Sha256: 08aa5b6de81f13d45469052cd33574e1dfb0416092746b23332f8891b225eca2

Contents?: true

Size: 1.49 KB

Versions: 6

Compression:

Stored size: 1.49 KB

Contents

# frozen_string_literal: true

require "urlscan"

module Mihari
  module Analyzers
    class Urlscan < Base
      attr_reader :title, :description, :query, :tags, :filter, :target_type, :use_pro, :use_similarity

      def initialize(
        query,
        description: nil,
        filter: nil,
        tags: [],
        target_type: "url",
        title: nil,
        use_pro: false,
        use_similarity: false
      )
        super()

        @query = query
        @title = title || "urlscan lookup"
        @description = description || "query = #{query}"
        @tags = tags

        @filter = filter
        @target_type = target_type
        @use_pro = use_pro
        @use_similarity = use_similarity

        raise InvalidInputError, "type should be url, domain or ip." unless valid_target_type?
      end

      def artifacts
        result = search
        return [] unless result

        results = result["results"] || []
        results.map do |match|
          match.dig "page", target_type
        end.compact.uniq
      end

      private

      def config_keys
        %w[urlscan_api_key]
      end

      def api
        @api ||= ::UrlScan::API.new(Mihari.config.urlscan_api_key)
      end

      def search
        return api.pro.similar(query) if use_similarity
        return api.pro.search(query: query, filter: filter, size: 10_000) if use_pro

        api.search(query, size: 10_000)
      end

      def valid_target_type?
        %w[url domain ip].include? target_type
      end
    end
  end
end

Version data entries

6 entries across 6 versions & 1 rubygems

Version Path
mihari-2.2.1 lib/mihari/analyzers/urlscan.rb
mihari-2.2.0 lib/mihari/analyzers/urlscan.rb
mihari-2.1.0 lib/mihari/analyzers/urlscan.rb
mihari-2.0.0 lib/mihari/analyzers/urlscan.rb
mihari-1.5.1 lib/mihari/analyzers/urlscan.rb
mihari-1.5.0 lib/mihari/analyzers/urlscan.rb