) "Onyphe-Data-Model.xml"
    if (test-path $XMLFilePath) {
        $SearchFilters = Import-Clixml -Path $XMLFilePath
    Function Get-OnypheSearchCategories {
      Get category available for search APIs of Onyphe
      Get category available for search APIs of Onyphe
      filters as string
      Get category available for search APIs of Onyphe
      C:\PS> Get-OnypheSearchCategories

      $XMLFilePath = join-path (Get-ScriptDirectory) "Onyphe-Data-Model.xml"
      if (test-path $XMLFilePath) {
          $SearchFilters = Import-Clixml -Path $XMLFilePath
          ($SearchFilters.apis | Where-Object {$_ -like "*/search/*"}) -replace "/api/search/",""
    Function Get-OnypheCliFacets {
      Get facets available for stats on local Onyphe PS Object
      Get facets available for stats on local Onyphe PS Object
      facets as string
      Get facets available for stats on local Onyphe PS Object
      C:\PS> Get-OnypheCliFacets

      $XMLFilePath = join-path (Get-ScriptDirectory) "Onyphe-Data-Model.xml"
      if (test-path $XMLFilePath) {
            $SearchFilters = Import-Clixml -Path $XMLFilePath
    Function Get-OnypheAPIName {
      Get API available for Onyphe
      Get API available for Onyphe
      API as string
      Get API available for Onyphe
      C:\PS> Get-OnypheAPIName

      $XMLFilePath = join-path (Get-ScriptDirectory) "Onyphe-Data-Model.xml"
      if (test-path $XMLFilePath) {
            $SearchFilters = Import-Clixml -Path $XMLFilePath
            $Apis = @($SearchFilters.apis -replace "/api/","" | Where-Object {($_ -notlike "*/*") -and ($_ -ne "search") -and ($_ -ne "user")})
            $Apis += ($SearchFilters.apis | Where-Object {$_ -like "*/resolver/*"}) -replace "/api/resolver/",""
    Function Set-OnypheProxy {
      Set an internet proxy to use onyphe web api
      Set an internet proxy to use onyphe web api
      .PARAMETER DirectNoProxy
      Remove proxy and configure Onyphe powershell functions to use a direct connection
      .PARAMETER Proxy
      Set the proxy URL
      .PARAMETER ProxyCredential
      Set the proxy credential to be authenticated with the internet proxy set
      .PARAMETER ProxyUseDefaultCredentials
      Use current security context to be authenticated with the internet proxy set
      .PARAMETER AnonymousProxy
      No authentication (open proxy) with the internet proxy set
      Remove Internet Proxy and set a direct connection
      C:\PS> Set-OnypheProxy -DirectNoProxy
      Set Internet Proxy and with manual authentication
      $credentials = get-credential
      C:\PS> Set-OnypheProxy -Proxy "http://myproxy:8080" -ProxyCredential $credentials
      Set Internet Proxy and with automatic authentication based on current security context
      C:\PS> Set-OnypheProxy -Proxy "http://myproxy:8080" -ProxyUseDefaultCredentials
      Set Internet Proxy and with no authentication
      C:\PS> Set-OnypheProxy -Proxy "http://myproxy:8080" -AnonymousProxy

