otx_ruby 0.7.1 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (40) hide show
  1. checksums.yaml +4 -4
  2. data/circle.yml +1 -1
  3. data/lib/otx_ruby/activity.rb +90 -0
  4. data/lib/otx_ruby/base.rb +42 -2
  5. data/lib/otx_ruby/correlation_rule.rb +13 -0
  6. data/lib/otx_ruby/cve.rb +22 -0
  7. data/lib/otx_ruby/domain.rb +90 -0
  8. data/lib/otx_ruby/events.rb +28 -4
  9. data/lib/otx_ruby/export.rb +103 -0
  10. data/lib/otx_ruby/file.rb +23 -0
  11. data/lib/otx_ruby/hostname.rb +95 -0
  12. data/lib/otx_ruby/ip.rb +105 -0
  13. data/lib/otx_ruby/nids.rb +13 -0
  14. data/lib/otx_ruby/pulses.rb +150 -0
  15. data/lib/otx_ruby/subscribed.rb +19 -4
  16. data/lib/otx_ruby/types/author.rb +8 -0
  17. data/lib/otx_ruby/types/base_indicator.rb +8 -0
  18. data/lib/otx_ruby/types/correlation_rule.rb +21 -0
  19. data/lib/otx_ruby/types/cve.rb +36 -0
  20. data/lib/otx_ruby/types/file_analysis.rb +6 -0
  21. data/lib/otx_ruby/types/indicator_type.rb +6 -0
  22. data/lib/otx_ruby/types/indicator_type_counts.rb +8 -0
  23. data/lib/otx_ruby/types/ip/dns.rb +8 -0
  24. data/lib/otx_ruby/types/ip/general.rb +24 -0
  25. data/lib/otx_ruby/types/ip/geo.rb +8 -0
  26. data/lib/otx_ruby/types/ip/http_scan.rb +8 -0
  27. data/lib/otx_ruby/types/ip/malware.rb +21 -0
  28. data/lib/otx_ruby/types/{ip_reputation.rb → ip/reputation.rb} +0 -0
  29. data/lib/otx_ruby/types/ip/url.rb +8 -0
  30. data/lib/otx_ruby/types/ip/whois.rb +8 -0
  31. data/lib/otx_ruby/types/observation.rb +8 -0
  32. data/lib/otx_ruby/types/pulse.rb +14 -3
  33. data/lib/otx_ruby/types/pulse_info.rb +24 -0
  34. data/lib/otx_ruby/types/reference.rb +8 -0
  35. data/lib/otx_ruby/types/user.rb +21 -0
  36. data/lib/otx_ruby/url.rb +35 -0
  37. data/lib/otx_ruby/users.rb +97 -0
  38. data/lib/otx_ruby/version.rb +1 -1
  39. data/lib/otx_ruby.rb +32 -1
  40. metadata +33 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 59f7c70b2d3ead15a343ec6309d290e02810c7f9
4
- data.tar.gz: 7f0473fda29c689cabf291493acbf838e476a5d0
3
+ metadata.gz: 7934c02ca3191b73093883c9e5c1ca6daa18d175
4
+ data.tar.gz: 3a0320e544d2d7f0864c64fc18c89c2d38bbc603
5
5
  SHA512:
6
- metadata.gz: 6e639869d6db18a78e9d3215ec64586f2d9544592d56ff9bc69ad1a299a4339b67fe5591c0c3f7116a7c484f910fadb634401678ed4973a79f59e6269e1937f1
7
- data.tar.gz: a1968a159ec1d5d0f214dcb49462c9a4313d79b256f4787d92f1c9507b78cda2608d07fc0b7e5747e2aeb9b64163fdd6ba1cb53b47d1813ae3d1b99df94ca058
6
+ metadata.gz: 0a89b9e968eb3ea1b53296e3d749b6da872dc389d699bfaa0927acc2636be5509c0fd2abc917b97c5e6aec7f9642ec70b8321c69ffe5748c0d19032e61ff9f7a
7
+ data.tar.gz: 674f4eefb4f5fc1a48bc05954e17f272f1b31cbc830e1d20abd8ff61bfec447a0757875ab4fe179bfbcd19265d59a9c47f3fcabcbe593609a2c8db51a71dbbaa
