Configure setup as modern installable package.

- Modernize setup to an installable package supporting pyproject.toml,
  Hatch and easy pipx installation. Command can now be called from a
  global entry point called `inquestlabs`.
- Inline dependencies in the package spec and deprecate requirements.txt.
- Unify version output from package metadata.
- Update documentation in README.md.

Tests: 88 passed in 1.31s

Author: dspruell-i01

.travis.yml

@@ -3,7 +3,7 @@ python:
   - "3.9"
 
 install:
-  - "pip install -r requirements.txt"
+  - "pip install ."
   - "pip install pytest pytest-mock coverage requests-mock"
 script:
   - coverage run -m pytest

README.md

@@ -4,14 +4,39 @@
 [![Codacy Badge](https://app.codacy.com/project/badge/Coverage/9da8a5cde7c34c849c73969ac3281be8)](https://www.codacy.com/gh/InQuest/python-inquestlabs/dashboard?utm_source=github.com&utm_medium=referral&utm_content=InQuest/python-inquestlabs&utm_campaign=Badge_Coverage)
 
 # python-inquestlabs
-A Pythonic interface and command line tool for interacting with the [InQuest Labs](https://labs.inquest.net) API. Note that an API key is *not* required to interact with this API. An API key does provide the ability to increase their lookback, remove rate limitations, and download available samples. Users can sign-in via OAuth to generate API keys. There is no cost to sign-in. Authentication is supported via LinkedIn, Twitter, Google, and Github. 
+A Pythonic interface and command line tool for interacting with the
+[InQuest Labs](https://labs.inquest.net) API. Note that an API key is *not*
+required to interact with this API. An API key does provide the ability to
+increase their lookback, remove rate limitations, and download available
+samples. Users can sign in via OAuth to generate API keys. There is no cost to
+sign in. Authentication is supported via LinkedIn, Twitter, Google, and
+Github.
 
-Searchable API documentation with multi-language snippets: https://labs.inquest.net/docs/
+Searchable API documentation with multi-language snippets:
+<https://labs.inquest.net/docs/>
 
-OpenAPI (Swagger) specification: https://app.swaggerhub.com/apis-docs/InQuest.net/InQuestLabs/1.0
+OpenAPI (Swagger) specification:
+<https://app.swaggerhub.com/apis-docs/InQuest.net/InQuestLabs/1.0>
+
+## Installation
+The recommended way to install python-inquestlabs for CLI use is using
+[pipx](https://pypa.github.io/pipx/). This installs the package and all
+dependencies in an isolated virtual environment that can be invoked easily.
+
+    pipx install inquestlabs
+
+Alternately, or in cases where you want to use python-inquestlabs as a library,
+you can install it using [pip](https://pip.pypa.io/).
+
+    pip install inquestlabs
 
 ## InQuest Labs Command Line Driver
+To see the available command line tools and options, see the output of
+`inquestlabs --help`. It'll look something like this:
+
 ```
+InQuest Labs Command Line Driver
+
 Usage:
     inquestlabs [options] dfi list
     inquestlabs [options] dfi details <sha256> [--attributes]
@@ -32,6 +57,9 @@ Usage:
     inquestlabs [options] yara hexcase <instring>
     inquestlabs [options] yara uint <instring> [--offset=<offset>] [--hex]
     inquestlabs [options] yara widere <regex> [(--big-endian|--little-endian)]
+    inquestlabs [options] lookup ip <ioc>
+    inquestlabs [options] lookup domain <ioc>
+    inquestlabs [options] report <ioc>
     inquestlabs [options] stats
     inquestlabs [options] setup <apikey>
     inquestlabs [options] trystero list-days
@@ -51,6 +79,7 @@ Options:
     --little-endian     Toggle little endian.
     --offset=<offset>   Specify an offset other than 0 for the trigger.
     --proxy=<proxy>     Intermediate proxy
+    --timeout=<timeout> Maximum amount of time to wait for IOC report.
     --verbose=<level>   Verbosity level, outputs to stderr [default: 0].
     --version           Show version.
 ```
@@ -59,29 +88,45 @@ Options:
 
 The following third-party projects integrate with InQuest Labs:
 
-  * [MalOverview](https://github.com/alexandreborges/malwoverview) from [@ale_sp_brazil](https://twitter.com/ale_sp_brazil).
-  * [EML Analyzer](https://eml-analyzer.herokuapp.com/) from [@ninoseki](https://twitter.com/ninoseki).
-  * ["Spoken" IOCs](https://github.com/safernandez666/IOC) from [@safernandez666](https://twitter.com/safernandez666).
-  * [Axial R4PTOR](https://ax1al.com/projects/r4pt0r) from [@AXI4L](https://twitter.com/AXI4L).
+* [MalOverview](https://github.com/alexandreborges/malwoverview) from
+  [@ale_sp_brazil](https://twitter.com/ale_sp_brazil).
+* [EML Analyzer](https://eml-analyzer.herokuapp.com/) from
+  [@ninoseki](https://twitter.com/ninoseki).
+* ["Spoken" IOCs](https://github.com/safernandez666/IOC) from
+  [@safernandez666](https://twitter.com/safernandez666).
+* [Axial R4PTOR](https://ax1al.com/projects/r4pt0r) from
+  [@AXI4L](https://twitter.com/AXI4L).
 
