pulsedive 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: '0892a58aba0128ac35e0ac680639d9c2a22809b5f2c5671e8d761e51f548fa1b'
+  data.tar.gz: c32a9d425841d42ede4aa5ee08e256a7288db142f95956b0b948c1a2e824e5a5
+SHA512:
+  metadata.gz: c32662e0d848b285b3eb0936c9e7621247c4460cdf1e36781404092c58dc0d36f18d4cbf96b937a88dce93fea411b26b8ec7e8dadd83bd2e89441c32a7c2abb6
+  data.tar.gz: d06b91eb9ee0ed3e65de7a9213db2fee73785ad2fb1433945c4cbe199feff497388ad623051234e15e82efa157b616f701a84ce8d664f414653b7b078a8a4e4f

data/.codeclimae.yml

@@ -0,0 +1,13 @@
+
+version: "2"
+prepare:
+  fetch:
+    - url: "https://raw.githubusercontent.com/janlelis/relaxed.ruby.style/master/.rubocop.yml"
+      path: "alternate-rubocop-path.yml"
+plugins:
+  rubocop:
+    enabled: true
+    config:
+      file: "alternate-rubocop-path.yml"
+exclude_patterns:
+  - "spec/**/*"

data/.gitignore

@@ -0,0 +1,53 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# Used by dotenv library to load environment variables.
+.env
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.4.1
+before_install: gem install bundler -v 1.16.3

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at manabu.niseki@gmail.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in pulsedive.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,66 @@
+PATH
+  remote: .
+  specs:
+    pulsedive (0.1.0)
+      activesupport (~> 5.2)
+      thor (~> 0.20)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activesupport (5.2.0)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    concurrent-ruby (1.0.5)
+    crack (0.4.3)
+      safe_yaml (~> 1.0.0)
+    diff-lcs (1.3)
+    dotenv (2.5.0)
+    hashdiff (0.3.7)
+    i18n (1.0.1)
+      concurrent-ruby (~> 1.0)
+    minitest (5.11.3)
+    public_suffix (3.0.2)
+    rake (10.5.0)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.1)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.1)
+    safe_yaml (1.0.4)
+    thor (0.20.0)
+    thread_safe (0.3.6)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    vcr (4.0.0)
+    webmock (3.4.2)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.16)
+  dotenv (~> 2.5)
+  pulsedive!
+  rake (~> 10.0)
+  rspec (~> 3.0)
+  vcr (~> 4.0)
+  webmock (~> 3.4)
+
+BUNDLED WITH
+   1.16.3