data/circle.yml CHANGED
@@ -1,6 +1,6 @@
1
1
  machine:
2
2
  ruby:
3
- version: 2.2.4
3
+ version: 2.3.5
4
4
  database:
5
5
  override:
6
6
  - echo 'no database'
@@ -0,0 +1,90 @@
1
+ module OTX
2
+ #
3
+ # Within the OTX system you are able to subscribe to pulses from other users,
4
+ # this class allows the retreival of the currently subscribed pulse feeds and
5
+ # the associated pulses, as well as pulses from followed Users
6
+ #
7
+ class Activity < OTX::Base
8
+ #
9
+ # Get pulse activity from the API
10
+ #
11
+ # @param limit [Integer] Number of records returned
12
+ # @param page [Integer] page of records returned
13
+ # @param params [Hash] Addtional parameters eg `modified_since: DateTime`
14
+ #
15
+ def get_activity(limit = 10, page = 1, params = {})
16
+ uri = '/api/v1/pulses/activity'
17
+ params['limit'] = limit
18
+ params['page'] = page
19
+
20
+ json_data = get(uri, params)
21
+
22
+ pulses = json_data['results']
23
+
24
+ results = []
25
+ pulses.each do |pulse|
26
+ results << OTX::Pulse.new(pulse)
27
+ end
28
+
29
+ return results
30
+ end
31
+
32
+ #
33
+ # Get all pulses activity from the API, get all events in chunks defined by
34
+ # limit
35
+ #
36
+ # @param limit [Integer] Size of chunk of data to be Returned (default = 20)
37
+ # @return [Array<OTX::Pulse>] Parsed Pulses
38
+ #
39
+ def get_all(limit = 20)
40
+ uri = '/api/v1/pulses/activity'
41
+ params = {limit: limit}
42
+ pulses = []
43
+ begin
44
+ json_data = get(uri, params)
45
+ page = json_data['next']
46
+
47
+ params = URI::decode_www_form(URI(page).query).to_h unless page.nil?
48
+
49
+ pulses += json_data['results']
50
+ end while page && !json_data['results'].empty?
51
+
52
+ results = []
53
+ pulses.each do |pulse|
54
+ results << OTX::Pulse.new(pulse)
55
+ end
56
+
57
+ return results
58
+ end
59
+
60
+ #
61
+ # Get all pulses activity from the API, get all events in chunks defined by
62
+ # limit and since timestamp
63
+ #
64
+ # @param timestamp [Time] Timestamp of point in time to get records since in
65
+ # ISO Format
66
+ # @param limit [Integer] Size of chunk of data to be Returned (default = 20)
67
+ # @return [Array<OTX::Pulse>] Parsed Pulses
68
+ #
69
+ def get_since(timestamp, limit = 20)
70
+ uri = '/api/v1/pulses/activity'
71
+ params = {limit: limit, modified_since: timestamp}
72
+ pulses = []
73
+ begin
74
+ json_data = get(uri, params)
75
+ page = json_data['next']
76
+
77
+ params = URI::decode_www_form(URI(page).query).to_h unless page.nil?
78
+
79
+ pulses += json_data['results']
80
+ end while page && !json_data['results'].empty?
