Sha256: 08aa5b6de81f13d45469052cd33574e1dfb0416092746b23332f8891b225eca2
Contents?: true
Size: 1.49 KB
Versions: 6
Compression:
Stored size: 1.49 KB
Contents
# frozen_string_literal: true
require "urlscan"
module Mihari
module Analyzers
class Urlscan < Base
attr_reader :title, :description, :query, :tags, :filter, :target_type, :use_pro, :use_similarity
def initialize(
query,
description: nil,
filter: nil,
tags: [],
target_type: "url",
title: nil,
use_pro: false,
use_similarity: false
)
super()
@query = query
@title = title || "urlscan lookup"
@description = description || "query = #{query}"
@tags = tags
@filter = filter
@target_type = target_type
@use_pro = use_pro
@use_similarity = use_similarity
raise InvalidInputError, "type should be url, domain or ip." unless valid_target_type?
end
def artifacts
result = search
return [] unless result
results = result["results"] || []
results.map do |match|
match.dig "page", target_type
end.compact.uniq
end
private
def config_keys
%w[urlscan_api_key]
end
def api
@api ||= ::UrlScan::API.new(Mihari.config.urlscan_api_key)
end
def search
return api.pro.similar(query) if use_similarity
return api.pro.search(query: query, filter: filter, size: 10_000) if use_pro
api.search(query, size: 10_000)
end
def valid_target_type?
%w[url domain ip].include? target_type
end
end
end
end
Version data entries
6 entries across 6 versions & 1 rubygems