Metadata-Version: 2.4
Name: ps-banshee
Version: 1.1.3
Summary: PS Banshee is a command line tool used to access Recorded Future Intelligence. PS Banshee is designed to get you working quickly with Recorded Future.
Author-email: Ernest Bartosevic <ernest.bartosevic@recordedfuture.com>
Maintainer-email: Moise Medici <moise.medici@recordedfuture.com>, Ernest Bartosevic <ernest.bartosevic@recordedfuture.com>
License-Expression: MIT
Project-URL: Homepage, https://recordedfuture-professionalservices.github.io/ps-banshee/latest/
Project-URL: Changelog, https://recordedfuture-professionalservices.github.io/ps-banshee/latest/CHANGELOG/
Project-URL: Source, https://github.com/recordedfuture-professionalservices/ps-banshee
Keywords: API,Recorded Future,Cyber Security Engineering,Threat Intelligence,command line tool,CLI,ioc enrichment
Classifier: Environment :: Console
Classifier: Operating System :: OS Independent
Classifier: Intended Audience :: Information Technology
Classifier: Development Status :: 5 - Production/Stable
Classifier: Topic :: Security
Requires-Python: <3.14,>=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: typer<0.16.0
Requires-Dist: pyshark==0.6
Requires-Dist: polars~=1.34.0
Requires-Dist: psengine~=2.4.0
Provides-Extra: dev
Requires-Dist: build==1.0.3; extra == "dev"
Requires-Dist: ruff~=0.11.0; extra == "dev"
Requires-Dist: pytest==8.3.4; extra == "dev"
Requires-Dist: pytest-vcr==1.0.2; extra == "dev"
Requires-Dist: pytest-cov==6.0.0; extra == "dev"
Requires-Dist: pytest-mock==3.14.0; extra == "dev"
Requires-Dist: urllib3<2.3.0; extra == "dev"
Requires-Dist: mimesis>=12.1.0; extra == "dev"
Provides-Extra: docs
Requires-Dist: ruff~=0.11.0; extra == "docs"
Requires-Dist: mike~=2.1.3; extra == "docs"
Requires-Dist: mkdocs~=1.6.1; extra == "docs"
Requires-Dist: mkdocs-material~=9.6.18; extra == "docs"
Requires-Dist: mkdocstrings[python]>=0.18; extra == "docs"
Requires-Dist: griffe-typingdoc~=0.2.8; extra == "docs"
Dynamic: license-file

# PS Banshee

**PS Banshee** is a command-line interface (CLI) tool designed to provide quick and efficient access to Recorded Future Intelligence. Built for security professionals, PS Banshee helps streamline investigations and automate common security operations tasks.

---

## Key Features

- IOC lookup and search
- Packet capture (pcap) analysis
- Recorded Future Alert search, lookup, and update
- Recorded Future Detection Rules (YARA, Snort, Sigma) search and download
- Recorded Future Entity search and lookup
- Recorded Future List & Watch List management
- Recorded Future Playbook Alert search, lookup, and update
- Recorded Future Risk List download, and creation

## Installation

PS Banshee is available on [PyPI](https://pypi.org/project/ps-banshee/) and can be installed using `pip` or `pipx`.

> **Note:** PS Banshee requires Python 3.9 or later (up to 3.13).

### Recommended: pipx (isolated environment)
To install globally, run:

```bash
pipx install ps-banshee
```


> **Note:** If you don't have pipx installed, see the [installation guide](https://github.com/pypa/pipx?tab=readme-ov-file#install-pipx).


### Alternative: pip (current environment)
To install in the current environment, run:
```bash
pip install ps-banshee
```

### Dependencies

`pipx` will automatically resolve all Python dependencies.  
If you want to use the `pcap` command, you will also need:

- tshark 3.0.0 or later

### Command Auto Completion

After installing PS Banshee, you can enable command auto completion:

```bash
banshee --install-completion
```

Restart your shell to complete the installation. You can now use TAB to auto-complete commands.

## Usage

To see the list of available commands, run:

```bash
banshee -h
```

### Authorization

PS Banshee requires a Recorded Future API key, which can be provided as the `-k` or `--api-key` argument, or set as the `RF_TOKEN` environment variable.

```bash
banshee -k <RF_TOKEN> <command> <sub-command> <arguments>
```

### Proxies

If you are behind a proxy, set the `HTTP_PROXY` and `HTTPS_PROXY` environment variables.

To disable SSL verification, use the `-s` flag:

```bash
banshee -s ca rules
```

### Command Help

All commands support the `--help` (`-h`) option:

```bash
banshee -h
banshee ca --help
banshee ioc lookup --help
banshee list bulk-add -h
```

## Support

Submit a [support request](https://support.recordedfuture.com/hc/en-us/requests/new) for help alternatively reach out to [support@recordedfuture.com](mailto:support@recordedfuture.com).

---

**PS Banshee is developed and maintained by the Recorded Future Professional Services Cyber Security Engineers  🚀**