81
+
82
+ results = []
83
+ pulses.each do |pulse|
84
+ results << OTX::Pulse.new(pulse)
85
+ end
86
+
87
+ return results
88
+ end
89
+ end
90
+ end
data/lib/otx_ruby/base.rb CHANGED
@@ -21,7 +21,7 @@ module OTX
21
21
  end
22
22
 
23
23
  #
24
- # Get the provided URL
24
+ # GET the provided URL
25
25
  #
26
26
  # @param url [String] URL to make API request to
27
27
  # @param params [Hash] Additional parameters to be added to the requests
@@ -36,6 +36,40 @@ module OTX
36
36
  # Parse and return JSON object as hash to caller
37
37
  return Oj.load(response.body)
38
38
  end
39
+
40
+ #
41
+ # POST to the provided URL
42
+ #
43
+ # @param url [String] URL to make API request to
44
+ # @param params [Hash] Additional parameters to be added to the requests
45
+ #
46
+ def post(url, params={})
47
+ response = @conn.post do |req|
48
+ req.url url
49
+ req.headers['X-OTX-API-KEY'] = @key
50
+ req.params = params
51
+ end
52
+
53
+ # Parse and return JSON object as hash to caller
54
+ return Oj.load(response.body)
55
+ end
56
+
57
+ #
58
+ # PATCH to the provided URL
59
+ #
60
+ # @param url [String] URL to make API request to
61
+ # @param params [Hash] Additional parameters to be added to the requests
62
+ #
63
+ def patch(url, params={})
64
+ response = @conn.patch do |req|
65
+ req.url url
66
+ req.headers['X-OTX-API-KEY'] = @key
67
+ req.params = params
68
+ end
69
+
70
+ # Parse and return JSON object as hash to caller
71
+ return Oj.load(response.body)
72
+ end
39
73
  end
40
74
  end
41
75
 
@@ -68,7 +102,13 @@ module OTX
68
102
 
69
103
  def initialize(attributes={})
70
104
  attributes.each do |key, value|
71
- send("#{key}=", value)
105
+ _key = key.gsub('-', '_')
106
+
107
+ unless self.respond_to?(_key.downcase)
108
+ self.class.send(:attr_accessor, _key.downcase)
109
+ end
110
+
111
+ send("#{_key.downcase}=", value)
72
112
  end
73
113
  end
74
114
  end
@@ -0,0 +1,13 @@
1
+ module OTX
2
+ class CorrelationRule < OTX::Base
3
+ def get_general(correlation_rule)
4
+ uri = "/api/v1/indicators/correlation-rule/#{correlation_rule}/general"
5
+
6
+ json_data = get(uri)
7
+
8
+ general = OTX::Indicator::CorrelationRule.new(json_data)
9
+
10
+ return general
11
+ end
12
+ end
13
+ end
@@ -0,0 +1,22 @@
1
+ module OTX
2
+ #
3
+ # Retrieve and parse into the appropriate object the reputation for an IP Address from the OTX System
4
+ #
5
+ class CVE < OTX::Base
6
+ #
7
+ # Download an individually identified IP Address Reputation and parse the output
8
+ #
9
+ # @param cve [String] The CVE ID to check
10
+ # @return [OTX::Pulse] Parsed CVE Indicator
11
+ #
12
+ def get_general(cve)
13
+ uri = "api/v1/indicators/cve/#{cve}/general"
14
+
15
+ json_data = get(uri)
16
+
17
+ general = OTX::Indicator::CVE::General.new(json_data)
18
+
19
+ return general
20
+ end
21
+ end
22
+ end
@@ -0,0 +1,90 @@
1
+ module OTX
2
+ class Domain < OTX::Base
3
+ def get_general(domain)
4
+ uri = "/api/v1/indicators/domain/#{domain}/general"
5
+
6
+ json_data = get(uri)
7
+
8
+ general = OTX::Indicator::IP::General.new(json_data)
9
+
10
+ return general
11
+ end
12
+
13
+ def get_geo(domain)
14
+ uri = "/api/v1/indicators/domain/#{domain}/geo"
15
+
16
+ json_data = get(uri)
17
+
18
+ geo = OTX::Indicator::IP::Geo.new(json_data)
19
+
20
+ return geo
21
+ end
22
+
23
+ def get_malware(domain)
24
+ uri = "/api/v1/indicators/domain/#{domain}/malware"
25
+ malwares = []
26
+ params = {}
27
+
28
+ begin
29
+ json_data = get(uri, params)
30
+ page = json_data['next']
31
+
32
+ params = URI::decode_www_form(URI(page).query).to_h unless page.nil?
33
+
34
+ malwares += json_data['data']
35
+ end while page && !json_data['data'].empty?
36
+
37
+ results = []
38
+ malwares.each do |malware|
39
+ results << OTX::Indicator::IP::Malware.new(malware)
40
+ end
41
+
42
+ return results
43
+ end
44
+
45
+ def get_url_list(domain)
46
+ uri = "/api/v1/indicators/domain/#{domain}/url_list"
47
+
48
+ page = 0
49
+ url_list = []
50
+ begin
51
+ page += 1
52
+ params = {limit: 20, page: page}
53
+ json_data = get(uri, params)
54
+ has_next = json_data['has_next']
55
+
56
+ url_list += json_data['url_list']
57
+ end while has_next
58
+
59
+ results = []
60
+ url_list.each do |url|
61
+ results << OTX::Indicator::IP::URL.new(url)
62
+ end
63
+
64
+ return results
65
+ end
66
+
67
+ def get_passive_dns(domain)
68
+ uri = "/api/v1/indicators/domain/#{domain}/passive_dns"
69
+
70
+ json_data = get(uri)
71
+
72
+ results = []
73
+ json_data['passive_dns'].each do |dns|
74
+ results << OTX::Indicator::IP::DNS.new(dns)
75
+ end
76
+
77
+ return results
78
+ end
79
+
80
+ def whois(domain)
81
+ uri = "/api/v1/indicators/domain/#{domain}/whois"
82
+
83
+ json_data = get(uri)
84
+
85
+ whois = OTX::Indicator::IP::Whois.new(json_data)
