Sha256: be8c4ff5a91ec3b9080b5d0f10ea65dea4a20e992fca62dfb24ef0eaa23c4505
Contents?: true
Size: 1.78 KB
Versions: 9
Compression:
Stored size: 1.78 KB
Contents
# frozen_string_literal: true require "securitytrails" module Mihari module Analyzers class SecurityTrails < Base include Mixins::Refang param :query option :title, default: proc { "SecurityTrails search" } option :description, default: proc { "query = #{query}" } option :tags, default: proc { [] } attr_reader :type def initialize(*args, **kwargs) super @query = refang(query) @type = TypeChecker.type(query) end def artifacts search || [] end private def configuration_keys %w[securitytrails_api_key] end def api @api ||= ::SecurityTrails::API.new(Mihari.config.securitytrails_api_key) end def valid_type? %w[ip domain mail].include? type end def search case type when "domain" domain_search when "ip" ip_search when "mail" mail_search else raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type? end end def domain_search result = api.history.get_all_dns_history(query, type: "a") records = result["records"] || [] records.map do |record| (record["values"] || []).map { |value| value["ip"] } end.flatten.compact.uniq end def ip_search result = api.domains.search(filter: { ipv4: query }) records = result["records"] || [] records.filter_map { |record| record["hostname"] }.uniq end def mail_search result = api.domains.search(filter: { whois_email: query }) records = result["records"] || [] records.filter_map { |record| record["hostname"] }.uniq end end end end
Version data entries
9 entries across 9 versions & 1 rubygems