urlhaus_monitor 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/urlhaus_monitor/entry.rb +77 -26
  3. data/lib/urlhaus_monitor/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0c76d3e7849c7a747f538e71ec181064e3c1ddfd782a776dd575e36787ef3474
4
- data.tar.gz: 7e63116b773fd023bf94a93461765b7d2b89c63fb996968d8c95769e4f90d64e
3
+ metadata.gz: 75302864cc798a6416eb7555f623d2f4fdfaed0e6b4c84699d389f7fea4b507c
4
+ data.tar.gz: ee06d211fe279b4e94bf00e61efe41855ce6e84284404e3c12485fee636a7f82
5
5
  SHA512:
6
- metadata.gz: 88566b40be5de7f2d002bd660b2e74090cc7e2e616503b6c1d8219d9e32aff7e40491d17d81e1b1bc1f6cd9f7a90da3796fceb7e42156d06306f5781bb35a1af
7
- data.tar.gz: bc6304a7279c0ff154f0c9c1c9a735136f5e9a91fd45e049c70dfc2ccdab0f408f04d7e6ac26db1dcd8e5af7d3f68bf4c74c1950008c835f6cb571f737fbd3fa
6
+ metadata.gz: ba1d9cb86ca0e123f3e64458d769b7916dfa1ad5cfef8126c6c757504e4412dd5048b09b93f8e0600b2551ed9cb3d785009914e33708b1f93f6804acf95c4800
7
+ data.tar.gz: ce75f0beaca133ce632659b90c007ee449446f7f70e43cdc604cdfc7ee90b950246bb3ebbf82eab36f85dd8c7165a40bdee67ab523081b12d8adc1c193ae784d
data/lib/urlhaus_monitor/entry.rb CHANGED
@@ -15,16 +15,13 @@ module URLhausMonitor
15
15
 
16
16
  def initialize(line)
17
17
  parts = CSV.parse(line.chomp).flatten
18
- raise ArgumentError, "#{line} is not valid." unless parts.length == 8
18
+ raise ArgumentError, "#{line} is not valid." unless parts.length == 8 || parts.length == 9
19
19
 
20
- @date_added = parts.shift
21
- @url = parts.shift
22
- @url_status = parts.shift
23
- @threat = parts.shift
24
- @host = parts.shift
25
- @ip_address = parts.shift
26
- @asnumber = parts.shift
27
- @country = parts.shift
20
+ if parts.length == 8
21
+ parse_without_tags parts
22
+ else
23
+ parse_with_tags parts
24
+ end
28
25
  end
29
26
 
30
27
  def defanged_url
@@ -32,38 +29,92 @@ module URLhausMonitor
32
29
  end
33
30
 
34
31
  def defanged_host
35
- @defanged_host ||= host.gsub(/\./, "[.]")
32
+ @defanged_host ||= host.gsub(/\./, "[.]")
33
+ end
34
+
35
+ def title
36
+ "#{defanged_url} (#{defanged_host} / #{ip_address} / #{date_added}) : #{threat}"
36
37
  end
37
38
 
38
39
  def vt_link
39
- "https://www.virustotal.com/#/domain/#{host}"
40
+ return nil unless _vt_link
41
+
42
+ {
43
+ type: "button",
44
+ text: "Lookup on VirusTotal",
45
+ url: _vt_link,
46
+ }
47
+ end
48
+
49
+ def urlscan_link
50
+ return nil unless _urlscan_link
51
+
52
+ {
53
+ type: "button",
54
+ text: "Lookup on urlscan.io",
55
+ url: _urlscan_link,
56
+ }
40
57
  end
41
58
 
42
59
  def urlhaus_link
43
- "https://urlhaus.abuse.ch/host/#{host}/"
60
+ return nil unless _urlhaus_link
61
+
62
+ {
63
+ type: "button",
64
+ text: "Lookup on URLhaus",
65
+ url: _urlhaus_link,
66
+ }
44
67
  end
45
68
 
46
- def title
47
- "#{defanged_url} (#{defanged_host} / #{ip_address}) (#{date_added})"
69
+ def actions
70
+ [vt_link, urlscan_link, urlhaus_link].compact
48
71
  end
49
72
 
50
73
  def to_attachements
51
74
  [
52
75
  {
53
- fallback: "urlhaus link",
54
- title: defanged_host,
55
- title_link: urlhaus_link,
56
- footer: "urlhaus.abuse.ch",
57
- footer_icon: "http://www.google.com/s2/favicons?domain=urlhaus.abuse.ch"
58
- },
59
- {
60
- fallback: "vt link",
61
- title: defanged_host,
62
- title_link: vt_link,
63
- footer: "virustotal.com",
64
- footer_icon: "http://www.google.com/s2/favicons?domain=virustotal.com"
76
+ text: defanged_host,
77
+ fallback: "VT & urlscan.io links",
78
+ actions: actions
65
79
  }
66
80
  ]
67
81
  end
82
+
83
+ private
84
+
85
+ def _vt_link
86
+ "https://www.virustotal.com/#/domain/#{host}"
87
+ end
88
+
89
+ def _urlscan_link
90
+ "https://urlscan.io/domain/#{host}"
91
+ end
92
+
93
+ def _urlhaus_link
94
+ "https://urlhaus.abuse.ch/host/#{host}/"
95
+ end
96
+
97
+ def parse_without_tags(parts)
98
+ @date_added = parts.shift
99
+ @url = parts.shift
100
+ @url_status = parts.shift
101
+ @threat = parts.shift
102
+ @host = parts.shift
103
+ @ip_address = parts.shift
104
+ @asnumber = parts.shift
105
+ @country = parts.shift
106
+ end
107
+
108
+ def parse_with_tags(parts)
109
+ @date_added = parts.shift
110
+ @url = parts.shift
111
+ @url_status = parts.shift
112
+ @threat = parts.shift
113
+ @tags = parts.shift
114
+ @host = parts.shift
115
+ @ip_address = parts.shift
116
+ @asnumber = parts.shift
117
+ @country = parts.shift
118
+ end
68
119
  end
69
120
  end
data/lib/urlhaus_monitor/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module URLhausMonitor
4
- VERSION = "0.1.0"
4
+ VERSION = "0.1.1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: urlhaus_monitor
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-03-24 00:00:00.000000000 Z
11
+ date: 2019-05-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler