Class: PassiveDNS::Provider::VirusTotal

Inherits:

PassiveDNS::PassiveDB

Object
PassiveDNS::PassiveDB
PassiveDNS::Provider::VirusTotal

show all

Defined in:: lib/passivedns/client/provider/virustotal.rb

Overview

Queries VirusTotal’s passive DNS database

Instance Attribute Summary collapse

#debug ⇒ Object

:debug enables verbose logging to standard output.

Class Method Summary collapse

.config_section_name ⇒ Object

Sets the configuration section name to “virustotal”.
.name ⇒ Object

Sets the modules self-reported name to “VirusTotal”.
.option_letter ⇒ Object

Sets the command line database argument to “v”.

Instance Method Summary collapse

#initialize(options = {}) ⇒ VirusTotal constructor

Options * :debug Sets the debug flag for the module * “APIKEY” Mandatory.
#lookup(label, limit = nil) ⇒ Object

Takes a label (either a domain or an IP address) and returns an array of PassiveDNS::PDNSResult instances with the answers to the query.

Constructor Details

#initialize(options = {}) ⇒ `VirusTotal`

Options

:debug Sets the debug flag for the module
“APIKEY” Mandatory. API Key associated with your VirusTotal account
“URL” Alternate url for testing. Defaults to www.virustotal.com/vtapi/v2/

Example Instantiation

options = {
  :debug => true,
  "APIKEY" => "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
  "URL" => "https://www.virustotal.com/vtapi/v2/"
}

PassiveDNS::Provider::VirusTotal.new(options)

# File 'lib/passivedns/client/provider/virustotal.rb', line 42

def initialize(options={})
  @debug = options[:debug] || false
  @apikey = options["APIKEY"] || raise("#{self.class.name} requires an APIKEY.  See README.md")
  @url = options["URL"] || "https://www.virustotal.com/vtapi/v2/"
end

Instance Attribute Details

#debug ⇒ `Object`

:debug enables verbose logging to standard output



25
26
27

# File 'lib/passivedns/client/provider/virustotal.rb', line 25

def debug
  @debug
end

Class Method Details

.config_section_name ⇒ `Object`

Sets the configuration section name to “virustotal”



16
17
18

# File 'lib/passivedns/client/provider/virustotal.rb', line 16

def self.config_section_name
  "virustotal"
end

.name ⇒ `Object`

Sets the modules self-reported name to “VirusTotal”



12
13
14

# File 'lib/passivedns/client/provider/virustotal.rb', line 12

def self.name
  "VirusTotal"
end

.option_letter ⇒ `Object`

Sets the command line database argument to “v”



20
21
22

# File 'lib/passivedns/client/provider/virustotal.rb', line 20

def self.option_letter
  "v"
end

Instance Method Details

#lookup(label, limit = nil) ⇒ `Object`

Takes a label (either a domain or an IP address) and returns an array of PassiveDNS::PDNSResult instances with the answers to the query

# File 'lib/passivedns/client/provider/virustotal.rb', line 50

def lookup(label, limit=nil)
	$stderr.puts "DEBUG: #{self.class.name}.lookup(#{label})" if @debug
	Timeout::timeout(240) {
		url = nil
		if label =~ /^[\d\.]+$/
			url = "#{@url}ip-address/report?ip=#{label}&apikey=#{@apikey}"
		else
			url = "#{@url}domain/report?domain=#{label}&apikey=#{@apikey}"
		end
		$stderr.puts "DEBUG: #{self.class.name} url = #{url}" if @debug
		url = URI.parse url
		http = Net::HTTP.new(url.host, url.port)
		http.use_ssl = (url.scheme == 'https')
		http.verify_mode = OpenSSL::SSL::VERIFY_NONE
		http.verify_depth = 5
		request = Net::HTTP::Get.new(url.path+"?"+url.query)
		request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} passivedns-client rubygem v#{PassiveDNS::Client::VERSION}")
		t1 = Time.now
		response = http.request(request)
		t2 = Time.now
		recs = parse_json(response.body, label, t2-t1)
      if limit
        recs[0,limit]
      else
        recs
      end
	}
rescue Timeout::Error => e
	$stderr.puts "#{self.class.name} lookup timed out: #{label}"
end