mihari 5.2.4 → 5.3.0

data/lib/mihari/analyzers/circl.rb

@@ -5,8 +5,6 @@ module Mihari
     class CIRCL < Base
       include Mixins::Refang
 
-      param :query
-
       # @return [String, nil]
       attr_reader :type
 
@@ -16,17 +14,19 @@ module Mihari
       # @return [String, nil]
       attr_reader :password
 
-      # @return [String]
-      attr_reader :query
-
-      def initialize(*args, **kwargs)
-        super
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] username
+      # @param [String, nil] password
+      #
+      def initialize(query, options: nil, username: nil, password: nil)
+        super(refang(query), options: options)
 
-        @query = refang(query)
         @type = TypeChecker.type(query)
 
-        @username = kwargs[:username] || Mihari.config.circl_passive_username
-        @password = kwargs[:password] || Mihari.config.circl_passive_password
+        @username = username || Mihari.config.circl_passive_username
+        @password = password || Mihari.config.circl_passive_password
       end
 
       def artifacts

data/lib/mihari/analyzers/crtsh.rb

@@ -3,15 +3,19 @@
 module Mihari
   module Analyzers
     class Crtsh < Base
-      param :query
-
-      option :exclude_expired, default: proc { true }
-
       # @return [Boolean]
       attr_reader :exclude_expired
 
-      # @return [String]
-      attr_reader :query
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [Bool] exclude_expired
+      #
+      def initialize(query, options: nil, exclude_expired: true)
+        super(query, options: options)
+
+        @exclude_expired = exclude_expired
+      end
 
       def artifacts
         results = search

data/lib/mihari/analyzers/dnstwister.rb

@@ -5,18 +5,16 @@ module Mihari
     class DNSTwister < Base
       include Mixins::Refang
 
-      param :query
-
       # @return [String]
       attr_reader :type
 
-      # @return [String]
-      attr_reader :query
-
-      def initialize(*args, **kwargs)
-        super
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      #
+      def initialize(query, options: nil)
+        super(refang(query), options: options)
 
-        @query = refang(query)
         @type = TypeChecker.type(query)
       end
 

data/lib/mihari/analyzers/feed.rb

@@ -6,16 +6,6 @@ require "mihari/feed/parser"
 module Mihari
   module Analyzers
     class Feed < Base
-      param :query
-
-      option :method, default: proc { "GET" }
-      option :headers, default: proc { {} }
-      option :params, default: proc {}
-      option :json, default: proc {}
-      option :data, default: proc {}
-
-      option :selector, default: proc { "" }
-
       # @return [Hash, nil]
       attr_reader :data
 
@@ -37,6 +27,27 @@ module Mihari
       # @return [String]
       attr_reader :query
 
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String] method
+      # @param [Hash] headers
+      # @param [Hash] params
+      # @param [Hash] json
+      # @param [Hash] data
+      # @param [String] selector
+      #
+      def initialize(query, options: nil, method: "GET", headers: {}, params: {}, json: {}, data: {}, selector: "")
+        super(query, options: options)
+
+        @method = method
+        @headers = headers
+        @params = params
+        @json = json
+        @data = data
+        @selector = selector
+      end
+
       def artifacts
         Mihari::Feed::Parser.new(results).parse selector
       end

data/lib/mihari/analyzers/greynoise.rb

@@ -3,29 +3,28 @@
 module Mihari
   module Analyzers
     class GreyNoise < Base
-      param :query
+      PAGE_SIZE = 10_000
 
       # @return [String, nil]
       attr_reader :api_key
 
-      # @return [String]
-      attr_reader :query
-
-      def initialize(*args, **kwargs)
-        super(*args, **kwargs)
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] api_key
+      #
+      def initialize(query, options: nil, api_key: nil)
+        super(query, options: options)
 
