class Mihari::Emitters::Attachment
Public Instance Methods
actions()
click to toggle source
# File lib/mihari/emitters/slack.rb, line 17 def actions [vt_link, urlscan_link, censys_link, shodan_link].compact end
censys_link()
click to toggle source
# File lib/mihari/emitters/slack.rb, line 33 def censys_link return nil unless _censys_link { type: "button", text: "Censys", url: _censys_link } end
shodan_link()
click to toggle source
# File lib/mihari/emitters/slack.rb, line 39 def shodan_link return nil unless _shodan_link { type: "button", text: "Shodan", url: _shodan_link } end
to_a()
click to toggle source
@return [Array]
# File lib/mihari/emitters/slack.rb, line 46 def to_a [ { text: defanged_data, fallback: "VT & urlscan.io links", actions: actions } ] end
urlscan_link()
click to toggle source
# File lib/mihari/emitters/slack.rb, line 27 def urlscan_link return nil unless _urlscan_link { type: "button", text: "urlscan.io", url: _urlscan_link } end
vt_link()
click to toggle source
# File lib/mihari/emitters/slack.rb, line 21 def vt_link return nil unless _vt_link { type: "button", text: "VirusTotal", url: _vt_link } end
Private Instance Methods
_censys_link()
click to toggle source
@return [String, nil]
# File lib/mihari/emitters/slack.rb, line 90 def _censys_link data_type == "ip" ? "https://search.censys.io/hosts/#{data}" : nil end
_shodan_link()
click to toggle source
@return [String, nil]
# File lib/mihari/emitters/slack.rb, line 96 def _shodan_link data_type == "ip" ? "https://www.shodan.io/host/#{data}" : nil end
_urlscan_link()
click to toggle source
@return [String, nil]
# File lib/mihari/emitters/slack.rb, line 59 def _urlscan_link case data_type when "ip" "https://urlscan.io/ip/#{data}" when "domain" "https://urlscan.io/domain/#{data}" when "url" uri = URI(data) "https://urlscan.io/domain/#{uri.hostname}" end end
_vt_link()
click to toggle source
@return [String, nil]
# File lib/mihari/emitters/slack.rb, line 73 def _vt_link case data_type when "hash" "https://www.virustotal.com/#/file/#{data}" when "ip" "https://www.virustotal.com/#/ip-address/#{data}" when "domain" "https://www.virustotal.com/#/domain/#{data}" when "url" "https://www.virustotal.com/#/url/#{sha256}" when "mail" "https://www.virustotal.com/#/search/#{data}" end end
defanged_data()
click to toggle source
@return [String]
# File lib/mihari/emitters/slack.rb, line 107 def defanged_data @defanged_data ||= data.to_s.gsub(/\./, "[.]") end
sha256()
click to toggle source
@return [String]
# File lib/mihari/emitters/slack.rb, line 102 def sha256 Digest::SHA256.hexdigest data end