86
+
87
+ return whois
88
+ end
89
+ end
90
+ end
@@ -5,13 +5,37 @@ module OTX
5
5
  # provides a wrapper around this functionality.
6
6
  #
7
7
  class Events < OTX::Base
8
+ #
9
+ # Get subscribed events from the API
10
+ #
11
+ # @param limit [Integer] Number of records returned
12
+ # @param page [Integer] page of records returned
13
+ # @param params [Hash] Addtional parameters eg `modified_since: DateTime`
14
+ #
15
+ def get_events(limit = 10, page = 1, params = {})
16
+ uri = '/api/v1/pulses/events'
17
+ params['limit'] = limit
18
+ params['page'] = page
19
+
20
+ json_data = get(uri, params)
21
+
22
+ events = json_data['results']
23
+
24
+ results = []
25
+ events.each do |event|
26
+ results << OTX::Event.new(event)
27
+ end
28
+
29
+ return results
30
+ end
31
+
8
32
  #
9
33
  # Get all events from the API, get all events in chunks defined by limit
10
34
  #
11
35
  # @param limit [Integer] Size of chunk of data to be Returned (default = 20)
12
36
  # @return [Array] Array of OTX::Event records
13
37
  #
14
- def get_all(limit=20)
38
+ def get_all(limit = 20)
15
39
  uri = '/api/v1/pulses/events'
16
40
  params = {limit: limit}
17
41
  events = []
@@ -22,7 +46,7 @@ module OTX
22
46
  params = URI::decode_www_form(URI(page).query).to_h unless page.nil?
23
47
 
24
48
  events += json_data['results']
25
- end while !page.nil?
49
+ end while page && !json_data['results'].empty?
26
50
 
27
51
  results = []
28
52
  events.each do |event|
@@ -40,7 +64,7 @@ module OTX
40
64
  # @param limit [Integer] Size of chunk of data to be Returned (default = 20)
41
65
  # @return [Array] Array of OTX::Event records
42
66
  #
43
- def get_since(timestamp, limit=20)
67
+ def get_since(timestamp, limit = 20)
44
68
  uri = '/api/v1/pulses/events'
45
69
  params = {limit: limit, since: timestamp}
46
70
  events = []
@@ -51,7 +75,7 @@ module OTX
51
75
  params = URI::decode_www_form(URI(page).query).to_h unless page.nil?
52
76
 
53
77
  events += json_data['results']
54
- end while !page.nil?
78
+ end while page && !json_data['results'].empty?
55
79
 
56
80
  results = []
57
81
  events.each do |event|
@@ -0,0 +1,103 @@
1
+ module OTX
2
+ class Export < OTX::Base
3
+ def get_export(limit = 10, page = 1, params = {})
4
+ uri = '/api/v1/indicators/export'
5
+
6
+ params['limit'] = limit
7
+ params['page'] = page
8
+ indicators = []
9
+
10
+ json_data = get(uri, params)
11
+
12
+ json_data['results'].each do |indicator|
13
+ indicators << OTX::Indicators.new(indicator)
14
+ end
15
+
16
+ return indicators
17
+ end
18
+
19
+ def get_all(limit = 20)
20
+ uri = '/api/v1/indicators/export'
21
+ params = { limit: limit }
22
+ indicators = []
23
+ begin
24
+ json_data = get(uri, params)
25
+ page = json_data['next']
26
+
27
+ params = URI::decode_www_form(URI(page).query).to_h unless page.nil?
28
+
29
+ indicators += json_data['results']
30
+ end while page && !json_data['results'].empty?