-        @api_key = kwargs[:api_key] || Mihari.config.greynoise_api_key
+        @api_key = api_key || Mihari.config.greynoise_api_key
       end
 
       def artifacts
-        res = search
-        res.to_artifacts
+        client.gnql_search(query, size: PAGE_SIZE).to_artifacts
       end
 
       private
 
-      PAGE_SIZE = 10_000
-
       def configuration_keys
         %w[greynoise_api_key]
       end
@@ -33,15 +32,6 @@ module Mihari
       def client
         @client ||= Clients::GreyNoise.new(api_key: api_key)
       end
-
-      #
-      # Search
-      #
-      # @return [Hash]
-      #
-      def search
-        client.gnql_search(query, size: PAGE_SIZE)
-      end
     end
   end
 end

data/lib/mihari/analyzers/onyphe.rb

@@ -5,23 +5,18 @@ require "normalize_country"
 module Mihari
   module Analyzers
     class Onyphe < Base
-      param :query
-
-      option :interval, default: proc { 0 }
-
       # @return [String, nil]
       attr_reader :api_key
 
-      # @return [String]
-      attr_reader :query
-
-      # @return [Integer]
-      attr_reader :interval
-
-      def initialize(*args, **kwargs)
-        super(*args, **kwargs)
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] api_key
+      #
+      def initialize(query, options: nil, api_key: nil)
+        super(query, options: options)
 
-        @api_key = kwargs[:api_key] || Mihari.config.onyphe_api_key
+        @api_key = api_key || Mihari.config.onyphe_api_key
       end
 
       def artifacts
@@ -70,7 +65,7 @@ module Mihari
           break if total <= page * PAGE_SIZE
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep interval
+          sleep(interval) if interval
         end
         responses
       end

data/lib/mihari/analyzers/otx.rb

@@ -5,24 +5,23 @@ module Mihari
     class OTX < Base
       include Mixins::Refang
 
-      param :query
-
       # @return [String, nil]
       attr_reader :type
 
       # @return [String, nil]
       attr_reader :api_key
 
-      # @return [String]
-      attr_reader :query
-
-      def initialize(*args, **kwargs)
-        super
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] api_key
+      #
+      def initialize(query, options: nil, api_key: nil)
+        super(refang(query), options: options)
 
-        @query = refang(query)
         @type = TypeChecker.type(query)
 
-        @api_key = kwargs[:api_key] || Mihari.config.otx_api_key
+        @api_key = api_key || Mihari.config.otx_api_key
       end
 
       def artifacts

data/lib/mihari/analyzers/passivetotal.rb

@@ -5,8 +5,6 @@ module Mihari
     class PassiveTotal < Base
       include Mixins::Refang
 
-      param :query
-
       # @return [String, nil]
       attr_reader :type
 
@@ -16,17 +14,19 @@ module Mihari
       # @return [String, nil]
       attr_reader :api_key
 
-      # @return [String]
-      attr_reader :query
-
-      def initialize(*args, **kwargs)
-        super(*args, **kwargs)
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] api_key
+      # @param [String, nil] username
+      #
+      def initialize(query, options: nil, api_key: nil, username: nil)
+        super(refang(query), options: options)
 
-        @query = refang(query)
         @type = TypeChecker.type(query)
 
-        @username = kwargs[:username] || Mihari.config.passivetotal_username
-        @api_key = kwargs[:api_key] || Mihari.config.passivetotal_api_key
+        @username = username || Mihari.config.passivetotal_username
+        @api_key = api_key || Mihari.config.passivetotal_api_key
       end
 
       def artifacts

data/lib/mihari/analyzers/pulsedive.rb

@@ -5,28 +5,39 @@ module Mihari
     class Pulsedive < Base
       include Mixins::Refang
 
-      param :query
-
       # @return [String, nil]
       attr_reader :type
 
       # @return [String, nil]
       attr_reader :api_key
 
-      # @return [Integer]
-      attr_reader :query
-
-      def initialize(*args, **kwargs)
-        super
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] api_key
+      #
+      def initialize(query, options: nil, api_key: nil)
+        super(refang(query), options: options)
 
-        @query = refang(query)
         @type = TypeChecker.type(query)
 
