#!/usr/bin/perl -w

use strict;

use Data::Dumper;
use Getopt::Std;
use CIF::Client;

my %opts;
getopt('g:hTHL:p:f:q:c:s:r:C:', \%opts);

my $query       = $opts{'q'} || shift;
our $debug       = ($opts{'d'}) ? 1 : 0;
my $c           = $opts{'C'} || $ENV{'HOME'}.'/.cif';
my $fields      = $opts{'f'};
my $severity    = $opts{'s'};
my $restriction = $opts{'r'} || 'private';
my $plugin      = $opts{'p'} || 'table';
my $max_desc    = $opts{'L'} || 100;
my $nolog       = $opts{'n'} || 0;
my $summary     = $opts{'S'};
my $nomap       = $opts{'N'};
my $confidence  = $opts{'c'} || 0;
our $uuid        = $opts{'u'} || 0;
our $relateduuid = $opts{'R'} || 0;
my $guid         = $opts{'g'};
my $plugs = join(',',CIF::Client::_plugins);
my $simple_hashes = (defined($opts{'H'})) ? $opts{'H'} : 1;
my $verify_tls = $opts{'T'};

die(usage()) unless($query || $opts{'h'});


sub usage {
    return <<EOF;
Usage: perl $0 -q xyz.com

    -h  --help:             this message
    -q  --query:            query string (use 'url\\/<md5|sha1>' for url hash lookups)
    -s  --severity:         severity (low,medium,high), default: high
    -c  --confidence:       lowest tolerated confidence (0.00 -- 100.00), default $confidence
    -r  --restriction:      restriction to be applied to results, default: $restriction
    -p  --plugin:           output plugin ($plugs), default: $plugin
    -n  --nolog             perform a "silent" query (no log query), default: $nolog
    -f  --fields:           set default output fields for default table display
    -S  --summary:          consolidated Text::Table output (default: 1 -- True)
    -N  --nomap:            don't map restrictions on server (queries only)
    -H  --simplehashes:     translate the complex json documents to simplified key value pairs, default: $simple_hashes
    -C  --config:           specify cofiguration file, default $c
    -T  --verify_tls:       verify tls hostname, default: $verify_tls
    -g  --guid:             set the default group id

Queries:

    \$> perl $0 -q 1.2.3.4
    \$> perl $0 -q 1.2.3.0/24
    \$> perl $0 -q f8e74165fb840026fd0fce1fd7d62f5d0e57e7ac
    \$> perl $0 -q hut2.ru
    \$> perl $0 -q hut2.ru,f8e74165fb840026fd0fce1fd7d62f5d0e57e7ac
    \$> perl $0 hut2.ru

Feeds:
    
    \$> perl $0 -q malware
    \$> perl $0 -q malware -s low
    \$> perl $0 -q infrastructure/network -s medium -p snort
    \$> perl $0 -q domain/malware -p bindzone -c 95 -s medium
    \$> perl $0 -q domain -s medium -c 40 -p raw -H 0 -r private

    configuration file ~/.cif should be readable and look something like:

    [client]
    host = https://example.com:443/api
    apikey = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    timeout = 60
    # add this if you have a self signed cert
    verify_tls = 0

EOF
}
my ($client,$err) = CIF::Client->new({ 
    config      => $c,
    fields      => $fields,
    max_desc    => $max_desc,
    nolog       => $nolog,
    simple_hashes => $simple_hashes,
    verify_tls  => $verify_tls,
    guid        => $guid,
});

die($err) unless($client);

my @q = split(/\,/,$query);
foreach (@q){
    my $feed = $client->GET(
        query       => $_,
        severity    => $severity,
        restriction => $restriction,
        nolog       => $nolog,
        nomap       => $nomap,
        confidence  => $confidence,
    );
    die('request failed with code: '.$client->responseCode()."\n\n".$client->responseContent()) unless($client->responseCode == 200);
   
    my $plug = 'CIF::Client::Plugin::'.ucfirst($plugin);
    eval "require $plug";
    die($@) if($@);
    $feed->{'query'} = $_;
    print $plug->write_out($client->{'config'},$feed,$summary) if($feed->{'feed'});
}
