onyphe 0.2.3 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -23
- data/lib/onyphe.rb +0 -1
- data/lib/onyphe/api.rb +81 -33
- data/lib/onyphe/cli.rb +13 -13
- data/lib/onyphe/client.rb +6 -3
- data/lib/onyphe/clients/ctl.rb +1 -1
- data/lib/onyphe/clients/datascan.rb +1 -1
- data/lib/onyphe/clients/forward.rb +1 -1
- data/lib/onyphe/clients/geoloc.rb +1 -1
- data/lib/onyphe/clients/inetnum.rb +1 -1
- data/lib/onyphe/clients/ip.rb +1 -1
- data/lib/onyphe/clients/md5.rb +1 -1
- data/lib/onyphe/clients/onionscan.rb +1 -1
- data/lib/onyphe/clients/pastries.rb +1 -1
- data/lib/onyphe/clients/reverse.rb +1 -1
- data/lib/onyphe/clients/search.rb +9 -9
- data/lib/onyphe/clients/sniffer.rb +1 -1
- data/lib/onyphe/clients/synscan.rb +1 -1
- data/lib/onyphe/clients/threatlist.rb +1 -1
- data/lib/onyphe/version.rb +1 -1
- data/onyphe.gemspec +2 -2
- metadata +7 -8
- data/lib/onyphe/response.rb +0 -24
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bb197595f583cae4f7474231b924a3ea0adb24ba1921acc2452ab8154868b575
|
|
4
|
+
data.tar.gz: 91af3240e44f93e3f14c7c9f2d6fedbd33a89d6c97f89ffaa8ac4ac31a917861
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 678cbca08957c71d3c6744b525491f08cb4efa3f8e6483a0fc55e3063bf2876c0207da3c3e40b86fefa88802ad7fdce135e2ad621c33dc6504d5f91d062cb44e
|
|
7
|
+
data.tar.gz: 8f96e012931f4551a0d3fbf29f60f10aeba8f7da071bbcdbd78ebcd4387bc5ec24058156da32e6baa522b322505c06db2dc1597e7d4be4dd2588f45192cc62c9
|
data/README.md
CHANGED
|
@@ -70,28 +70,6 @@ api.search.ctl(host: "vpn")
|
|
|
70
70
|
api.search.onionscan("app.http.keywords": "dump")
|
|
71
71
|
```
|
|
72
72
|
|
|
73
|
-
All the API response is wrapped by [OpenStruct](https://github.com/ruby/ostruct).
|
|
74
|
-
|
|
75
|
-
It means you can access to a response through a property-like syntax.
|
|
76
|
-
|
|
77
|
-
```rb
|
|
78
|
-
res = api.sniffer("217.138.28.194")
|
|
79
|
-
res.results.each do |result|
|
|
80
|
-
puts result.asn
|
|
81
|
-
puts result.ip
|
|
82
|
-
puts result.location
|
|
83
|
-
puts result.organization
|
|
84
|
-
end
|
|
85
|
-
```
|
|
86
|
-
|
|
87
|
-
Or you can get a hash representative data by using `#to_h` method.
|
|
88
|
-
|
|
89
|
-
```rb
|
|
90
|
-
res = api.sniffer("217.138.28.194")
|
|
91
|
-
p res.to_h
|
|
92
|
-
# => {:count=>10, :error=>0, :max_page=>3, :myip=>"<MY_IP>", :page=>1, :results=>[{:@category=>"sniffer", :@timestamp=>"2018-11-15T00:35:37.000Z", :@type=>"doc", :asn=>"AS20952", :city=>"London", :country=>"GB", ...
|
|
93
|
-
```
|
|
94
|
-
|
|
95
73
|
#### Pagination
|
|
96
74
|
|
|
97
75
|
Enumerable style pagination is not supported at the present time.
|
|
@@ -99,7 +77,7 @@ Enumerable style pagination is not supported at the present time.
|
|
|
99
77
|
You can specify page index by passing `page` argument to the method.
