Sha256: 1457b12c45fb6e2424691ab1c41c976e89406b6e2c1d7674efa4babd5c1aaa98
Contents?: true
Size: 1.44 KB
Versions: 9
Compression:
Stored size: 1.44 KB
Contents
# frozen_string_literal: true
require "parallel"
module Mihari
module Analyzers
class PassiveDNS < Base
attr_reader :query, :type, :title, :description, :tags
ANALYZERS = [
Mihari::Analyzers::CIRCL,
Mihari::Analyzers::OTX,
Mihari::Analyzers::PassiveTotal,
Mihari::Analyzers::Pulsedive,
Mihari::Analyzers::SecurityTrails,
Mihari::Analyzers::VirusTotal
].freeze
def initialize(query, title: nil, description: nil, tags: [])
super()
@query = query
@type = TypeChecker.type(query)
@title = title || "PassiveDNS cross search"
@description = description || "query = #{query}"
@tags = tags
end
def artifacts
Parallel.map(analyzers) do |analyzer|
run_analyzer analyzer
end.flatten
end
private
def valid_type?
%w[ip domain].include? type
end
def analyzers
raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
ANALYZERS.map do |klass|
klass.new(query)
end
end
def run_analyzer(analyzer)
analyzer.artifacts
rescue ArgumentError, InvalidInputError => _e
nil
rescue Faraday::Error, ::PassiveCIRCL::Error, ::PassiveTotal::Error, ::Pulsedive::ResponseError, ::SecurityTrails::Error, ::VirusTotal::Error => _e
nil
end
end
end
end
Version data entries
9 entries across 9 versions & 1 rubygems