    Param (
    if ($DirectNoProxy.IsPresent){
        $global:OnypheProxyParams = $null
    } ElseIf ($Proxy) {
        $global:OnypheProxyParams = @{}
        $OnypheProxyParams.Add('Proxy', $Proxy)
        if ($ProxyCredential){
            $OnypheProxyParams.Add('ProxyCredential', $ProxyCredential)
            If ($OnypheProxyParams.ProxyUseDefaultCredentials) {$OnypheProxyParams.Remove('ProxyUseDefaultCredentials')}
        } Elseif ($ProxyUseDefaultCredentials.IsPresent){
            $OnypheProxyParams.Add('ProxyUseDefaultCredentials', $ProxyUseDefaultCredentials)
            If ($OnypheProxyParams.ProxyCredential) {$OnypheProxyParams.Remove('ProxyCredential')}
        } ElseIf ($AnonymousProxy.IsPresent) {
            If ($OnypheProxyParams.ProxyUseDefaultCredentials) {$OnypheProxyParams.Remove('ProxyUseDefaultCredentials')}
            If ($OnypheProxyParams.ProxyCredential) {$OnypheProxyParams.Remove('ProxyCredential')}
    Function Invoke-APIOnypheSearch {
      create several input for Invoke-Onyphe function and then call it to search info from search APIs
      create several input for Invoke-Onyphe function and then call it to to search info from search APIs
      .PARAMETER AdvancedSearch
      -AdvancedSearch ARRAY{filter:value,filter:value}
      Search with multiple criterias
      .PARAMETER SimpleSearchValue
      -SimpleSearchValue STRING{value}
      string to be searched with -SimpleSearchFilter parameter
      .PARAMETER SimpleSearchFilter
      -SimpleSearchFilter STRING{Get-OnypheSearchFilters}
      Filter to be used with string set with SimpleSearchValue parameter
      .PARAMETER SearchType
      -SearchType STRING{Get-OnypheSearchCategories}
      Search Type or Category
      -APIKey string{APIKEY}
      Set APIKEY as global variable
      .PARAMETER Page
      -page string{page number}
      go directly to a specific result page (1 to 1000)
         TypeName : System.Management.Automation.PSCustomObject
            Name MemberType Definition
            ---- ---------- ----------
            Equals Method bool Equals(System.Object obj)
            GetHashCode Method int GetHashCode()
            GetType Method type GetType()
            ToString Method string ToString()
            cli-API_info NoteProperty string[] cli-API_info=System.String[]
            cli-API_input NoteProperty string[] cli-API_input=System.String[]
            cli-key_required NoteProperty bool[] cli-key_required=System.Boolean[]
            cli-Request_Date NoteProperty datetime cli-Request_Date=15/08/2018 15:05:25
            count NoteProperty int count=10
            error NoteProperty int error=0
            max_page NoteProperty decimal max_page=1000,0
            myip NoteProperty string myip=
            page NoteProperty int page=1000
            results NoteProperty Object[] results=System.Object[]
            status NoteProperty string status=ok
            took NoteProperty string took=0.066
            total NoteProperty int total=157611
            count : 10
            error : 0
            max_page : 1000,0
            myip :
            page : 1000
            results : {@{@category=inetnum; @timestamp=2018-08-12T01:35:21.000Z; @type=ip; asn=AS16276; country=GB;
                            information=System.Object[]; ipv6=false; location=51.4964,-0.1224; netname=reduk2; organization=OVH
                            SAS; seen_date=2018-08-12; source=RIPE; subnet=}, @{@category=inetnum;
                            @timestamp=2018-08-12T01:35:21.000Z; @type=ip; asn=AS16276; country=FR;
                            information=System.Object[]; ipv6=false; location=48.8582,2.3387; netname=OVH_121297930;
                            organization=OVH SAS; seen_date=2018-08-12; source=RIPE; subnet=},
                            @{@category=inetnum; @timestamp=2018-08-12T01:35:21.000Z; @type=ip; asn=AS16276; country=FR;
                            information=System.Object[]; ipv6=false; location=48.8582,2.3387; netname=OVH_121298047;
                            organization=OVH SAS; seen_date=2018-08-12; source=RIPE; subnet=},
                            @{@category=inetnum; @timestamp=2018-08-12T01:35:21.000Z; @type=ip; asn=AS16276; country=FR;
                            information=System.Object[]; ipv6=false; location=48.8582,2.3387; netname=OVH_121298490;
                            organization=OVH SAS; seen_date=2018-08-12; source=RIPE; subnet=}...}
            status : ok
            took : 0.066
            total : 157611
            cli-API_info : {search/inetnum}
            cli-API_input : {organization:"OVH SAS"}
            cli-key_required : {True}
            cli-Request_Date : 15/08/2018 15:05:25
      AdvancedSearch with multiple criteria/filters
      Search with datascan for all IP matching the criteria : Apache web server listening on 443 tcp port hosted on Windows
      C:\PS> Invoke-APIOnypheSearch -AdvancedSearch @("product:Apache","port:443","os:Windows") -SearchType datascan
      simple search with one filter/criteria
      Search with threatlist for all IP matching the criteria : all IP from russia tagged by threat lists
      C:\PS> Invoke-APIOnypheSearch -SimpleSearchValue RU -SearchType threatlist -SimpleSearchFilter country

