Sha256: cebab8e3dd71eaf4e6827711463f83340ed01e005e9016d7a466d562bd30f6d9
Contents?: true
Size: 1.75 KB
Versions: 3
Compression:
Stored size: 1.75 KB
Contents
# frozen_string_literal: true
require "securitytrails"
module Mihari
module Analyzers
class SecurityTrails < Base
attr_reader :query, :type, :title, :description, :tags
def initialize(query, title: nil, description: nil, tags: [])
super()
@query = query
@type = TypeChecker.type(query)
@title = title || "SecurityTrails lookup"
@description = description || "query = #{query}"
@tags = tags
end
def artifacts
lookup || []
end
private
def config_keys
%w[securitytrails_api_key]
end
def api
@api ||= ::SecurityTrails::API.new(Mihari.config.securitytrails_api_key)
end
def valid_type?
%w[ip domain mail].include? type
end
def lookup
case type
when "domain"
domain_lookup
when "ip"
ip_lookup
when "mail"
mail_lookup
else
raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
end
end
def domain_lookup
result = api.history.get_all_dns_history(query, type: "a")
records = result["records"] || []
records.map do |record|
(record["values"] || []).map { |value| value["ip"] }
end.flatten.compact.uniq
end
def ip_lookup
result = api.domains.search(filter: {ipv4: query})
records = result["records"] || []
records.map { |record| record["hostname"] }.compact.uniq
end
def mail_lookup
result = api.domains.search(filter: {whois_email: query})
records = result["records"] || []
records.map { |record| record["hostname"] }.compact.uniq
end
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| mihari-2.0.0 | lib/mihari/analyzers/securitytrails.rb |
| mihari-1.5.1 | lib/mihari/analyzers/securitytrails.rb |
| mihari-1.5.0 | lib/mihari/analyzers/securitytrails.rb |