Sha256: 08aa5b6de81f13d45469052cd33574e1dfb0416092746b23332f8891b225eca2
Contents?: true
Size: 1.49 KB
Versions: 6
Compression:
Stored size: 1.49 KB
Contents
# frozen_string_literal: true require "urlscan" module Mihari module Analyzers class Urlscan < Base attr_reader :title, :description, :query, :tags, :filter, :target_type, :use_pro, :use_similarity def initialize( query, description: nil, filter: nil, tags: [], target_type: "url", title: nil, use_pro: false, use_similarity: false ) super() @query = query @title = title || "urlscan lookup" @description = description || "query = #{query}" @tags = tags @filter = filter @target_type = target_type @use_pro = use_pro @use_similarity = use_similarity raise InvalidInputError, "type should be url, domain or ip." unless valid_target_type? end def artifacts result = search return [] unless result results = result["results"] || [] results.map do |match| match.dig "page", target_type end.compact.uniq end private def config_keys %w[urlscan_api_key] end def api @api ||= ::UrlScan::API.new(Mihari.config.urlscan_api_key) end def search return api.pro.similar(query) if use_similarity return api.pro.search(query: query, filter: filter, size: 10_000) if use_pro api.search(query, size: 10_000) end def valid_target_type? %w[url domain ip].include? target_type end end end end
Version data entries
6 entries across 6 versions & 1 rubygems