Sha256: 0bc51b9a82bf3fcafec2c434146b08ab4c9de1c9b079f5ce9917ca72c0be501f
Contents?: true
Size: 1.29 KB
Versions: 4
Compression:
Stored size: 1.29 KB
Contents
# frozen_string_literal: true
require "date"
require "virustotal"
module Ukemi
module Services
class VirusTotal < Service
private
def config_keys
%w(VIRUSTOTAL_API_KEY)
end
def api
@api ||= ::VirusTotal::API.new
end
def lookup_by_ip(data)
res = api.ip_address.resolutions(data)
attributes = extract_attributes(res)
convert_to_records attributes, "host_name"
end
def lookup_by_domain(data)
res = api.domain.resolutions(data)
attributes = extract_attributes(res)
convert_to_records attributes, "ip_address"
end
def extract_attributes(response)
data = response.dig("data") || []
data.map do |item|
item.dig("attributes") || []
end
end
def convert_to_records(attributes, key = nil)
memo = Hash.new { |h, k| h[k] = [] }
attributes.each do |attribute|
data = attribute.dig(key)
date = Time.at(attribute.dig("date")).to_date.to_s
memo[data] << date
end
memo.keys.map do |data|
Record.new(
data: data,
first_seen: memo[data].min,
last_seen: memo[data].max,
source: name
)
end
end
end
end
end
Version data entries
4 entries across 4 versions & 1 rubygems
| Version | Path |
|---|---|
| ukemi-0.4.0 | lib/ukemi/services/virustotal.rb |
| ukemi-0.3.0 | lib/ukemi/services/virustotal.rb |
| ukemi-0.2.0 | lib/ukemi/services/virustotal.rb |
| ukemi-0.1.0 | lib/ukemi/services/virustotal.rb |