Sha256: 331dddb2b7525ff6db2a06a1879b83b882438a4ac8a4c6cbff4a9082f947ff76
Contents?: true
Size: 1.93 KB
Versions: 2
Compression:
Stored size: 1.93 KB
Contents
# frozen_string_literal: true
module Mihari
module Analyzers
class CIRCL < Base
include Mixins::Refang
# @return [String, nil]
attr_reader :type
# @return [String, nil]
attr_reader :username
# @return [String, nil]
attr_reader :password
#
# @param [String] query
# @param [Hash, nil] options
# @param [String, nil] username
# @param [String, nil] password
#
def initialize(query, options: nil, username: nil, password: nil)
super(refang(query), options: options)
@type = TypeChecker.type(query)
@username = username || Mihari.config.circl_passive_username
@password = password || Mihari.config.circl_passive_password
end
def artifacts
case type
when "domain"
passive_dns_search
when "hash"
passive_ssl_search
else
raise InvalidInputError, "#{@query}(type: #{@type || "unknown"}) is not supported."
end
end
def configured?
configuration_keys? || (username? && password?)
end
def configuration_keys
%w[circl_passive_password circl_passive_username]
end
private
def client
@client ||= Clients::CIRCL.new(username: username, password: password)
end
#
# Passive DNS search
#
# @return [Array<String>]
#
def passive_dns_search
results = client.dns_query(query)
results.filter_map do |result|
type = result["rrtype"]
(type == "A") ? result["rdata"] : nil
end.uniq
end
#
# Passive SSL search
#
# @return [Array<String>]
#
def passive_ssl_search
result = client.ssl_cquery(query)
seen = result["seen"] || []
seen.uniq
end
def username?
!username.nil?
end
def password?
!password.nil?
end
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| mihari-5.4.2 | lib/mihari/analyzers/circl.rb |
| mihari-5.4.1 | lib/mihari/analyzers/circl.rb |