 Get in touch or issue a pull-request to get your project listed.
 
 ## Testing
 
-Use pytest to test each case (or individually by specifying which file to test):
+Use pytest to test each case (or individually by specifying which file to
+test):
 
 `pytest tests/*`
 
 ## The Trystero Project
 
-The vast majority of attacks (>90%) are email borne. The "Trystero Project" is our code name for an experiment that we're actively conducting to measure the security efficacy of the two largest mail providers, Google and Microsoft, against real-world emerging malware. The basic idea is this... let's take real-world threats daily and loop it through the two most popular cloud email providers, Google and Microsoft. We'll monitor which samples make it to the inbox and compare the results over the time. You can rea more, view graphs, explore data, and compare results at [InQuest Labs: Trystero Project](https://labs.inquest.net/trystero). If you're curious to explore the testing corpus further, see the following two command line options:
+The vast majority of attacks (>90%) are email-borne. The "Trystero Project" is
+our code name for an experiment that we're actively conducting to measure the
+security efficacy of the two largest mail providers, Google and Microsoft,
+against real-world emerging malware. The basic idea is this... let's take
+real-world threats daily and loop it through the two most popular cloud email
+providers, Google and Microsoft. We'll monitor which samples make it to the
+inbox and compare the results over the time. You can read more, view graphs,
+explore data, and compare results at [InQuest Labs: Trystero
+Project](https://labs.inquest.net/trystero). If you're curious to explore the
+testing corpus further, see the following two command line options:
 
 ### List Trystero Days
 
-For a list of days we have ran the Trystero Project and the number of samples harvested for each day. Note that `first_record` denotes the earliest record (2020-08-09):
+For a list of days we have ran the Trystero Project and the number of samples
+harvested for each day. Note that `first_record` denotes the earliest record
+(2020-08-09):
 
 ```
-$ python inquestlabs.py trystero list-days | jq .
+$ inquestlabs trystero list-days | jq .
 {
   "2021-01-08": 27,
   "2021-01-09": 26,
@@ -329,10 +374,13 @@ $ python inquestlabs.py trystero list-days | jq .
 
 ### List Trystero Samples
 
-You can receive further details about each sample from any given daily corpus. Information included is similar to the output of `dfi list` with the addition of `bypasses` that denotes which provider was bypassed and `available_on_labs` which states the sample can be seen on labs.inquest.net:
+You can receive further details about each sample from any given daily corpus.
+Information included is similar to the output of `dfi list` with the addition
+of `bypasses` that denotes which provider was bypassed and `available_on_labs`
+which states the sample can be seen on labs.inquest.net:
 
 ```
-$ python inquestlabs.py trystero list-samples 2021-06-29 | jq .
+$ inquestlabs trystero list-samples 2021-06-29 | jq .
 [
   {
     "analysis_completed": true,

inquestlabs.py

@@ -79,8 +79,12 @@
 import sys
 import os
 import re
+from importlib.metadata import version
 
-__version__ = 1.1
+# extract version from installed package metadata
+__application_name__ = "inquestlabs"
+__version__ = version(__application_name__)
+__full_version__ = f"{__application_name__} {__version__}"
 
 VALID_CAT    = ["ext", "hash", "ioc"]
 VALID_EXT    = ["code", "context", "metadata", "ocr"]

pyproject.toml

@@ -0,0 +1,48 @@
+[build-system]
+requires = ["hatchling", "wheel"]
+build-backend = "hatchling.build"
+
+[project]
+name = "inquestlabs"
+version = "1.2.1"
+license = {file = "LICENSE"}
+authors = [
+    # XXX What email should be used here?
+    { name="InQuest", email="support@inquest.net" },
+]
+description = "A Pythonic interface and CLI tool for the InQuest Labs API"
+readme = "README.md"
+requires-python = ">=3.9"
+dependencies = [
+	"attrs==22.1.0",
+	"certifi==2022.9.24",
+	"charset-normalizer==2.1.1",
+	"coverage==6.5.0",
+	"docopt==0.6.2",
+	"idna==3.4",
+	"iniconfig==1.1.1",
+	"packaging==21.3",
+	"pluggy==1.0.0",
+	"py==1.11.0",
+	"pyparsing==3.0.9",
+	"pytest==7.1.3",
+	"pytest-mock==3.9.0",
+	"requests==2.28.1",
+	"requests-mock==1.10.0",
+	"six==1.16.0",
+	"tomli==2.0.1",
+	"urllib3==1.26.12",
+]
+classifiers = [
+    "Programming Language :: Python :: 3",
+    "License :: OSI Approved :: GNU General Public License v2 (GPLv2)",
+    "Operating System :: OS Independent",
+]
+
+[project.scripts]
+inquestlabs = "inquestlabs:main"
+
+[project.urls]
+"Homepage" = "https://labs.inquest.net/"
+"Repository" = "https://github.com/InQuest/python-inquestlabs"
+"Bug Tracker" = "https://github.com/InQuest/python-inquestlabs/issues"