Sha256: 300d5cf599e71c8ae536cfa585b35f3b282bb93aed444722887a84792e27cf35

Contents?: true

Size: 1.87 KB

Versions: 5

Compression:

Stored size: 1.87 KB

Contents

# frozen_string_literal: true

module Mihari
  module Analyzers
    class CIRCL < Base
      include Mixins::Refang

      param :query

      # @return [String, nil]
      attr_reader :type

      # @return [String, nil]
      attr_reader :username

      # @return [String, nil]
      attr_reader :password

      # @return [String]
      attr_reader :query

      def initialize(*args, **kwargs)
        super

        @query = refang(query)
        @type = TypeChecker.type(query)

        @username = kwargs[:username] || Mihari.config.circl_passive_username
        @password = kwargs[:password] || Mihari.config.circl_passive_password
      end

      def artifacts
        case type
        when "domain"
          passive_dns_search
        when "hash"
          passive_ssl_search
        else
          raise InvalidInputError, "#{@query}(type: #{@type || "unknown"}) is not supported."
        end
      end

      def configured?
        configuration_keys.all? { |key| Mihari.config.send(key) } || (username? && password?)
      end

      private

      def configuration_keys
        %w[circl_passive_password circl_passive_username]
      end

      def client
        @client ||= Clients::CIRCL.new(username: username, password: password)
      end

      #
      # Passive DNS search
      #
      # @return [Array<String>]
      #
      def passive_dns_search
        results = client.dns_query(query)
        results.filter_map do |result|
          type = result["rrtype"]
          (type == "A") ? result["rdata"] : nil
        end.uniq
      end

      #
      # Passive SSL search
      #
      # @return [Array<String>]
      #
      def passive_ssl_search
        result = client.ssl_cquery(query)
        seen = result["seen"] || []
        seen.uniq
      end

      def username?
        !username.nil?
      end

      def password?
        !password.nil?
      end
    end
  end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version Path
mihari-5.2.2 lib/mihari/analyzers/circl.rb
mihari-5.2.1 lib/mihari/analyzers/circl.rb
mihari-5.2.0 lib/mihari/analyzers/circl.rb
mihari-5.1.4 lib/mihari/analyzers/circl.rb
mihari-5.1.3 lib/mihari/analyzers/circl.rb