Sha256: be8c4ff5a91ec3b9080b5d0f10ea65dea4a20e992fca62dfb24ef0eaa23c4505
Contents?: true
Size: 1.78 KB
Versions: 9
Compression:
Stored size: 1.78 KB
Contents
# frozen_string_literal: true
require "securitytrails"
module Mihari
module Analyzers
class SecurityTrails < Base
include Mixins::Refang
param :query
option :title, default: proc { "SecurityTrails search" }
option :description, default: proc { "query = #{query}" }
option :tags, default: proc { [] }
attr_reader :type
def initialize(*args, **kwargs)
super
@query = refang(query)
@type = TypeChecker.type(query)
end
def artifacts
search || []
end
private
def configuration_keys
%w[securitytrails_api_key]
end
def api
@api ||= ::SecurityTrails::API.new(Mihari.config.securitytrails_api_key)
end
def valid_type?
%w[ip domain mail].include? type
end
def search
case type
when "domain"
domain_search
when "ip"
ip_search
when "mail"
mail_search
else
raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
end
end
def domain_search
result = api.history.get_all_dns_history(query, type: "a")
records = result["records"] || []
records.map do |record|
(record["values"] || []).map { |value| value["ip"] }
end.flatten.compact.uniq
end
def ip_search
result = api.domains.search(filter: { ipv4: query })
records = result["records"] || []
records.filter_map { |record| record["hostname"] }.uniq
end
def mail_search
result = api.domains.search(filter: { whois_email: query })
records = result["records"] || []
records.filter_map { |record| record["hostname"] }.uniq
end
end
end
end
Version data entries
9 entries across 9 versions & 1 rubygems