maxresults parameter in search() #574
Description
I would like to report an issue in the maxresults parameter of the search() function in SDK/Python/intelx/intelxapi.py code file.
According to the description of this parameter =>
maxresults option:
- Tells how many results to query maximum per bucket.
- Example: maxresults=100
The code should search for number of records = maxresults in each specified bucket. But, the code works such that totally maxresults records are retrieved and if found in any one bucket, it stops searching for records in other buckets. I have observed this as I have tried to execute and understand the search.py code by printing the value of maxresults and the times the loop runs to check what is the done condition.
An example scenario : I searched for a target with 10 records in leaks.logs and 5 records in pastes. [Got the stats from the webpage, intelx.io]. So, if maxresults are 5, the function should return 5 records from each bucket, but here, how it works is, it returns 5 records from leaks.logs and stops. It doesn't search in pastes. This changes the description to maximum number of results that can be queried. [Not per bucket]
Another observation is that, the buckets searched by IntelX are in the order specified in SDK/Intelligence X API.pdf, not in the order specified in the buckets parameter of this function. For example, if buckets=['leaks.logs','leaks.private.general'] is specified, then, it searches 1st in leaks.private.general and then in leaks.logs, not in the order I specified in buckets parameter.
This is not an issue, a suggestion, you can make a functionality to search buckets in the order specified by the user.