mihari 7.6.0 → 7.6.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: aa05d5cca592eb276667bc95e7c7a88c12be39bb547ffb4f3bac810f9e5a72a6
-  data.tar.gz: 81a9a73171dbb4c5171893cb23cc47963fcfef38d441cfebd37005e6e6dc6202
+  metadata.gz: 2fd0c07fe2661f57d6db5b409c527789c5e17d23e7691d5ac241ff5b36a20698
+  data.tar.gz: d7f2a832b3cb364aca8bdfad71cf762f72dc707892d2697ef8bb272bcb794b1d
 SHA512:
-  metadata.gz: d6623c5441e14cf967987c2341349e9973922fdb18dc5d9c3473bcc8fbc7aaf813f9a48c8384331e49a4ada370ebd270d3cd68cbc7dcc6481f1bb886b0923109
-  data.tar.gz: 0d112b4740054b7afe79effff48016b8549bf6ef45b337ba43b44fba13f162f7cc8b5f2bfe653bfacf4bb356c2f1b32c7a5964be174d028b877372d642aedfea
+  metadata.gz: 39c5c92cf79721ed6d98b09a63a3d609eab8e8da9ba5badb1cd1a9f01fcb04d8f11edaa3b50fd7e0aed6dcb44f7befb77166e9bbf8399bac4d6592eafd943763
+  data.tar.gz: 7c06bd2ca9616605aa9601d198a413529f92205861dcafbfd86e84fa5bca6e2344d42ef558f27ee4c358f09778679fdaa2018954a6d34bfa534f2a3fa155042d

data/.shadowenv.d/000_unset_all.lisp

@@ -35,5 +35,6 @@
 (env/set "THEHIVE_API_KEY" ())
 (env/set "THEHIVE_URL" ())
 (env/set "URLSCAN_API_KEY" ())
+(env/set "VALIDIN_API_KEY" ())
 (env/set "VIRUSTOTAL_API_KEY" ())
 (env/set "ZOOMEYE_API_KEY" ())

data/lib/mihari/analyzers/validin.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+require "mihari/clients/validin"
+
+module Mihari
+  module Analyzers
+    #
+    # Validin analyzer
+    #
+    class Validin < Base
+      include Concerns::Refangable
+
+      # @return [String, nil]
+      attr_reader :type
+
+      # @return [String, nil]
+      attr_reader :username
+
+      # @return [String, nil]
+      attr_reader :api_key
+
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] api_key
+      #
+      def initialize(query, options: nil, api_key: nil)
+        super(refang(query), options:)
+
+        @type = DataType.type(query)
+
+        @api_key = api_key || Mihari.config.validin_api_key
+      end
+
+      def artifacts
+        case type
+        when "domain"
+          dns_history_search
+        when "ip"
+          reverse_ip_search
+        else
+          raise ValueError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
+        end
+      end
+
+      private
+
+      def dns_history_search
+        res = client.dns_history_search(query)
+        (res.dig("records", "A") || []).filter_map do |r|
+          r["value"]
+        end
+      end
+
+      def reverse_ip_search
+        res = client.dns_history_search(query)
+        (res.dig("records", "A") || []).filter_map do |r|
+          r["value"]
+        end
+      end
+
+      def client
+        Clients::Validin.new(api_key:, timeout:)
+      end
+
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
+      def valid_type?
+        %w[ip domain].include? type
+      end
+    end
+  end
+end

data/lib/mihari/clients/validin.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Clients
+    #
+    # Validin API client
+    #
+    class Validin < Base
+      #
+      # @param [String] base_url
+      # @param [String, nil] api_key
+      # @param [Hash] headers
+      # @param [Integer, nil] timeout
+      #
+      def initialize(
+        base_url = "https://app.validin.com",
+        api_key:,
+        headers: {},
+        timeout: nil
+      )
+        raise(ArgumentError, "api_key is required") if api_key.nil?
+
+        headers["Authorization"] = "Bearer #{api_key}"
+
+        super(base_url, headers:, timeout:)
+      end
+
+      #
+      # @param [String] domain
+      #
+      # @return [Hash]
+      #
+      def dns_history_search(domain)
+        get_json "/api/axon/domain/dns/history/#{domain}/A"
+      end
+
+      #
+      # @param [String] ip
+      #
+      # @return [Hash]
+      #
+      def search_reverse_ip(ip)
+        get_json "/api/axon/ip/dns/history/#{ip}"
+      end
+    end
+  end
+end

data/lib/mihari/config.rb

@@ -33,6 +33,7 @@ module Mihari
       thehive_api_key: nil,
       thehive_url: nil,
       urlscan_api_key: nil,
+      validin_api_key: nil,
       virustotal_api_key: nil,
       yeti_api_key: nil,
       yeti_url: nil,
@@ -122,6 +123,9 @@ module Mihari
     # @!attribute [r] urlscan_api_key
     #   @return [String, nil]
 
+    # @!attribute [r] validin_api_key
+    #   @return [String, nil]
+
     # @!attribute [r] virustotal_api_key
     #   @return [String, nil]
 

data/lib/mihari/schemas/analyzer.rb

@@ -15,6 +15,7 @@ module Mihari
         Mihari::Analyzers::Onyphe.keys,
         Mihari::Analyzers::Shodan.keys,
         Mihari::Analyzers::Urlscan.keys,
+        Mihari::Analyzers::Validin.keys,
         Mihari::Analyzers::VirusTotalIntelligence.keys
       ].each do |keys|
         key = keys.first

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "7.6.0"
+  VERSION = "7.6.1"
 end

data/lib/mihari.rb

@@ -268,6 +268,7 @@ require "mihari/analyzers/pulsedive"
 require "mihari/analyzers/securitytrails"
 require "mihari/analyzers/shodan"
 require "mihari/analyzers/urlscan"
+require "mihari/analyzers/validin"
 require "mihari/analyzers/virustotal_intelligence"
 require "mihari/analyzers/virustotal"
 require "mihari/analyzers/zoomeye"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 7.6.0
+  version: 7.6.1
 platform: ruby
 authors:
 - Manabu Niseki
@@ -1062,6 +1062,7 @@ files:
 - lib/mihari/analyzers/securitytrails.rb
 - lib/mihari/analyzers/shodan.rb
 - lib/mihari/analyzers/urlscan.rb
+- lib/mihari/analyzers/validin.rb
 - lib/mihari/analyzers/virustotal.rb
 - lib/mihari/analyzers/virustotal_intelligence.rb
 - lib/mihari/analyzers/zoomeye.rb
@@ -1094,6 +1095,7 @@ files:
 - lib/mihari/clients/shodan_internet_db.rb
 - lib/mihari/clients/the_hive.rb
 - lib/mihari/clients/urlscan.rb
+- lib/mihari/clients/validin.rb
 - lib/mihari/clients/virustotal.rb
 - lib/mihari/clients/whois.rb
 - lib/mihari/clients/yeti.rb