Updated downloadOTX.sh

March 9, 2015 — Leave a comment

A couple weeks ago I blogged about my downloadOTX.sh script, which automates the collection of AlienVault OTX reports.  I hadn’t used this script in about a week, so I was surprised to see some 404 errors this morning:

[code]
$ ./downloadOTX.sh 62.141.45.205
–2015-03-09 10:47:29– http://www.alienvault.com/apps/api/threat/pdf/?ip=62.141.45.205
Resolving www.alienvault.com (www.alienvault.com)… 64.62.160.26
Connecting to www.alienvault.com (www.alienvault.com)|64.62.160.26|:80… connected.
HTTP request sent, awaiting response… 301 Moved Permanently
Location: https://www.alienvault.com/apps/api/threat/pdf/?ip=62.141.45.205 [following]
–2015-03-09 10:47:29– https://www.alienvault.com/apps/api/threat/pdf/?ip=62.141.45.205
Connecting to www.alienvault.com (www.alienvault.com)|64.62.160.26|:443… connected.
HTTP request sent, awaiting response… 404 NOT FOUND
2015-03-09 10:47:30 ERROR 404: NOT FOUND.
[/code]

So I investigated the issue and it didn’t take long to discover the new URL to obtain the report. I don’t know if this was a planned URL change on AlienVault’s part or…

Anyway, I’ve updated my Github Gist to reflect the new URL.

Simply change this:

[code language=”bash”]
wget http://www.alienvault.com/apps/api/threat/pdf/?ip=$args -O $path$prefix$args$suffix
[/code]

to this:

[code language=”bash”]
wget https://www.alienvault.com/apps/api/threat/ip/$args/pdf/?source=internal -O $path$prefix$args$suffix
[/code]

…and you’re back in business. Enjoy!

Aaron Melton

Posts

No Comments

Be the first to start the conversation.

Leave a Reply

Text formatting is available via select HTML.

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> 

*