RubygemsResearch

Sha256: bca1f43b37fda003c0004b39e02acf25dc8ea8cb371e78973748795b28f9b760

Contents?: true

Size: 1.97 KB

Versions: 5

Compression:

Stored size: 1.97 KB

# frozen_string_literal: true

require "passive_circl"

module Mihari
  module Analyzers
    class CIRCL < Base
      include Mixins::Refang

      param :query

      # @return [String, nil]
      attr_reader :type

      # @return [String, nil]
      attr_reader :username

      # @return [String, nil]
      attr_reader :password

      def initialize(*args, **kwargs)
        super

        @query = refang(query)
        @type = TypeChecker.type(query)

        @username = kwargs[:username] || Mihari.config.circl_passive_username
        @password = kwargs[:password] || Mihari.config.circl_passive_password
      end

      def artifacts
        search || []
      end

      def configured?
        configuration_keys.all? { |key| Mihari.config.send(key) } || (username? && password?)
      end

      private

      def configuration_keys
        %w[circl_passive_password circl_passive_username]
      end

      def api
        @api ||= ::PassiveCIRCL::API.new(username: username, password: password)
      end

      #
      # Passive DNS/SSL search
      #
      # @return [Array<String>]
      #
      def search
        case @type
        when "domain"
          passive_dns_search
        when "hash"
          passive_ssl_search
        else
          raise InvalidInputError, "#{@query}(type: #{@type || "unknown"}) is not supported."
        end
      end

      #
      # Passive DNS search
      #
      # @return [Array<String>]
      #
      def passive_dns_search
        results = api.dns.query(@query)
        results.filter_map do |result|
          type = result["rrtype"]
          (type == "A") ? result["rdata"] : nil
        end.uniq
      end

      #
      # Passive SSL search
      #
      # @return [Array<String>]
      #
      def passive_ssl_search
        result = api.ssl.cquery(@query)
        seen = result["seen"] || []
        seen.uniq
      end

      def username?
        !username.nil?
      end

      def password?
        !password.nil?
      end
    end
  end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version	Path
mihari-5.1.0	lib/mihari/analyzers/circl.rb
mihari-5.0.1	lib/mihari/analyzers/circl.rb
mihari-5.0.0	lib/mihari/analyzers/circl.rb
mihari-4.12.0	lib/mihari/analyzers/circl.rb
mihari-4.11.0	lib/mihari/analyzers/circl.rb