class Mihari::Analyzers::PassiveTotal
Attributes
type[R]
Public Class Methods
new(*args, **kwargs)
click to toggle source
Calls superclass method
Mihari::Analyzers::Base::new
# File lib/mihari/analyzers/passivetotal.rb, line 17 def initialize(*args, **kwargs) super @query = refang(query) @type = TypeChecker.type(query) end
Public Instance Methods
artifacts()
click to toggle source
# File lib/mihari/analyzers/passivetotal.rb, line 24 def artifacts search || [] end
Private Instance Methods
api()
click to toggle source
# File lib/mihari/analyzers/passivetotal.rb, line 34 def api @api ||= ::PassiveTotal::API.new(username: Mihari.config.passivetotal_username, api_key: Mihari.config.passivetotal_api_key) end
configuration_keys()
click to toggle source
# File lib/mihari/analyzers/passivetotal.rb, line 30 def configuration_keys %w[passivetotal_username passivetotal_api_key] end
passive_dns_search()
click to toggle source
Passive DNS search
@return [Array<String>]
# File lib/mihari/analyzers/passivetotal.rb, line 70 def passive_dns_search res = api.dns.passive_unique(query) res["results"] || [] end
reverse_whois_search()
click to toggle source
Reverse whois search
@return [Array<String>]
# File lib/mihari/analyzers/passivetotal.rb, line 80 def reverse_whois_search res = api.whois.search(query: query, field: "email") results = res["results"] || [] results.map do |result| result["domain"] end.flatten.compact.uniq end
search()
click to toggle source
Passive DNS/SSL, reverse whois search
@return [Array<String>]
# File lib/mihari/analyzers/passivetotal.rb, line 52 def search case type when "domain", "ip" passive_dns_search when "mail" reverse_whois_search when "hash" ssl_search else raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type? end end
ssl_search()
click to toggle source
Passive SSL search
@return [Array<String>]
# File lib/mihari/analyzers/passivetotal.rb, line 93 def ssl_search res = api.ssl.history(query) results = res["results"] || [] results.map do |result| result["ipAddresses"] end.flatten.compact.uniq end
valid_type?()
click to toggle source
Check whether a type is valid or not
@return [Boolean]
# File lib/mihari/analyzers/passivetotal.rb, line 43 def valid_type? %w[ip domain mail hash].include? type end