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Manabu Niseki
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,140 @@
+# pulsedive-rb
+
+A Ruby library for [Pulsedive](https://pulsedive.com/) API.
+
+[![Build Status](https://travis-ci.org/ninoseki/pulsedive-rb.svg?branch=master)](https://travis-ci.org/ninoseki/pulsedive-rb)
+[![Maintainability](https://api.codeclimate.com/v1/badges/35b08b3018cee65b42a0/maintainability)](https://codeclimate.com/github/ninoseki/pulsedive-rb/maintainability)
+
+Ruby client for the pulsedive API
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'pulsedive'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install pulsedive
+
+## Usage
+
+### As a Library
+
+```rb
+require 'pulsedive'
+
+# When given nothing, it tries to load your Pulsedive API key from ENV["PULSEDIVE_API_KEY]
+api = Pulsedive::API.new
+# or you can pass your API key as an argument
+api = Pulsedive::API.new(YOUR_API_KEY)
+
+## Indicator(https://pulsedive.com/api/?q=indicators)
+api.indicator.get_by_id(2);
+# => {"iid"=>2,"type"=>"domain","indicator"=>"alvoportas.com.br","risk"=>"high", ...
+api.indicator.get_by_value("pulsedive.com")
+# => {"iid"=>53929,"type"=>"domain","indicator"=>"pulsedive.com","risk"=>"none", ...
+api.indicator.get_links_by_id(2)
+# => {"Active DNS"=>[{"iid"=>3,"indicator"=>"187.191.98.202","type"=>"ip","risk"=>"none", ...
+api.indicator.get_properties_by_id(2)
+# => {"dns"=>[{"pid"=>15302704,"stamp_seen"=>"2018-07-12 11:08:32","name"=>"A", ...
+
+## Threat(https://pulsedive.com/api/?q=threats)
+api.threat.get_by_id(1)
+# => {"tid"=>1,"threat"=>"Zeus","category"=>"malware","risk"=>"high","description"=>"", ...
+api.threat.get_by_name("Zeus")
+# => {"tid"=>1,"threat"=>"Zeus","category"=>"malware","risk"=>"high","description"=>"", ...
+api.threat.get_summary_by_id(1)
+# => {"risk"=>{"critical"=>19,"unknown"=>24,"medium"=>47,"high"=>63,"low"=>71,"none"=>368}, ...
+api.threat.get_linked_indicators_by_id(1)
+# #=> {"page_current"=>0,"results"=>[{"iid"=>1,"indicator"=>"afobal.cl","type"=>"domain", ...
+
+## Feeds(https://pulsedive.com/api/?q=feeds)
+api.feed.get_by_id(1)
+# => {"fid"=>1,"feed"=>"Zeus Bad Domains","category"=>"malware","organization"=>"abuse.ch", ...
+api.feed.get_linked_indicators_by_id(1)
+# => {"page_current"=>0,"results"=>[{"iid"=>1,"indicator"=>"afobal.cl","type"=>"domain", ...
+
+## Analyze(https://pulsedive.com/api/?q=analyze)
+api.analyze.add_to_queue("pulsedive.com")
+# => {"success"=>"Added  to queue.","qid"=>11781524}'
+api.analyze.get_results_by_id(11781524)
+# => {"success"=>"Analyzed domain: pulsedive.com","data"=>{"iid"=>"53929","type"=>"domain", ...
+
+## Search(https://pulsedive.com/api/?q=search)
+params = {
+  "search": "feed",
+  "value": "zeus",
+  "category": [
+    "general", "abuse", "attack", "botnet", "crime", "fraud",
+    "group", "malware", "proxy", "pup", "reconnaissance",
+    "spam", "terrorism", "vulnerability"
+  ],
+  "splitrisk": "1"
+}
+api.search(params)
+# => '{"results"=>[{"fid"=>1,"name"=>"Zeus Bad Domains","category"=>"malware", ...
+
+```
+
+### As a CLI
+
+```bash
+$ pulsedive
+Commands:
+  pulsedive analyze COMMAND    # analyze commands
+  pulsedive feed COMMAND       # feed commands
+  pulsedive help [COMMAND]     # Describe available commands or one specific command
+  pulsedive indicator COMMAND  # indicator commands
+  pulsedive threat COMMAND     # threat commands
+
+$ pusledive analyze
+Commands:
+  pulsedive analyze add_to_queue [IOC]      # add ioc to the queue for analysis
+  pulsedive analyze get_results_by_id [ID]  # get analyze result
+  pulsedive analyze help [COMMAND]          # Describe subcommands or one specific subcommand
+
+Options:
+  [--API-KEY=API_KEY]
+
+$ pulsedive feed
+Commands:
+  pulsedive feed get_by_id [ID]                    # get feed by id
+  pulsedive feed get_linked_indicators_by_id [ID]  # get linked indicators by id
+  pulsedive feed help [COMMAND]                    # Describe subcommands or one specific subcommand
+
+Options:
+  [--API-KEY=API_KEY]
+
+$ pulsedive indicator
+Commands:
+  pulsedive indicator get_by_id [ID]             # get indicators by id
+  pulsedive indicator get_by_value [VALUE]       # get indicators by value
+  pulsedive indicator get_links_by_id [ID]       # get links by id
+  pulsedive indicator get_properties_by_id [ID]  # get properties by id
+  pulsedive indicator help [COMMAND]             # Describe subcommands or one specific subcommand
+
+Options:
+  [--API-KEY=API_KEY]
+
+$ pulsedive threat
+Commands:
+  pulsedive threat get_by_id [ID]                    # get threat by id
+  pulsedive threat get_by_name [NAME]                # get threat by name
+  pulsedive threat get_linked_indicators_by_id [ID]  # get linked indicators by id
+  pulsedive threat get_summary_by_id [ID]            # get summary by id
+  pulsedive threat help [COMMAND]                    # Describe subcommands or one specific subcommand
+
+Options:
+  [--API-KEY=API_KEY]
+```
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "pulsedive"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/pulsedive

