class Mihari::Analyzers::VirusTotal
Attributes
type[R]
Public Class Methods
new(*args, **kwargs)
click to toggle source
Calls superclass method
Mihari::Analyzers::Base::new
# File lib/mihari/analyzers/virustotal.rb, line 17 def initialize(*args, **kwargs) super @query = refang(query) @type = TypeChecker.type(query) end
Public Instance Methods
artifacts()
click to toggle source
# File lib/mihari/analyzers/virustotal.rb, line 24 def artifacts search || [] end
Private Instance Methods
api()
click to toggle source
# File lib/mihari/analyzers/virustotal.rb, line 34 def api @api = ::VirusTotal::API.new(key: Mihari.config.virustotal_api_key) end
configuration_keys()
click to toggle source
# File lib/mihari/analyzers/virustotal.rb, line 30 def configuration_keys %w[virustotal_api_key] end
domain_search()
click to toggle source
Domain search
@return [Array<String>]
# File lib/mihari/analyzers/virustotal.rb, line 68 def domain_search res = api.domain.resolutions(query) data = res["data"] || [] data.filter_map do |item| item.dig("attributes", "ip_address") end.uniq end
ip_search()
click to toggle source
IP search
@return [Array<String>]
# File lib/mihari/analyzers/virustotal.rb, line 82 def ip_search res = api.ip_address.resolutions(query) data = res["data"] || [] data.filter_map do |item| item.dig("attributes", "host_name") end.uniq end
search()
click to toggle source
Search
@return [Array<String>]
# File lib/mihari/analyzers/virustotal.rb, line 52 def search case type when "domain" domain_search when "ip" ip_search else raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type? end end
valid_type?()
click to toggle source
Check whether a type is valid or not
@return [Boolean]
# File lib/mihari/analyzers/virustotal.rb, line 43 def valid_type? %w[ip domain].include? type end