Sha256: c3337a407a1b89d2790af24336568021097f59665ae52b4a049e53fd4eb3f5d3
Contents?: true
Size: 1.75 KB
Versions: 1
Compression:
Stored size: 1.75 KB
Contents
# frozen_string_literal: true
require "securitytrails"
module Mihari
module Analyzers
class SecurityTrails < Base
attr_reader :query
attr_reader :type
attr_reader :title
attr_reader :description
attr_reader :tags
def initialize(query, title: nil, description: nil, tags: [])
super()
@query = query
@type = TypeChecker.type(query)
@title = title || "SecurityTrails lookup"
@description = description || "query = #{query}"
@tags = tags
end
def artifacts
lookup || []
end
private
def config_keys
%w(SECURITYTRAILS_API_KEY)
end
def api
@api ||= ::SecurityTrails::API.new
end
def valid_type?
%w(ip domain mail).include? type
end
def lookup
case type
when "domain"
domain_lookup
when "ip"
ip_lookup
when "mail"
mail_lookup
else
raise TypeError, "#{query}(type: #{type || 'unknown'}) is not supported." unless valid_type?
end
rescue ::SecurityTrails::Error => _e
nil
end
def domain_lookup
result = api.history.get_all_dns_history(query, "a")
records = result.records || []
records.map do |record|
(record.values || []).map(&:ip)
end.flatten.compact.uniq
end
def ip_lookup
result = api.domains.search( filter: { ipv4: query })
records = result.records || []
records.map(&:hostname).compact.uniq
end
def mail_lookup
result = api.domains.search( filter: { whois_email: query })
records = result.records || []
records.map(&:hostname).compact.uniq
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| mihari-0.12.0 | lib/mihari/analyzers/securitytrails.rb |