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require "Pulsedive"
+
+Pulsedive::CLI::Main::start

data/lib/pulsedive.rb

@@ -0,0 +1,17 @@
+require "pulsedive/api"
+require "pulsedive/error"
+require "pulsedive/client"
+
+require "pulsedive/analyze"
+require "pulsedive/search"
+require "pulsedive/feed"
+require "pulsedive/indicator"
+require "pulsedive/threat"
+
+require "pulsedive/cli"
+
+require "pulsedive/version"
+
+module Pulsedive
+  # Your code goes here...
+end

data/lib/pulsedive/analyze.rb

@@ -0,0 +1,21 @@
+require "base64"
+
+module Pulsedive
+  class Analyze < Client
+    def add_to_queue(ioc, enrich = 1, probe = 1)
+      params = {
+        "ioc": Base64.strict_encode64(ioc),
+        "enrich": enrich,
+        "probe": probe,
+      }
+      post("/api/analyze.php", params) { |json| json }
+    end
+
+    def get_results_by_id(id)
+      params = {
+        qid: id
+      }
+      get("/api/analyze.php", params) { |json| json }
+    end
+  end
+end

data/lib/pulsedive/api.rb

@@ -0,0 +1,25 @@
+require "dotenv/load"
+
+module Pulsedive
+  class API
+
+    attr_reader :api_key
+    attr_reader :indicator
+    attr_reader :threat
+    attr_reader :feed
+    attr_reader :analyze
+
+    def initialize(api_key = ENV["PULSEDIVE_API_KEY"])
+      raise(ArgumentError, "'api_key' argument is required") unless api_key
+
+      @indicator = Indicator.new(api_key)
+      @threat = Threat.new(api_key)
+      @feed = Feed.new(api_key)
+      @analyze = Analyze.new(api_key)
+    end
+
+    def search(params)
+      Search.new(api_key).search(params)
+    end
+  end
+end

data/lib/pulsedive/cli.rb

@@ -0,0 +1,147 @@
+require "thor"
+require "json"
+
+module Pulsedive
+  module CLI
+    class Base < Thor
+
+      class_option :API_KEY, type: :string
+
+      no_commands do
+        def api
+          options[:API_KEY] ? API.new(options[:API_KEY]) : API.new
+        end
+
+        def with_error_handling
+          yield
+        rescue ResponseError => e
+          puts "Warning: #{e}"
+        rescue ArgumentError => _
+          puts "Please provide your Pulsedive API key via --API_KEY or ENV['PULSEDIVE_API_KEY']"
+        end
+      end
+    end
+
+    class Indicator < Base
+      desc "get_by_id [ID]", "get indicators by id"
+      def get_by_id(id)
+        with_error_handling do
+          json = api.indicator.get_by_id(id)
+          puts JSON.pretty_generate(json)
+        end
+      end
+
+      desc "get_by_value [VALUE]", "get indicators by value"
+      def get_by_value(value)
+        with_error_handling do
+          json = api.indicator.get_by_value(value)
+          puts JSON.pretty_generate(json)
+        end
+      end
+
+      desc "get_links_by_id [ID]", "get links by id"
+      def get_links_by_id(id)
+        with_error_handling do
+          json = api.indicator.get_links_by_id(id)
+          puts JSON.pretty_generate(json)
+        end
+      end
+
+      desc "get_properties_by_id [ID]", "get properties by id"
+      def get_properties_by_id(id)
+        with_error_handling do
+          json = api.indicator.get_properties_by_id(id)
+          puts JSON.pretty_generate(json)
+        end
+      end
+    end
+
+    class Threat < Base
+      desc "get_by_id [ID]", "get threat by id"
+      def get_by_id(id)
+        with_error_handling do
+          json = api.threat.get_by_id(id)
+          puts JSON.pretty_generate(json)
+        end
+      end
+
+      desc "get_by_name [NAME]", "get threat by name"
+      def get_by_name(name)
+        with_error_handling do
+          json = api.threat.get_by_name(name)
+          puts JSON.pretty_generate(json)
+        end
+      end
+
+      desc "get_summary_by_id [ID]", "get summary by id"
+      def get_summary_by_id(id)
+        with_error_handling do
+          json = api.threat.get_summary_by_id(id)
+          puts JSON.pretty_generate(json)
+        end
+      end
+
+      desc "get_linked_indicators_by_id [ID]", "get linked indicators by id"
+      def get_linked_indicators_by_id(id)
+        with_error_handling do
+          json = api.threat.get_linked_indicators_by_id(id)
+          puts JSON.pretty_generate(json)
+        end
+      end
+    end
+
+    class Feed < Base
+      desc "get_by_id [ID]", "get feed by id"
+      def get_by_id(id)
+        with_error_handling do
+          json = api.feed.get_by_id(id)
+          puts JSON.pretty_generate(json)
+        end
+      end
+
+      desc "get_linked_indicators_by_id [ID]", "get linked indicators by id"
+      def get_linked_indicators_by_id(id)
+        with_error_handling do
+          json = api.feed.get_linked_indicators_by_id(id)
+          puts JSON.pretty_generate(json)
+        end
+      end
+    end
+
+    class Analyze < Base
+      option :enrich, type: :numeric
+      option :probe, type: :numeric
+      desc "add_to_queue [IOC]", "add ioc to the queue for analysis"
+      def add_to_queue(ioc)
+        enrich = options[:enrich] || 1
+        probe = options[:probe] || 1
+        with_error_handling do
+          json = api.analyze.add_to_queue(ioc, enrich, probe)
+          puts JSON.pretty_generate(json)
+        end
+      end
+
+      desc "get_results_by_id [ID]", "get analyze result"
+      def get_results_by_id(id)
+        with_error_handling do
+          json = api.analyze.get_results_by_id(id)
+          puts JSON.pretty_generate(json)
+        end
+      end
+    end
+
+    class Main < Thor
+      desc "indicator COMMAND", "indicator commands"
+      subcommand "indicator", Indicator
+
+      desc "threat COMMAND", "threat commands"
+      subcommand "threat", Threat
+
+      desc "feed COMMAND", "feed commands"
+      subcommand "feed", Feed
+
+      desc "analyze COMMAND", "analyze commands"
+      subcommand "analyze", Analyze
+    end
+  end
+end