-        @api_key = kwargs[:api_key] || Mihari.config.pulsedive_api_key
+        @api_key = api_key || Mihari.config.pulsedive_api_key
       end
 
       def artifacts
-        search || []
+        raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
+
+        indicator = client.get_indicator(query)
+        iid = indicator["iid"]
+        properties = client.get_properties(iid)
+        (properties["dns"] || []).filter_map do |property|
+          if %w[A PTR].include?(property["name"])
+            nil
+          else
+            data = property["value"]
+            Artifact.new(data: data, source: source, metadata: property)
+          end
+        end
       end
 
       private
@@ -47,27 +58,6 @@ module Mihari
       def valid_type?
         %w[ip domain].include? type
       end
-
-      #
-      # Search
-      #
-      # @return [Array<Mihari::Artifact>]
-      #
-      def search
-        raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
-
-        indicator = client.get_indicator(query)
-        iid = indicator["iid"]
-        properties = client.get_properties(iid)
-        (properties["dns"] || []).filter_map do |property|
-          if %w[A PTR].include?(property["name"])
-            nil
-          else
-            data = property["value"]
-            Artifact.new(data: data, source: source, metadata: property)
-          end
-        end
-      end
     end
   end
 end

data/lib/mihari/analyzers/securitytrails.rb

@@ -5,8 +5,6 @@ module Mihari
     class SecurityTrails < Base
       include Mixins::Refang
 
-      param :query
-
       # @return [String, nil]
       attr_reader :type
 
@@ -16,13 +14,17 @@ module Mihari
       # @return [String]
       attr_reader :query
 
-      def initialize(*args, **kwargs)
-        super
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] api_key
+      #
+      def initialize(query, options: nil, api_key: nil)
+        super(refang(query), options: options)
 
-        @query = refang(query)
         @type = TypeChecker.type(query)
 
-        @api_key = kwargs[:api_key] || Mihari.config.securitytrails_api_key
+        @api_key = api_key || Mihari.config.securitytrails_api_key
       end
 
       def artifacts

data/lib/mihari/analyzers/shodan.rb

@@ -3,23 +3,18 @@
 module Mihari
   module Analyzers
     class Shodan < Base
-      param :query
-
-      option :interval, default: proc { 0 }
-
       # @return [String, nil]
       attr_reader :api_key
 
-      # @return [Integer]
-      attr_reader :interval
-
-      # @return [String]
-      attr_reader :query
-
-      def initialize(*args, **kwargs)
-        super(*args, **kwargs)
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] api_key
+      #
+      def initialize(query, options: nil, api_key: nil)
+        super(query, options: options)
 
-        @api_key = kwargs[:api_key] || Mihari.config.shodan_api_key
+        @api_key = api_key || Mihari.config.shodan_api_key
       end
 
       def artifacts

data/lib/mihari/analyzers/urlscan.rb

@@ -3,35 +3,30 @@
 module Mihari
   module Analyzers
     class Urlscan < Base
-      param :query
-
-      option :allowed_data_types, default: proc { SUPPORTED_DATA_TYPES }
-
-      option :interval, default: proc { 0 }
-
       SUPPORTED_DATA_TYPES = %w[url domain ip].freeze
       SIZE = 1000
 
       # @return [String, nil]
       attr_reader :api_key
 
-      # @return [String]
-      attr_reader :query
-
-      # @return [Integer]
-      attr_reader :interval
-
-      # @return [String]
+      # @return [Array<String>]
       attr_reader :allowed_data_types
 
-      def initialize(*args, **kwargs)
-        super
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] api_key
+      # @param [Array<String>] allowed_data_types
+      #
+      def initialize(query, options: nil, api_key: nil, allowed_data_types: SUPPORTED_DATA_TYPES)
+        super(query, options: options)
 
-        unless valid_allowed_data_types?
-          raise InvalidInputError, "allowed_data_types should be any of url, domain and ip."
-        end
+        @api_key = api_key || Mihari.config.urlscan_api_key
+        @allowed_data_types = allowed_data_types
+
+        return if valid_allowed_data_types?
 