|
|
100
78
|
|
|
101
79
|
```rb
|
|
102
|
-
res = api.search.threatlist(country: "RU", page
|
|
80
|
+
res = api.search.threatlist(country: "RU", page: 1)
|
|
103
81
|
page = res.page
|
|
104
82
|
max_page = res.max_page
|
|
105
83
|
|
data/lib/onyphe.rb
CHANGED
data/lib/onyphe/api.rb
CHANGED
|
@@ -6,40 +6,88 @@ module Onyphe
|
|
|
6
6
|
class API
|
|
7
7
|
extend Forwardable
|
|
8
8
|
|
|
9
|
-
attr_reader :
|
|
9
|
+
attr_reader :api_key
|
|
10
10
|
|
|
11
|
+
#
|
|
12
|
+
# API client initialization
|
|
13
|
+
#
|
|
14
|
+
# @param [String] api_key ONYPHE API key
|
|
15
|
+
#
|
|
11
16
|
def initialize(api_key = ENV["ONYPHE_API_KEY"])
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
@
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
@
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
17
|
+
@api_key = api_key
|
|
18
|
+
raise ArgumentError, "'api_key' argument is required" unless api_key
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def search
|
|
22
|
+
@search ||= Clients::Search.new(api_key)
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
private
|
|
26
|
+
|
|
27
|
+
def _ctl
|
|
28
|
+
@_ctl ||= Clients::Ctl.new(api_key)
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def _datascan
|
|
32
|
+
@_datascan ||= Clients::Datascan.new(api_key)
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def _forward
|
|
36
|
+
@_forward ||= Clients::Forward.new(api_key)
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def _geoloc
|
|
40
|
+
@_geoloc ||= Clients::Geoloc.new(api_key)
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def _inetnum
|
|
44
|
+
@_inetnum ||= Clients::Inetnum.new(api_key)
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def _ip
|
|
48
|
+
@_ip ||= Clients::IP.new(api_key)
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def _md5
|
|
52
|
+
@_md5 ||= Clients::MD5.new(api_key)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def _onionscan
|
|
56
|
+
@_onionscan ||= Clients::Onionscan.new(api_key)
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def _pastries
|
|
60
|
+
@_pastries ||= Clients::Pastries.new(api_key)
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def _reverse
|
|
64
|
+
@_reverse ||= Clients::Reverse.new(api_key)
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def _sniffer
|
|
68
|
+
@_sniffer ||= Clients::Sniffer.new(api_key)
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
def _synscan
|
|
72
|
+
@_synscan ||= Clients::Synscan.new(api_key)
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
def _threatlist
|
|
76
|
+
@_threatlist ||= Clients::Threatlist.new(api_key)
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def_delegator :_ctl, :get_by_domain, :ctl
|
|
80
|
+
def_delegator :_datascan, :get_by_query, :datascan
|
|
81
|
+
def_delegator :_forward, :get_by_ip, :forward
|
|
82
|
+
def_delegator :_geoloc, :get_by_ip, :geoloc
|
|
83
|
+
def_delegator :_inetnum, :get_by_ip, :inetnum
|
|
84
|
+
def_delegator :_ip, :get_by_ip, :ip
|
|
85
|
+
def_delegator :_md5, :get_by_md5, :md5
|
|
86
|
+
def_delegator :_onionscan, :get_by_onion, :onionscan
|
|
87
|
+
def_delegator :_pastries, :get_by_ip, :pastries
|
|
88
|
+
def_delegator :_reverse, :get_by_ip, :reverse
|
|
89
|
+
def_delegator :_sniffer, :get_by_ip, :sniffer
|
|
90
|
+
def_delegator :_synscan, :get_by_ip, :synscan
|
|
91
|
+
def_delegator :_threatlist, :get_by_ip, :threatlist
|
|
44
92
|
end
|
|
45
93
|
end
|
data/lib/onyphe/cli.rb
CHANGED
|
@@ -7,67 +7,67 @@ module Onyphe
|
|
|
7
7
|
class CLI < Thor
|
|
8
8
|
desc "ctl DOMAIN", "It will return information for the given domain name X509 certificate information from CTLs with history of changes"
|
|
9
9
|
def ctl(domain)
|
|
10
|
-
with_error_handling { puts api.ctl(domain).