data/lib/pulsedive/client.rb

@@ -0,0 +1,70 @@
+require 'net/https'
+require 'active_support'
+require 'active_support/core_ext/hash'
+
+module Pulsedive
+  class Client
+
+    attr_reader :api_key
+
+    HOST = "pulsedive.com".freeze
+    URL = "https://#{HOST}".freeze
+
+    def initialize(api_key)
+      @api_key = api_key
+    end
+
+    private
+
+    def url_for(path)
+      URI(URL + path)
+    end
+
+    def https_options
+      if proxy = ENV["HTTPS_PROXY"] || ENV["https_proxy"]
+        uri = URI(proxy)
+        {
+          proxy_address:  uri.hostname,
+          proxy_port:     uri.port,
+          proxy_from_env: false,
+          use_ssl: true
+        }
+      else
+        { use_ssl: true }
+      end
+    end
+
+    def request(req)
+      Net::HTTP.start(HOST, 443, https_options) do |http|
+        response = http.request(req)
+        if response.code == '200'
+          json = JSON.parse(response.body)
+          if json["error"]
+            raise(ResponseError, json["error"])
+          else
+            yield json
+          end
+        else
+          raise(ResponseError, "unsupported response code returned: #{response.code}")
+        end
+      end
+    end
+
+    def get(path, params, &block)
+      params["key"] = api_key
+
+      url = url_for(path)
+      url.query = params.to_query
+      get = Net::HTTP::Get.new(url)
+      request(get, &block)
+    end
+
+    def post(path, params , &block)
+      params["key"] = api_key
+
+      post = Net::HTTP::Post.new(url_for(path))
+      post.body = URI.encode_www_form(params)
+      request(post, &block)
+    end
+  end
+end

data/lib/pulsedive/error.rb

@@ -0,0 +1,3 @@
+module Pulsedive
+  class ResponseError < StandardError; end
+end

data/lib/pulsedive/feed.rb

@@ -0,0 +1,19 @@
+module Pulsedive
+  class Feed < Client
+    def get_by_id(fid)
+      params = {
+        "fid": fid
+      }
+      get("/api/info.php", params) { |json| json }
+    end
+
+    def get_linked_indicators_by_id(fid, page = 0)
+      params = {
+        "fid": fid,
+        "get": "links",
+        "page": page
+      }
+      get("/api/info.php", params) { |json| json }
+    end
+  end
+end

