Sha256: 342299d9b3c6e03cab4d9c842595b5e239d29657f34a1f997343c131b2337964
Contents?: true
Size: 1.27 KB
Versions: 1
Compression:
Stored size: 1.27 KB
Contents
# frozen_string_literal: true
require "date"
require "virustotal"
module Ukemi
module Services
class VirusTotal < Service
private
def config_keys
%w[VIRUSTOTAL_API_KEY]
end
def api
@api ||= ::VirusTotal::API.new
end
def lookup_by_ip(data)
res = api.ip_address.resolutions(data)
attributes = extract_attributes(res)
convert_to_records attributes, "host_name"
end
def lookup_by_domain(data)
res = api.domain.resolutions(data)
attributes = extract_attributes(res)
convert_to_records attributes, "ip_address"
end
def extract_attributes(response)
data = response["data"] || []
data.map do |item|
item["attributes"] || []
end
end
def convert_to_records(attributes, key = nil)
memo = Hash.new { |h, k| h[k] = [] }
attributes.each do |attribute|
data = attribute[key]
date = Time.at(attribute["date"]).to_date.to_s
memo[data] << date
end
memo.keys.map do |data|
Record.new(
data: data,
first_seen: memo[data].min,
last_seen: memo[data].max,
source: name
)
end
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| ukemi-0.4.1 | lib/ukemi/services/virustotal.rb |