31
+
32
+ results = []
33
+ indicators.each do |indicator|
34
+ results << OTX::Indicators.new(indicator)
35
+ end
36
+
37
+ return results
38
+ end
39
+
40
+ def get_since(timestamp, limit = 20)
41
+ uri = '/api/v1/indicators/export'
42
+ params = { limit: limit, modified_since: timestamp }
43
+ indicators = []
44
+ begin
45
+ json_data = get(uri, params)
46
+ page = json_data['next']
47
+
48
+ params = URI::decode_www_form(URI(page).query).to_h unless page.nil?
49
+
50
+ indicators += json_data['results']
51
+ end while page && !json_data['results'].empty?
52
+
53
+ results = []
54
+ indicators.each do |indicator|
55
+ results << OTX::Indicators.new(indicator)
56
+ end
57
+
58
+ return results
59
+ end
60
+
61
+ def get_only(list_of_types, limit = 20)
62
+ uri = '/api/v1/indicators/export'
63
+ params = { limit: limit, types: list_of_types }
64
+ indicators = []
65
+ begin
66
+ json_data = get(uri, params)
67
+ page = json_data['next']
68
+
69
+ params = URI::decode_www_form(URI(page).query).to_h unless page.nil?
70
+
71
+ indicators += json_data['results']
72
+ end while page && !json_data['results'].empty?
73
+
74
+ results = []
75
+ indicators.each do |indicator|
76
+ results << OTX::Indicator.new(indicator)
77
+ end
78
+
79
+ return results
80
+ end
81
+
82
+ def get_only_since(list_of_types, timestamp, limit = 20)
83
+ uri = '/api/v1/indicators/export'
84
+ params = { limit: limit, types: list_of_types, modified_since: timestamp }
85
+ indicators = []
86
+ begin
87
+ json_data = get(uri, params)
88
+ page = json_data['next']
89
+
90
+ params = URI::decode_www_form(URI(page).query).to_h unless page.nil?
91
+
92
+ indicators += json_data['results']
93
+ end while page && !json_data['results'].empty?
94
+
95
+ results = []
96
+ indicators.each do |indicator|
97
+ results << OTX::Indicator.new(indicator)
98
+ end
99
+
100
+ return results
101
+ end
102
+ end
103
+ end
@@ -0,0 +1,23 @@
1
+ module OTX
2
+ class File < OTX::Base
3
+ def get_general(file_hash)
4
+ uri = "/api/v1/indicators/file/#{file_hash}/general"
5
+
6
+ json_data = get(uri)
7
+
8
+ general = OTX::Indicator::IP::General.new(json_data)
9
+
10
+ return general
11
+ end
12
+
13
+ def get_analysis(file_hash)
14
+ uri = "/api/v1/indicators/file/#{file_hash}/analysis"
15
+
16
+ json_data = get(uri)
17
+
18
+ analysis = OTX::Indicator::FileAnalysis.new(json_data)
19
+
20
+ return analysis
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,95 @@
1
+ module OTX
2
+ class Hostname < OTX::Base
3
+ def get_general(hostname)
4
+ uri = "/api/v1/indicators/hostname/#{hostname}/general"
5
+
6
+ json_data = get(uri)
7
+
8
+ general = OTX::Indicator::IP::General.new(json_data)
9
+
10
+ return general
11
+ end
12
+
13
+ def get_geo(hostname)
14
+ uri = "/api/v1/indicators/hostname/#{hostname}/geo"
15
+
16
+ json_data = get(uri)
17
+
18
+ geo = OTX::Indicator::IP::Geo.new(json_data)
19
+
20
+ return geo
21
+ end
22
+
23
+ def get_malware(hostname)
24
+ uri = "/api/v1/indicators/hostname/#{hostname}/malware"
25
+ malwares = []
26
+ params = {}
27
+
28
+ begin
29
+ json_data = get(uri, params)
30
+ page = json_data['next']
31
+
32
+ params = URI::decode_www_form(URI(page).query).to_h unless page.nil?
33
+
34
+ malwares += json_data['data']
35
+ end while page && !json_data['data'].empty?