data/lib/pulsedive/indicator.rb

@@ -0,0 +1,36 @@
+module Pulsedive
+  class Indicator < Client
+
+    def get_by_id(iid, schema = 1)
+      params = {
+        "iid": iid,
+        "schema": schema
+      }
+      get("/api/info.php", params) { |json| json }
+    end
+
+    def get_by_value(indicator)
+      params = {
+        "indicator": indicator
+      }
+      get("/api/info.php", params) { |json| json }
+    end
+
+    def get_links_by_id(iid, page = 0)
+      params = {
+        "iid": iid,
+        "get": "links",
+        "page": page
+      }
+      get("/api/info.php", params) { |json| json }
+    end
+
+    def get_properties_by_id(iid)
+      params = {
+        "iid": iid,
+        "get": "properties"
+      }
+      get("/api/info.php", params) { |json| json }
+    end
+  end
+end

data/lib/pulsedive/response.rb

@@ -0,0 +1,8 @@
+module Pulsedive
+  class Response
+    include Enumerable
+    def initialize(client, params)
+
+    end
+  end
+end

data/lib/pulsedive/search.rb

@@ -0,0 +1,7 @@
+module Pulsedive
+  class Search < Client
+    def search(params)
+      get("/api/search.php", params) { |json| json }
+    end
+  end
+end

data/lib/pulsedive/threat.rb

@@ -0,0 +1,35 @@
+module Pulsedive
+  class Threat < Client
+    def get_by_id(tid)
+      params = {
+        "tid": tid
+      }
+      get("/api/info.php", params) { |json| json }
+    end
+
+    def get_by_name(tname)
+      params = {
+        "tname": tname
+      }
+      get("/api/info.php", params) { |json| json }
+    end
+
+    def get_summary_by_id(tld)
+      params = {
+        "tid": tld,
+        "get": "links",
+        "summary": "1",
+        "splitrisk": "1"
+      }
+      get("/api/info.php", params) { |json| json }
+    end
+
+    def get_linked_indicators_by_id(tld)
+      params = {
+        "tid": tld,
+        "get": "links"
+      }
+      get("/api/info.php", params) { |json| json }
+    end
+  end
+end

data/lib/pulsedive/version.rb

@@ -0,0 +1,3 @@
+module Pulsedive
+  VERSION = "0.1.0".freeze
+end

data/pulsedive.gemspec

@@ -0,0 +1,34 @@
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "pulsedive/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "pulsedive"
+  spec.version       = Pulsedive::VERSION
+  spec.authors       = ["Manabu Niseki"]
+  spec.email         = ["manabu.niseki@gmail.com"]
+
+  spec.summary       = "Ruby library for Pulsedive API"
+  spec.description   = "Ruby library for Pulsedive API"
+  spec.homepage      = "https://github.com/ninoseki/pulsedive-rb"
+  spec.license       = "MIT"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.16"
+  spec.add_development_dependency 'dotenv', '~> 2.5'
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "vcr", "~> 4.0"
+  spec.add_development_dependency "webmock", "~> 3.4"
+
+  spec.add_runtime_dependency "activesupport", "~> 5.2"
+  spec.add_runtime_dependency "thor", "~> 0.20"
+end

metadata

@@ -0,0 +1,183 @@
+--- !ruby/object:Gem::Specification
+name: pulsedive
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Manabu Niseki
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-07-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.5'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.2'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.20'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.20'
+description: Ruby library for Pulsedive API
+email:
+- manabu.niseki@gmail.com
+executables:
+- pulsedive
+extensions: []
+extra_rdoc_files: []
+files:
+- ".codeclimae.yml"
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- exe/pulsedive
+- lib/pulsedive.rb
+- lib/pulsedive/analyze.rb
+- lib/pulsedive/api.rb
+- lib/pulsedive/cli.rb
+- lib/pulsedive/client.rb
+- lib/pulsedive/error.rb
+- lib/pulsedive/feed.rb
+- lib/pulsedive/indicator.rb
+- lib/pulsedive/response.rb
+- lib/pulsedive/search.rb
+- lib/pulsedive/threat.rb
+- lib/pulsedive/version.rb
+- pulsedive.gemspec
+homepage: https://github.com/ninoseki/pulsedive-rb
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Ruby library for Pulsedive API
+test_files: []