Sha256: 8b0d45413070258d179510aa63bab59d528049feaaed8daf9ce4b7a11c8edf6a
Contents?: true
Size: 1.73 KB
Versions: 2
Compression:
Stored size: 1.73 KB
Contents
# frozen_string_literal: true
require "virustotal"
module Mihari
module Analyzers
class VirusTotal < Base
attr_reader :indicator
attr_reader :type
attr_reader :title
attr_reader :description
attr_reader :tags
def initialize(indicator, title: nil, description: nil, tags: [])
super()
@indicator = indicator
@type = TypeChecker.type(indicator)
@title = title || "VirusTotal lookup"
@description = description || "indicator = #{indicator}"
@tags = tags
end
def artifacts
lookup || []
end
private
def config_keys
%w(VIRUSTOTAL_API_KEY)
end
def api
@api = ::VirusTotal::API.new
end
def valid_type?
%w(ip domain).include? type
end
def lookup
case type
when "domain"
domain_lookup
when "ip"
ip_lookup
else
raise TypeError, "#{indicator}(type: #{type || 'unknown'}) is not supported." unless valid_type?
end
rescue ::VirusTotal::Error => _e
nil
end
def domain_lookup
begin
res = api.domain.resolutions(indicator)
rescue ::VirusTotal::Error => _e
return nil
end
data = res.dig("data") || []
data.map do |item|
item.dig("attributes", "ip_address")
end.compact.uniq
end
def ip_lookup
begin
res = api.ip_address.resolutions(indicator)
rescue ::VirusTotal::Error => _e
return nil
end
data = res.dig("data") || []
data.map do |item|
item.dig("attributes", "host_name")
end.compact.uniq
end
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| mihari-0.13.0 | lib/mihari/analyzers/virustotal.rb |
| mihari-0.12.0 | lib/mihari/analyzers/virustotal.rb |