class OTX::IP

Public Instance Methods

get_general(ip, type = :ipv4) click to toggle source
# File lib/otx_ruby/ip.rb, line 3
def get_general(ip, type = :ipv4)
  uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/general"

  json_data = get(uri)

  general = OTX::Indicator::IP::General.new(json_data)

  return general
end
get_geo(ip, type = :ipv4) click to toggle source
# File lib/otx_ruby/ip.rb, line 25
def get_geo(ip, type = :ipv4)
  uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/geo"

  json_data = get(uri)

  geo = OTX::Indicator::IP::Geo.new(json_data)

  return geo
end
get_http_scans(ip, type = :ipv4) click to toggle source
# File lib/otx_ruby/ip.rb, line 92
def get_http_scans(ip, type = :ipv4)
  uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/http_scans"

  json_data = get(uri)

  results = []
  json_data['data'].each do |http_scan|
    results << OTX::Indicator::IP::HTTPScan.new(http_scan)
  end

  return results
end
get_malware(ip, type = :ipv4) click to toggle source
# File lib/otx_ruby/ip.rb, line 35
def get_malware(ip, type = :ipv4)
  uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/malware"
  malwares = []
  params = {}

  begin
    json_data = get(uri, params)
    page = json_data['next']

    params = URI::decode_www_form(URI(page).query).to_h unless page.nil?

    malwares += json_data['data']
  end while page && !json_data['data'].empty?

  results = []
  malwares.each do |malware|
    results << OTX::Indicator::IP::Malware.new(malware)
  end

  return results
end
get_nids_list(ip, type = :ipv4) click to toggle source

NIDS rules associated with an IP

@param ip [String] IP Address for lookup @param type [String] Format of IP Address e.g 'IPv4', 'IPv6' @return [Object] Object created from NIDS list json data

# File lib/otx_ruby/ip.rb, line 112
def get_nids_list(ip, type = :ipv4)
  uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/nids_list"

  json_data = get(uri)

  nids_list = OTX::Indicator::IP::NidsList.new(json_data)

  return nids_list
end
get_passive_dns(ip, type = :ipv4) click to toggle source
# File lib/otx_ruby/ip.rb, line 79
def get_passive_dns(ip, type = :ipv4)
  uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/passive_dns"

  json_data = get(uri)

  results = []
  json_data['passive_dns'].each do |dns|
    results << OTX::Indicator::IP::DNS.new(dns)
  end

  return results
end
get_reputation(ip, type = :ipv4) click to toggle source
# File lib/otx_ruby/ip.rb, line 13
def get_reputation(ip, type = :ipv4)
  uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/reputation"

  json_data = get(uri)

  if json_data['reputation']
    reputation = OTX::Indicator::IP::Reputation.new(json_data["reputation"])
  end

  return reputation
end
get_url_list(ip, type = :ipv4) click to toggle source
# File lib/otx_ruby/ip.rb, line 57
def get_url_list(ip, type = :ipv4)
  uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/url_list"

  page = 0
  url_list = []
  begin
    page += 1
    params = {limit: 20, page: page}
    json_data = get(uri, params)
    has_next = json_data['has_next']

    url_list += json_data['url_list']
  end while has_next

  results = []
  url_list.each do |url|
    results << OTX::Indicator::IP::URL.new(url)
  end

  return results
end