        [ValidateScript({$_ -match "^([1-9][0-9]{0,2}|1000)$"})]
        $ParameterNameType = 'SearchType'
        $RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
        $AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
        $ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute
        $ParameterAttribute.ValueFromPipeline = $false
        $ParameterAttribute.ValueFromPipelineByPropertyName = $false
        $ParameterAttribute.Mandatory = $true
        $ParameterAttribute.Position = 2
        $arrSet = Get-OnypheSearchCategories
        $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
        $RuntimeParameter = New-Object System.Management.Automation.RuntimeDefinedParameter($ParameterNameType, [string], $AttributeCollection)
        $RuntimeParameterDictionary.Add($ParameterNameType, $RuntimeParameter)
        $ParameterNameFilter = 'SimpleSearchFilter'
        $AttributeCollection2 = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
        $ParameterAttribute2 = New-Object System.Management.Automation.ParameterAttribute
        $ParameterAttribute2.ValueFromPipeline = $false
        $ParameterAttribute2.ValueFromPipelineByPropertyName = $false
        $ParameterAttribute2.Mandatory = $false
        $ParameterAttribute2.Position = 3
        $arrSet =  Get-OnypheSearchFilters
        $ValidateSetAttribute2 = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
        $RuntimeParameter2 = New-Object System.Management.Automation.RuntimeDefinedParameter($ParameterNameFilter, [string], $AttributeCollection2)
        $RuntimeParameterDictionary.Add($ParameterNameFilter, $RuntimeParameter2)
        return $RuntimeParameterDictionary
    Process {        
        $SearchType = $PsBoundParameters[$ParameterNameType]
        $SearchFilter = $PsBoundParameters[$ParameterNameFilter]
        if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
        if ($AdvancedSearch) {
            for ($i=0; $i -lt $AdvancedSearch.length; $i++) {
                $tmp = $null
                $tmp = $AdvancedSearch[$i] -split ":"
                if (($tmp[1] -match "\s") -and ($tmp[1] -notlike "`"*`"")) {$tmp[1] = "`"$($tmp[1])`""}
                $AdvancedSearch[$i] = $tmp -join ":"
            $tmpvalue = $AdvancedSearch -join " "
            $tmpvaluemd = [System.Uri]::EscapeURIString($tmpvalue)
            $params = @{
                request = "search/$($SearchType)/$($tmpvaluemd)"
                APIInput = @("$($tmpvalue)")
        } Else {
            if ($SimpleSearchValue -match "\s"){
                $SimpleSearchValue = "`"$($SimpleSearchValue)`""
                $SimpleSearchValuemd = [System.Uri]::EscapeURIString($SimpleSearchValue)
            } Else {
                $SimpleSearchValuemd = $SimpleSearchValue
            $params = @{
                request = "search/$($SearchType)/$($SearchFilter):$($SimpleSearchValuemd)"
                APIInput = @("$($SearchFilter):$($SimpleSearchValue)")
        if ($page) {$params.add('page',$page)}
        Write-Verbose -message "URL Info : $($params.request)"
        Invoke-Onyphe @params
    Function Update-OnypheFacetsFilters {
      Update Onyphe-Data-Model.xml local file containing a cache of available APIs, functions, filters from user API
      Update Onyphe-Data-Model.xml local file containing a cache of available APIs, functions, filters from user API
      Update Onyphe-Data-Model.xml local file containing a cache of available APIs, functions, filters from user API
      C:\PS> Update-OnypheFacetsFilters