|
|
10
|
+
with_error_handling { puts api.ctl(domain).to_json }
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
desc "datascan IP/STRING", "It will return datascan information for the given IPv{4,6} address or string with history of changes"
|
|
14
14
|
def datascan(query)
|
|
15
|
-
with_error_handling { puts api.datascan(query).
|
|
15
|
+
with_error_handling { puts api.datascan(query).to_json }
|
|
16
16
|
end
|
|
17
17
|
|
|
18
18
|
desc "forward IP", "It will return forward DNS lookup information for the given IPv{4,6} address with history of changes"
|
|
19
19
|
def forward(ip)
|
|
20
|
-
with_error_handling { puts api.forward(ip).
|
|
20
|
+
with_error_handling { puts api.forward(ip).to_json }
|
|
21
21
|
end
|
|
22
22
|
|
|
23
23
|
desc "geoloc IP", "It will return geolocation information for the given IPv{4,6} address"
|
|
24
24
|
def geoloc(ip)
|
|
25
|
-
with_error_handling { puts api.geoloc(ip).
|
|
25
|
+
with_error_handling { puts api.geoloc(ip).to_json }
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
desc "inetnum IP", "It will return inetnum information for the given IPv{4,6} address with history of changes"
|
|
29
29
|
def inetnum(ip)
|
|
30
|
-
with_error_handling { puts api.inetnum(ip).
|
|
30
|
+
with_error_handling { puts api.inetnum(ip).to_json }
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
desc "ip IP", "It will return a summary of all information for the given IPv{4,6} address"
|
|
34
34
|
def ip(ip)
|
|
35
|
-
with_error_handling { puts api.ip(ip).
|
|
35
|
+
with_error_handling { puts api.ip(ip).to_json }
|
|
36
36
|
end
|
|
37
37
|
|
|
38
38
|
desc "md5 MD5", "It will return information for the given datamd5 filter from datascan information category with history of changes"
|
|
39
39
|
def md5(md5)
|
|
40
|
-
with_error_handling { puts api.md5(md5).
|
|
40
|
+
with_error_handling { puts api.md5(md5).to_json }
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
desc "onionscan ONION", "It will return information for the given onion domain with history of changes"
|
|
44
44
|
def onionscan(onion)
|
|
45
|
-
with_error_handling { puts api.onionscan(onion).
|
|
45
|
+
with_error_handling { puts api.onionscan(onion).to_json }
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
desc "pastries IP", "It will return pastries information for the given IPv{4,6} address with history of changes"
|
|
49
49
|
def pastries(ip)
|
|
50
|
-
with_error_handling { puts api.pastries(ip).
|
|
50
|
+
with_error_handling { puts api.pastries(ip).to_json }
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
desc "reverse IP", "It will return reverse DNS lookup information for the given IPv{4,6} address with history of changes"
|
|
54
54
|
def reverse(ip)
|
|
55
|
-
with_error_handling { puts api.reverse(ip).
|
|
55
|
+
with_error_handling { puts api.reverse(ip).to_json }
|
|
56
56
|
end
|
|
57
57
|
|
|
58
58
|
desc "sniffer IP", "It will return information for the given IP address with history of changes"
|
|
59
59
|
def sniffer(ip)
|
|
60
|
-
with_error_handling { puts api.sniffer(ip).
|
|
60
|
+
with_error_handling { puts api.sniffer(ip).to_json }
|
|
61
61
|
end
|
|
62
62
|
|
|
63
63
|
desc "synscan IP", "It will return synscan information for the given IPv{4,6} address with history of changes."
|
|
64
64
|
def synscan(ip)
|
|
65
|
-
with_error_handling { puts api.synscan(ip).