-        @api_key = kwargs[:api_key] || Mihari.config.urlscan_api_key
+        raise InvalidInputError, "allowed_data_types should be any of url, domain and ip."
       end
 
       def artifacts
@@ -82,7 +77,7 @@ module Mihari
           search_after = res.results.last.sort.join(",")
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep interval
+          sleep(interval) if interval
         end
 
         responses

data/lib/mihari/analyzers/virustotal.rb

@@ -5,28 +5,34 @@ module Mihari
     class VirusTotal < Base
       include Mixins::Refang
 
-      param :query
-
       # @return [String]
       attr_reader :type
 
       # @return [String, nil]
       attr_reader :api_key
 
-      # @return [String]
-      attr_reader :query
-
-      def initialize(*args, **kwargs)
-        super(*args, **kwargs)
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] api_key
+      #
+      def initialize(query, options: nil, api_key: nil)
+        super(refang(query), options: options)
 
-        @query = refang(query)
         @type = TypeChecker.type(query)
 
-        @api_key = kwargs[:api_key] || Mihari.config.virustotal_api_key
+        @api_key = api_key || Mihari.config.virustotal_api_key
       end
 
       def artifacts
-        search || []
+        case type
+        when "domain"
+          domain_search
+        when "ip"
+          ip_search
+        else
+          raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
+        end
       end
 
       private
@@ -48,22 +54,6 @@ module Mihari
         %w[ip domain].include? type
       end
 
-      #
-      # Search
-      #
-      # @return [Array<Mihari::Artifact>]
-      #
-      def search
-        case type
-        when "domain"
-          domain_search
-        when "ip"
-          ip_search
-        else
-          raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
-        end
-      end
-
       #
       # Domain search
       #

data/lib/mihari/analyzers/virustotal_intelligence.rb

@@ -3,25 +3,18 @@
 module Mihari
   module Analyzers
     class VirusTotalIntelligence < Base
-      param :query
-
-      option :interval, default: proc { 0 }
-
       # @return [String, nil]
       attr_reader :api_key
 
-      # @return [String]
-      attr_reader :query
-
-      # @return [Integer]
-      attr_reader :interval
-
-      def initialize(*args, **kwargs)
-        super
-
-        @query = query
+      #
+      # @param [String] query
+      # @param [Hash, nll] options
+      # @param [String, nil] api_key
+      #
+      def initialize(query, options: nil, api_key: nil)
+        super(query, options: options)
 
-        @api_key = kwargs[:api_key] || Mihari.config.virustotal_api_key
+        @api_key = api_key || Mihari.config.virustotal_api_key
       end
 
       def artifacts
@@ -53,13 +46,14 @@ module Mihari
         responses = []
 
         loop do
-          response = Structs::VirusTotalIntelligence::Response.from_dynamic!(client.intel_search(query, cursor: cursor))
+          response = Structs::VirusTotalIntelligence::Response.from_dynamic!(client.intel_search(query,
+            cursor: cursor))
           responses << response
           break if response.meta.cursor.nil?
 
           cursor = response.meta.cursor
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep interval
+          sleep(interval) if interval
         end
 
         responses

data/lib/mihari/analyzers/zoomeye.rb

@@ -3,28 +3,23 @@
 module Mihari
   module Analyzers
     class ZoomEye < Base
-      param :query
-
-      option :type, default: proc { "host" }
-
-      option :interval, default: proc { 0 }
-
       # @return [String, nil]
       attr_reader :api_key
 
-      # @return [String]
-      attr_reader :query
-
       # @return [String]
       attr_reader :type
 
-      # @return [Integer]
-      attr_reader :interval
-
-      def initialize(*args, **kwargs)
-        super(*args, **kwargs)
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] api_key
+      # @param [String] type
+      #
+      def initialize(query, options: nil, api_key: nil, type: "host")
+        super(query, options: options)
 
-        @api_key = kwargs[:api_key] || Mihari.config.zoomeye_api_key
+        @type = type
+        @api_key = api_key || Mihari.config.zoomeye_api_key
       end
 
       def artifacts
@@ -109,7 +104,7 @@ module Mihari
           break if total <= page * PAGE_SIZE
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep interval
+          sleep(interval) if interval
         end
         convert_responses responses.compact
       end
@@ -142,7 +137,7 @@ module Mihari
           break if total <= page * PAGE_SIZE
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep interval
+          sleep(interval) if interval
         end
         convert_responses responses.compact
       end