Class: Mihari::Clients::VirusTotal

Inherits:

Base

• Object
• Base
• Mihari::Clients::VirusTotal

Defined in:

lib/mihari/clients/virustotal.rb

Overview

VirusTotal API client

Instance Attribute Summary

Attributes inherited from Base

#base_url, #headers, #pagination_interval, #timeout

Instance Method Summary

• #domain_search(query) ⇒ Hash
• #initialize(base_url = "https://www.virustotal.com", api_key:, headers: {}, pagination_interval: Mihari.config.pagination_interval, timeout: nil) ⇒ VirusTotal constructor

  A new instance of VirusTotal.

• #intel_search(query, cursor: nil) ⇒ Mihari::Structs::VirusTotalIntelligence::Response
• #intel_search_with_pagination(query, pagination_limit: Mihari.config.pagination_limit) ⇒ Enumerable<Mihari::Structs::VirusTotalIntelligence::Response>
• #ip_search(query) ⇒ Hash

Constructor Details

#initialize(base_url = "https://www.virustotal.com", api_key:, headers: {}, pagination_interval: Mihari.config.pagination_interval, timeout: nil) ⇒ VirusTotal

Returns a new instance of VirusTotal.

Parameters:

• base_url (String) (defaults to: "https://www.virustotal.com")
• api_key (String, nil)
• headers (Hash) (defaults to: {})
• pagination_interval (Integer) (defaults to: Mihari.config.pagination_interval)
• timeout (Integer, nil) (defaults to: nil)

Raises:

• (ArgumentError)

# File 'lib/mihari/clients/virustotal.rb', line 16

def initialize(
  base_url = "https://www.virustotal.com",
  api_key:,
  headers: {},
  pagination_interval: Mihari.config.pagination_interval,
  timeout: nil
)
  raise(ArgumentError, "api_key is required") if api_key.nil?

  headers["x-apikey"] = api_key

  super(base_url, headers:, pagination_interval:, timeout:)
end

Instance Method Details

#domain_search(query) ⇒ Hash

Parameters:

• query (String)

Returns:

• (Hash)

# File 'lib/mihari/clients/virustotal.rb', line 35

def domain_search(query)
  get_json "/api/v3/domains/#{query}/resolutions"
end

#intel_search(query, cursor: nil) ⇒ Mihari::Structs::VirusTotalIntelligence::Response

Parameters:

• query (String)
• cursor (String, nil) (defaults to: nil)

Returns:

• (Mihari::Structs::VirusTotalIntelligence::Response)

# File 'lib/mihari/clients/virustotal.rb', line 54

def intel_search(query, cursor: nil)
  params = {query:, cursor:}.compact
  Structs::VirusTotalIntelligence::Response.from_dynamic! get_json("/api/v3/intelligence/search", params:)
end

#intel_search_with_pagination(query, pagination_limit: Mihari.config.pagination_limit) ⇒ Enumerable<Mihari::Structs::VirusTotalIntelligence::Response>

Parameters:

• query (String)
• pagination_limit (Integer) (defaults to: Mihari.config.pagination_limit)

Returns:

• (Enumerable<Mihari::Structs::VirusTotalIntelligence::Response>)

# File 'lib/mihari/clients/virustotal.rb', line 65

def intel_search_with_pagination(query, pagination_limit: Mihari.config.pagination_limit)
  cursor = nil

  Enumerator.new do |y|
    pagination_limit.times do
      res = intel_search(query, cursor:)

      y.yield res

      cursor = res.meta.cursor
      break if cursor.nil?

      sleep_pagination_interval
    end
  end
end

#ip_search(query) ⇒ Hash

Parameters:

• query (String)

Returns:

• (Hash)

# File 'lib/mihari/clients/virustotal.rb', line 44

def ip_search(query)
  get_json "/api/v3/ip_addresses/#{query}/resolutions"
end