|
|
65
|
+
with_error_handling { puts api.synscan(ip).to_json }
|
|
66
66
|
end
|
|
67
67
|
|
|
68
68
|
desc "threattlist IP", "It will return threatlist information for the given IPv{4,6} address with history of change"
|
|
69
69
|
def threatlist(ip)
|
|
70
|
-
with_error_handling { puts api.threatlist(ip).
|
|
70
|
+
with_error_handling { puts api.threatlist(ip).to_json }
|
|
71
71
|
end
|
|
72
72
|
|
|
73
73
|
no_commands do
|
data/lib/onyphe/client.rb
CHANGED
|
@@ -36,10 +36,13 @@ module Onyphe
|
|
|
36
36
|
def request(req)
|
|
37
37
|
Net::HTTP.start(HOST, 443, https_options) do |http|
|
|
38
38
|
http_response = http.request(req)
|
|
39
|
-
|
|
39
|
+
code = http_response.code
|
|
40
|
+
raise Error, "Unsupported response code returned: #{http_response.code}" unless code.start_with?("20")
|
|
40
41
|
|
|
41
|
-
response = JSON.parse(http_response.body
|
|
42
|
-
|
|
42
|
+
response = JSON.parse(http_response.body)
|
|
43
|
+
error = response.dig("error")
|
|
44
|
+
message = response.dig("message")
|
|
45
|
+
raise Error, message if error&.to_i&.positive?
|
|
43
46
|
|
|
44
47
|
yield response
|
|
45
48
|
end
|
data/lib/onyphe/clients/ctl.rb
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
module Onyphe
|
|
4
4
|
module Clients
|
|
5
5
|
class Ctl < Client
|
|
6
|
-
def get_by_domain(domain, page
|
|
6
|
+
def get_by_domain(domain, page: 1)
|
|
7
7
|
raise ArgumentError, "Invalid domain: #{domain}" unless Validator.valid_domain?(domain)
|
|
8
8
|
|
|
9
9
|
get("/ctl/#{domain}", page: page) { |json| json }
|
data/lib/onyphe/clients/ip.rb
CHANGED
data/lib/onyphe/clients/md5.rb
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
module Onyphe
|
|
4
4
|
module Clients
|
|
5
5
|
class Onionscan < Client
|
|
6
|
-
def get_by_onion(onion, page
|
|
6
|
+
def get_by_onion(onion, page: 1)
|
|
7
7
|
raise ArgumentError, "Invalid oninon domain: #{onion}" unless Validator.valid_onion_domain?(onion)
|
|
8
8
|
|
|
9
9
|
get("/onionscan/#{onion}", page: page) { |json| json }
|
|
@@ -5,39 +5,39 @@ require "addressable/uri"
|
|
|
5
5
|
module Onyphe
|
|
6
6
|
module Clients
|
|
7
7
|
class Search < Client
|
|
8
|
-
def datascan(params, page
|
|
8
|
+
def datascan(params, page: 1)
|
|
9
9
|
search("datascan", params, page)
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
-
def synscan(params, page
|
|
12
|
+
def synscan(params, page: 1)
|
|
13
13
|
search("synscan", params, page)
|
|
14
14
|
end
|
|
15
15
|
|
|
16
|
-
def inetnum(params, page
|
|
16
|
+
def inetnum(params, page: 1)
|
|
17
17
|
search("inetnum", params, page)
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
-
def threatlist(params, page
|
|
20
|
+
def threatlist(params, page: 1)
|
|
21
21
|
search("threatlist", params, page)
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
-
def pastries(params, page
|
|
24
|
+
def pastries(params, page: 1)
|
|
25
25
|
search("pastries", params, page)
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
-
def resolver(params, page
|
|
28
|
+
def resolver(params, page: 1)
|
|
29
29
|
search("resolver", params, page)
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
-
def sniffer(params, page
|
|
32
|
+
def sniffer(params, page: 1)
|
|
33
33
|
search("sniffer", params, page)
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
-
def ctl(params, page
|
|
36
|
+
def ctl(params, page: 1)
|
|
37
37
|
search("ctl", params, page)
|
|
38
38
|
end
|
|
39
39
|
|
|
40
|
-
def onionscan(params, page
|
|
40
|
+
def onionscan(params, page: 1)
|
|
41
41
|
search("onionscan", params, page)
|
|
42
42
|
end
|
|
43
43
|
|
data/lib/onyphe/version.rb
CHANGED
data/onyphe.gemspec
CHANGED
|
@@ -29,8 +29,8 @@ Gem::Specification.new do |spec|
|
|
|
29
29
|
|
|
30
30
|
spec.add_development_dependency "bundler", "~> 2.0"
|
|
31
31
|
spec.add_development_dependency "coveralls", "~> 0.8"
|
|
32
|
-
spec.add_development_dependency "rake", "~>
|
|
33
|
-
spec.add_development_dependency "rspec", "~> 3.
