lib/mihari/analyzers/shodan.rb in mihari-4.0.0 vs lib/mihari/analyzers/shodan.rb in mihari-4.1.0
- old
+ new
@@ -14,11 +14,11 @@
return [] unless results || results.empty?
results = results.map { |result| Structs::Shodan::Result.from_dynamic!(result) }
results.map do |result|
matches = result.matches || []
- matches.map { |match| build_artifact match }
+ matches.map { |match| build_artifact(match, matches) }
end.flatten.uniq(&:data)
end
private
@@ -72,17 +72,30 @@
end
responses
end
#
+ # Collect metadata from matches
+ #
+ # @param [Array<Structs::Shodan::Match>] matches
+ # @param [String] ip
+ #
+ # @return [Array<Hash>]
+ #
+ def collect_metadata_by_ip(matches, ip)
+ matches.select { |match| match.ip_str == ip }.map(&:metadata)
+ end
+
+ #
# Build an artifact from a Shodan search API response
#
# @param [Structs::Shodan::Match] match
+ # @param [Array<Structs::Shodan::Match>] matches
#
# @return [Artifact]
#
- def build_artifact(match)
+ def build_artifact(match, matches)
as = nil
as = AutonomousSystem.new(asn: normalize_asn(match.asn)) unless match.asn.nil?
geolocation = nil
if !match.location.country_name.nil? && !match.location.country_code.nil?
@@ -90,13 +103,15 @@
country: match.location.country_name,
country_code: match.location.country_code
)
end
+ metadata = collect_metadata_by_ip(matches, match.ip_str)
+
Artifact.new(
data: match.ip_str,
source: source,
- metadata: match.metadata,
+ metadata: metadata,
autonomous_system: as,
geolocation: geolocation
)
end
end