36
+
37
+ results = []
38
+ malwares.each do |malware|
39
+ results << OTX::Indicator::IP::Malware.new(malware)
40
+ end
41
+
42
+ return results
43
+ end
44
+
45
+ def get_url_list(hostname)
46
+ uri = "/api/v1/indicators/hostname/#{hostname}/url_list"
47
+
48
+ page = 0
49
+ url_list = []
50
+ begin
51
+ page += 1
52
+ params = {limit: 20, page: page}
53
+ json_data = get(uri, params)
54
+ has_next = json_data['has_next']
55
+
56
+ url_list += json_data['url_list']
57
+ end while has_next
58
+
59
+ results = []
60
+ url_list.each do |url|
61
+ results << OTX::Indicator::IP::URL.new(url)
62
+ end
63
+
64
+ return results
65
+ end
66
+
67
+ def get_passive_dns(hostname)
68
+ uri = "/api/v1/indicators/hostname/#{hostname}/passive_dns"
69
+
70
+ json_data = get(uri)
71
+
72
+ results = []
73
+ json_data['passive_dns'].each do |dns|
74
+ results << OTX::Indicator::IP::DNS.new(dns)
75
+ end
76
+
77
+ return results
78
+ end
79
+
80
+ def get_http_scans(hostname)
81
+ uri = "/api/v1/indicators/hostname/#{hostname}/http_scans"
82
+
83
+ json_data = get(uri)
84
+
85
+ results = []
86
+ unless json_data['data'].nil?
87
+ json_data['data'].each do |http_scan|
88
+ results << OTX::Indicator::IP::HTTPScan.new(http_scan)
89
+ end
90
+ end
91
+
92
+ return results
93
+ end
94
+ end
95
+ end
@@ -0,0 +1,105 @@
1
+ module OTX
2
+ class IP < OTX::Base
3
+ def get_general(ip, type = :ipv4)
4
+ uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/general"
5
+
6
+ json_data = get(uri)
7
+
8
+ general = OTX::Indicator::IP::General.new(json_data)
9
+
10
+ return general
11
+ end
12
+
13
+ def get_reputation(ip, type = :ipv4)
14
+ uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/reputation"
15
+
16
+ json_data = get(uri)
17
+
18
+ if json_data['reputation']
19
+ reputation = OTX::Indicator::IP::Reputation.new(json_data["reputation"])
20
+ end
21
+
22
+ return reputation
23
+ end
24
+
25
+ def get_geo(ip, type = :ipv4)
26
+ uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/geo"
27
+
28
+ json_data = get(uri)
29
+
30
+ geo = OTX::Indicator::IP::Geo.new(json_data)
31
+
32
+ return geo
33
+ end
34
+
35
+ def get_malware(ip, type = :ipv4)
36
+ uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/malware"
37
+ malwares = []
38
+ params = {}
39
+
40
+ begin
41
+ json_data = get(uri, params)
42
+ page = json_data['next']
43
+
44
+ params = URI::decode_www_form(URI(page).query).to_h unless page.nil?
45
+
46
+ malwares += json_data['data']
47
+ end while page && !json_data['data'].empty?
48
+
49
+ results = []
50
+ malwares.each do |malware|
51
+ results << OTX::Indicator::IP::Malware.new(malware)
52
+ end
53
+
54
+ return results
55
+ end
56
+
57
+ def get_url_list(ip, type = :ipv4)
58
+ uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/url_list"
59
+
60
+ page = 0
61
+ url_list = []
62
+ begin
63
+ page += 1
64
+ params = {limit: 20, page: page}
65
+ json_data = get(uri, params)
66
+ has_next = json_data['has_next']
67
+
68
+ url_list += json_data['url_list']
69
+ end while has_next
70
+
71
+ results = []
72
+ url_list.each do |url|
73
+ results << OTX::Indicator::IP::URL.new(url)
74
+ end
75
+
76
+ return results
77
+ end
78
+
79
+ def get_passive_dns(ip, type = :ipv4)
80
+ uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/passive_dns"
81
+
82
+ json_data = get(uri)
83
+
84
+ results = []
85
+ json_data['passive_dns'].each do |dns|
86
+ results << OTX::Indicator::IP::DNS.new(dns)
87
+ end
88
+
89
+ return results
90
+ end
91
+
92
+ def get_http_scans(ip, type = :ipv4)
93
+ uri = "/api/v1/indicators/#{type == :ipv6 ? 'IPv6' : 'IPv4'}/#{ip}/http_scans"
94
+
95
+ json_data = get(uri)
96
+
97
+ results = []
98
+ json_data['data'].each do |http_scan|
99
+ results << OTX::Indicator::IP::HTTPScan.new(http_scan)
100
+ end
101
+
102
+ return results
103
+ end
104
+ end
105
+ end