|
|
32
|
+
spec.add_development_dependency "rake", "~> 13.0"
|
|
33
|
+
spec.add_development_dependency "rspec", "~> 3.9"
|
|
34
34
|
spec.add_development_dependency "vcr", "~> 5.0"
|
|
35
35
|
spec.add_development_dependency "webmock", "~> 3.7"
|
|
36
36
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: onyphe
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Manabu Niseki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-10-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: addressable
|
|
@@ -72,28 +72,28 @@ dependencies:
|
|
|
72
72
|
requirements:
|
|
73
73
|
- - "~>"
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: '
|
|
75
|
+
version: '13.0'
|
|
76
76
|
type: :development
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: '
|
|
82
|
+
version: '13.0'
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
84
|
name: rspec
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
|
86
86
|
requirements:
|
|
87
87
|
- - "~>"
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: '3.
|
|
89
|
+
version: '3.9'
|
|
90
90
|
type: :development
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: '3.
|
|
96
|
+
version: '3.9'
|
|
97
97
|
- !ruby/object:Gem::Dependency
|
|
98
98
|
name: vcr
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -159,7 +159,6 @@ files:
|
|
|
159
159
|
- lib/onyphe/clients/sniffer.rb
|
|
160
160
|
- lib/onyphe/clients/synscan.rb
|
|
161
161
|
- lib/onyphe/clients/threatlist.rb
|
|
162
|
-
- lib/onyphe/response.rb
|
|
163
162
|
- lib/onyphe/validator.rb
|
|
164
163
|
- lib/onyphe/version.rb
|
|
165
164
|
- onyphe.gemspec
|
|
@@ -182,7 +181,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
182
181
|
- !ruby/object:Gem::Version
|
|
183
182
|
version: '0'
|
|
184
183
|
requirements: []
|
|
185
|
-
rubygems_version: 3.0.
|
|
184
|
+
rubygems_version: 3.0.6
|
|
186
185
|
signing_key:
|
|
187
186
|
specification_version: 4
|
|
188
187
|
summary: ONYPHE API wrapper for Ruby
|
data/lib/onyphe/response.rb
DELETED
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
require "ostruct"
|
|
4
|
-
|
|
5
|
-
module Onyphe
|
|
6
|
-
class Response < OpenStruct
|
|
7
|
-
def openstruct_to_hash(object, hash = {})
|
|
8
|
-
return object unless object.respond_to?(:each_pair)
|
|
9
|
-
|
|
10
|
-
object.each_pair do |key, value|
|
|
11
|
-
hash[key] = case value
|
|
12
|
-
when OpenStruct then openstruct_to_hash(value)
|
|
13
|
-
when Array then value.map { |v| openstruct_to_hash(v) }
|
|
14
|
-
else value
|
|
15
|
-
end
|
|
16
|
-
end
|
|
17
|
-
hash
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
def to_h
|
|
21
|
-
openstruct_to_hash(self)
|
|
22
|
-
end
|
|
23
|
-
end
|
|
24
|
-
end
|