Class: PassiveDNS::VirusTotal

Inherits:
PassiveDB show all
Defined in:
lib/passivedns/client/virustotal.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ VirusTotal

Returns a new instance of VirusTotal.



22
23
24
25
26
 
# File 'lib/passivedns/client/virustotal.rb', line 22

def initialize(options={})
  @debug = options[:debug] || false
  @apikey = options["APIKEY"] || raise("#{self.class.name} requires an APIKEY.  See README.md")
  @url = options["URL"] || "https://www.virustotal.com/vtapi/v2/"
end

Instance Attribute Details

#debugObject

Returns the value of attribute debug.



21
22
23
 
# File 'lib/passivedns/client/virustotal.rb', line 21

def debug
  @debug
end

Class Method Details

.config_section_nameObject

override



13
14
15
 
# File 'lib/passivedns/client/virustotal.rb', line 13

def self.config_section_name
  "virustotal"
end

.nameObject

override



9
10
11
 
# File 'lib/passivedns/client/virustotal.rb', line 9

def self.name
  "VirusTotal"
end

.option_letterObject

override



17
18
19
 
# File 'lib/passivedns/client/virustotal.rb', line 17

def self.option_letter
  "v"
end

Instance Method Details

#lookup(label, limit = nil) ⇒ Object 



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/passivedns/client/virustotal.rb', line 47

def lookup(label, limit=nil)
  $stderr.puts "DEBUG: #{self.class.name}.lookup(#{label})" if @debug
  Timeout::timeout(240) {
    url = nil
    if label =~ /^[\d\.]+$/
      url = "#{@url}ip-address/report?ip=#{label}&apikey=#{@apikey}"
    else
      url = "#{@url}domain/report?domain=#{label}&apikey=#{@apikey}"
    end
    $stderr.puts "DEBUG: #{self.class.name} url = #{url}" if @debug
    url = URI.parse url
    http = Net::HTTP.new(url.host, url.port)
    http.use_ssl = (url.scheme == 'https')
    http.verify_mode = OpenSSL::SSL::VERIFY_NONE
    http.verify_depth = 5
    request = Net::HTTP::Get.new(url.path+"?"+url.query)
    request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} passivedns-client rubygem v#{PassiveDNS::Client::VERSION}")
    t1 = Time.now
    response = http.request(request)
    t2 = Time.now
    recs = parse_json(response.body, label, t2-t1)
      if limit
        recs[0,limit]
      else
        recs
      end
  }
rescue Timeout::Error => e
  $stderr.puts "#{self.class.name} lookup timed out: #{label}"
end

#parse_json(page, query, response_time = 0) ⇒ Object 



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/passivedns/client/virustotal.rb', line 28

def parse_json(page,query,response_time=0)
  res = []
  # need to remove the json_class tag or the parser will crap itself trying to find a class to align it to
  data = JSON.parse(page)
  if data['resolutions']
    data['resolutions'].each do |row|
      if row['ip_address']
        res << PDNSResult.new(self.class.name,response_time,query,row['ip_address'],'A',nil,nil,row['last_resolved'])
      elsif row['hostname']
        res << PDNSResult.new(self.class.name,response_time,row['hostname'],query,'A',nil,nil,row['last_resolved'])
      end
    end
  end
  res
rescue Exception => e
  $stderr.puts "VirusTotal Exception: #{e}"
  raise e
end