class Mihari::Analyzers::SecurityTrails
Attributes
type[R]
Public Class Methods
new(*args, **kwargs)
click to toggle source
Calls superclass method
Mihari::Analyzers::Base::new
# File lib/mihari/analyzers/securitytrails.rb, line 17 def initialize(*args, **kwargs) super @query = refang(query) @type = TypeChecker.type(query) end
Public Instance Methods
artifacts()
click to toggle source
# File lib/mihari/analyzers/securitytrails.rb, line 24 def artifacts search || [] end
Private Instance Methods
api()
click to toggle source
# File lib/mihari/analyzers/securitytrails.rb, line 34 def api @api ||= ::SecurityTrails::API.new(Mihari.config.securitytrails_api_key) end
configuration_keys()
click to toggle source
# File lib/mihari/analyzers/securitytrails.rb, line 30 def configuration_keys %w[securitytrails_api_key] end
domain_search()
click to toggle source
Domain search
@return [Array<String>]
# File lib/mihari/analyzers/securitytrails.rb, line 70 def domain_search result = api.history.get_all_dns_history(query, type: "a") records = result["records"] || [] records.map do |record| (record["values"] || []).map { |value| value["ip"] } end.flatten.compact.uniq end
ip_search()
click to toggle source
IP search
@return [Array<String>]
# File lib/mihari/analyzers/securitytrails.rb, line 83 def ip_search result = api.domains.search(filter: { ipv4: query }) records = result["records"] || [] records.filter_map { |record| record["hostname"] }.uniq end
mail_search()
click to toggle source
Mail search
@return [Array<String>]
# File lib/mihari/analyzers/securitytrails.rb, line 94 def mail_search result = api.domains.search(filter: { whois_email: query }) records = result["records"] || [] records.filter_map { |record| record["hostname"] }.uniq end
search()
click to toggle source
IP/domain/mail search
@return [Array<String>]
# File lib/mihari/analyzers/securitytrails.rb, line 52 def search case type when "domain" domain_search when "ip" ip_search when "mail" mail_search else raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type? end end
valid_type?()
click to toggle source
Check whether a type is valid or not
@return [Boolean]
# File lib/mihari/analyzers/securitytrails.rb, line 43 def valid_type? %w[ip domain mail].include? type end