    Param ( 
      Process {
        if ($APIKey) {Set-OnypheAPIKey -APIKey $APIKey | out-null}
            $params = @{
                request = "user/"
                APIInfo = "user"
                APIInput = "none"
                APIKeyrequired = $true
            Write-Verbose -message "URL Info : $($params.request)"  
            $userinfo = Invoke-Onyphe @params
            $XMLFilePath = join-path (Get-ScriptDirectory) "Onyphe-Data-Model.xml"
            if (test-path $XMLFilePath) {
                Write-Verbose -message "file Onyphe-Data-Model.xml already exists, removing the old file"
                Remove-Item -Path $XMLFilePath -Force
            if ($userinfo) {
                write-verbose -Message "generating new file from Onyphe User info"
                (Get-OnypheUserInfo).results | Select-Object -Property apis,filters,functions | Export-Clixml -Force -Path $XMLFilePath
    Function Export-OnypheDataShot {
      Export encoded base64 jpg file from a datashot category object
      Export encoded base64 jpg file from a datashot category object
      jpg file
      Export all screenshots available in powershell object $temp into C:\temp folder
      C:\PS> Export-OnypheDataShot -tofolder C:\temp -inputobject $temp

        Param (
                [ValidateScript({test-path "$($_)"})]
            [ValidateScript({(($_ | Get-Member | Select-Object -ExpandProperty TypeName -Unique) -eq 'System.Management.Automation.PSCustomObject') -or (($_ | Get-Member | Select-Object -ExpandProperty TypeName -Unique) -eq 'Deserialized.System.Management.Automation.PSCustomObject')})]
            Process {
                $ticks = (get-date).ticks.ToString()
                foreach ($result in $inputobject) {
                    $datashotsfilter = $result.results | Where-Object {$_.'@category' -eq 'datashot'}
                    foreach ($datashot in $datashotsfilter) {
                        if ($ {
                            $file = "$($ticks)_$($datashot.ip.Replace(".","-"))_$($datashot.port).jpg"
                            $fullfilepath = join-path $tofolder $file
                            if ($host.Version.Major -ge 6) {
                                [System.Convert]::FromBase64String($ | Set-Content $fullfilepath -AsByteStream -Force
                            } else {
                                [System.Convert]::FromBase64String($ | Set-Content $fullfilepath -Encoding Byte -Force

    New-Alias -Name Update-OnypheLocalData -value Update-OnypheFacetsFilters
    New-Alias -Name Get-Onyphe -Value Get-OnypheInfo
    New-Alias -Name Search-Onyphe -Value Search-OnypheInfo

    Export-ModuleMember -Function  Get-OnypheUserInfo, Search-OnypheInfo, Get-OnypheInfo, Get-OnypheInfoFromCSV, Export-OnypheInfoToFile, Export-OnypheDataShot,
                                                            Invoke-APIOnypheMD5, Invoke-APIOnypheOnionScan, Invoke-APIOnypheCtl, Invoke-APIOnypheSniffer, Invoke-APIOnypheUser, Invoke-APIOnypheSearch, Invoke-APIOnypheDataScan, Invoke-APIOnypheForward, Invoke-APIOnypheGeoloc, Invoke-APIOnypheIP, Invoke-APIOnypheInetnum, Invoke-APIOnypheMyIP, Invoke-APIOnyphePastries, Invoke-APIOnypheReverse, Invoke-APIOnypheSynScan, Invoke-APIOnypheThreatlist, Invoke-Onyphe,
                                                            Get-OnypheSearchCategories, Get-OnypheSearchFilters, Get-ScriptDirectory, Set-OnypheAPIKey, Update-OnypheFacetsFilters, Get-OnypheCliFacets, Get-OnypheStatsFromObject, Set-OnypheProxy, Import-OnypheEncryptedIKey, Get-OnypheAPIName
    Export-ModuleMember -Alias Update-OnypheLocalData, Get-Onyphe, Search-Onyphe